SpyBara
Go Premium Account

config-reference.md Codex Docs, 2026-03-07 06:14 UTC → 2026-05-01 18:29 UTC

Inspect the documentation page or source diff for this selected snapshot comparison.

2026
7 Mar 2026, 06:14
14 May 2026, 21:00 14 May 2026, 07:00 13 May 2026, 00:57 12 May 2026, 01:59 11 May 2026, 18:00 7 May 2026, 20:02 7 May 2026, 17:08 5 May 2026, 23:00 2 May 2026, 06:45 2 May 2026, 00:48 1 May 2026, 18:29 30 Apr 2026, 18:36 29 Apr 2026, 12:40 29 Apr 2026, 00:50 25 Apr 2026, 06:37 25 Apr 2026, 00:42 24 Apr 2026, 18:20 24 Apr 2026, 12:28 23 Apr 2026, 18:31 23 Apr 2026, 12:28 23 Apr 2026, 00:46 22 Apr 2026, 18:29 22 Apr 2026, 00:42 21 Apr 2026, 18:29 21 Apr 2026, 12:30 21 Apr 2026, 06:45 20 Apr 2026, 18:26 20 Apr 2026, 06:53 18 Apr 2026, 18:18 17 Apr 2026, 00:44 16 Apr 2026, 18:31 16 Apr 2026, 00:46 15 Apr 2026, 18:31 15 Apr 2026, 06:44 14 Apr 2026, 18:31 14 Apr 2026, 12:29 13 Apr 2026, 18:37 13 Apr 2026, 00:44 12 Apr 2026, 06:38 10 Apr 2026, 18:23 9 Apr 2026, 00:33 8 Apr 2026, 18:32 8 Apr 2026, 00:40 7 Apr 2026, 00:40 2 Apr 2026, 18:23 31 Mar 2026, 06:35 31 Mar 2026, 00:39 28 Mar 2026, 06:26 28 Mar 2026, 00:36 27 Mar 2026, 18:23 27 Mar 2026, 00:39 26 Mar 2026, 18:27 25 Mar 2026, 18:24 23 Mar 2026, 18:22 20 Mar 2026, 00:35 18 Mar 2026, 12:23 18 Mar 2026, 00:36 17 Mar 2026, 18:24 17 Mar 2026, 00:33 16 Mar 2026, 18:25 16 Mar 2026, 12:23 14 Mar 2026, 00:32 13 Mar 2026, 18:15 13 Mar 2026, 00:34 11 Mar 2026, 00:31 9 Mar 2026, 00:34 8 Mar 2026, 18:10 8 Mar 2026, 00:35 7 Mar 2026, 18:10 7 Mar 2026, 06:14 7 Mar 2026, 00:33 6 Mar 2026, 00:38 5 Mar 2026, 18:41 5 Mar 2026, 06:22 5 Mar 2026, 00:34 4 Mar 2026, 18:18 4 Mar 2026, 06:20 3 Mar 2026, 18:20 3 Mar 2026, 00:35 27 Feb 2026, 18:15 24 Feb 2026, 06:27 24 Feb 2026, 00:33 23 Feb 2026, 18:27 21 Feb 2026, 00:33 20 Feb 2026, 12:16 19 Feb 2026, 20:53 19 Feb 2026, 20:37
1 May 2026, 18:29
14 May 2026, 21:00 14 May 2026, 07:00 13 May 2026, 00:57 12 May 2026, 01:59 11 May 2026, 18:00 7 May 2026, 20:02 7 May 2026, 17:08 5 May 2026, 23:00 2 May 2026, 06:45 2 May 2026, 00:48 1 May 2026, 18:29 30 Apr 2026, 18:36 29 Apr 2026, 12:40 29 Apr 2026, 00:50 25 Apr 2026, 06:37 25 Apr 2026, 00:42 24 Apr 2026, 18:20 24 Apr 2026, 12:28 23 Apr 2026, 18:31 23 Apr 2026, 12:28 23 Apr 2026, 00:46 22 Apr 2026, 18:29 22 Apr 2026, 00:42 21 Apr 2026, 18:29 21 Apr 2026, 12:30 21 Apr 2026, 06:45 20 Apr 2026, 18:26 20 Apr 2026, 06:53 18 Apr 2026, 18:18 17 Apr 2026, 00:44 16 Apr 2026, 18:31 16 Apr 2026, 00:46 15 Apr 2026, 18:31 15 Apr 2026, 06:44 14 Apr 2026, 18:31 14 Apr 2026, 12:29 13 Apr 2026, 18:37 13 Apr 2026, 00:44 12 Apr 2026, 06:38 10 Apr 2026, 18:23 9 Apr 2026, 00:33 8 Apr 2026, 18:32 8 Apr 2026, 00:40 7 Apr 2026, 00:40 2 Apr 2026, 18:23 31 Mar 2026, 06:35 31 Mar 2026, 00:39 28 Mar 2026, 06:26 28 Mar 2026, 00:36 27 Mar 2026, 18:23 27 Mar 2026, 00:39 26 Mar 2026, 18:27 25 Mar 2026, 18:24 23 Mar 2026, 18:22 20 Mar 2026, 00:35 18 Mar 2026, 12:23 18 Mar 2026, 00:36 17 Mar 2026, 18:24 17 Mar 2026, 00:33 16 Mar 2026, 18:25 16 Mar 2026, 12:23 14 Mar 2026, 00:32 13 Mar 2026, 18:15 13 Mar 2026, 00:34 11 Mar 2026, 00:31 9 Mar 2026, 00:34 8 Mar 2026, 18:10 8 Mar 2026, 00:35 7 Mar 2026, 18:10 7 Mar 2026, 06:14 7 Mar 2026, 00:33 6 Mar 2026, 00:38 5 Mar 2026, 18:41 5 Mar 2026, 06:22 5 Mar 2026, 00:34 4 Mar 2026, 18:18 4 Mar 2026, 06:20 3 Mar 2026, 18:20 3 Mar 2026, 00:35 27 Feb 2026, 18:15 24 Feb 2026, 06:27 24 Feb 2026, 00:33 23 Feb 2026, 18:27 21 Feb 2026, 00:33 20 Feb 2026, 12:16 19 Feb 2026, 20:53 19 Feb 2026, 20:37
Fri 1 18:29 Sat 2 00:48 Sat 2 06:45 Tue 5 23:00 Thu 7 17:08 Thu 7 20:02 Mon 11 18:00 Tue 12 01:59 Wed 13 00:57 Thu 14 07:00 Thu 14 21:00

config-reference.md +1189 −201

Details

12| --- | --- | --- |12| --- | --- | --- |

13| `agents.<name>.config_file` | `string (path)` | Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role. |13| `agents.<name>.config_file` | `string (path)` | Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role. |

14| `agents.<name>.description` | `string` | Role guidance shown to Codex when choosing and spawning that agent type. |14| `agents.<name>.description` | `string` | Role guidance shown to Codex when choosing and spawning that agent type. |

15| `agents.<name>.nickname_candidates` | `array<string>` | Optional pool of display nicknames for spawned agents in that role. |

15| `agents.job_max_runtime_seconds` | `number` | Default per-worker timeout for `spawn_agents_on_csv` jobs. When unset, the tool falls back to 1800 seconds per worker. |16| `agents.job_max_runtime_seconds` | `number` | Default per-worker timeout for `spawn_agents_on_csv` jobs. When unset, the tool falls back to 1800 seconds per worker. |

16| `agents.max_depth` | `number` | Maximum nesting depth allowed for spawned agent threads (root sessions start at depth 0; default: 1). |17| `agents.max_depth` | `number` | Maximum nesting depth allowed for spawned agent threads (root sessions start at depth 0; default: 1). |

17| `agents.max_threads` | `number` | Maximum number of agent threads that can be open concurrently. |18| `agents.max_threads` | `number` | Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset. |

18| `allow_login_shell` | `boolean` | Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells. |19| `allow_login_shell` | `boolean` | Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells. |

19| `approval_policy` | `untrusted | on-request | never | { reject = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool } }` | Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { reject = { ... } }` to auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs. |20| `analytics.enabled` | `boolean` | Enable or disable analytics for this machine/profile. When unset, the client default applies. |

20| `approval_policy.reject.mcp_elicitations` | `boolean` | When `true`, MCP elicitation prompts are auto-rejected instead of shown to the user. |21| `approval_policy` | `untrusted | on-request | never | { granular = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool, request_permissions = bool, skill_approval = bool } }` | Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { granular = { ... } }` to allow or auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs. |

21| `approval_policy.reject.rules` | `boolean` | When `true`, approvals triggered by execpolicy `prompt` rules are auto-rejected. |22| `approval_policy.granular.mcp_elicitations` | `boolean` | When `true`, MCP elicitation prompts are allowed to surface instead of being auto-rejected. |

22| `approval_policy.reject.sandbox_approval` | `boolean` | When `true`, sandbox escalation approval prompts are auto-rejected. |23| `approval_policy.granular.request_permissions` | `boolean` | When `true`, prompts from the `request_permissions` tool are allowed to surface. |

24| `approval_policy.granular.rules` | `boolean` | When `true`, approvals triggered by execpolicy `prompt` rules are allowed to surface. |

25| `approval_policy.granular.sandbox_approval` | `boolean` | When `true`, sandbox escalation approval prompts are allowed to surface. |

26| `approval_policy.granular.skill_approval` | `boolean` | When `true`, skill-script approval prompts are allowed to surface. |

27| `approvals_reviewer` | `user | auto_review` | Who reviews eligible approval prompts under `on-request` or granular approval policies. Defaults to `user`; `auto_review` uses the reviewer subagent. This setting doesn't change sandboxing or review actions already allowed inside the sandbox. |

23| `apps._default.destructive_enabled` | `boolean` | Default allow/deny for app tools with `destructive_hint = true`. |28| `apps._default.destructive_enabled` | `boolean` | Default allow/deny for app tools with `destructive_hint = true`. |

24| `apps._default.enabled` | `boolean` | Default app enabled state for all apps unless overridden per app. |29| `apps._default.enabled` | `boolean` | Default app enabled state for all apps unless overridden per app. |

25| `apps._default.open_world_enabled` | `boolean` | Default allow/deny for app tools with `open_world_hint = true`. |30| `apps._default.open_world_enabled` | `boolean` | Default allow/deny for app tools with `open_world_hint = true`. |

30| `apps.<id>.open_world_enabled` | `boolean` | Allow or block tools in this app that advertise `open_world_hint = true`. |35| `apps.<id>.open_world_enabled` | `boolean` | Allow or block tools in this app that advertise `open_world_hint = true`. |

31| `apps.<id>.tools.<tool>.approval_mode` | `auto | prompt | approve` | Per-tool approval behavior override for a single app tool. |36| `apps.<id>.tools.<tool>.approval_mode` | `auto | prompt | approve` | Per-tool approval behavior override for a single app tool. |

32| `apps.<id>.tools.<tool>.enabled` | `boolean` | Per-tool enabled override for an app tool (for example `repos/list`). |37| `apps.<id>.tools.<tool>.enabled` | `boolean` | Per-tool enabled override for an app tool (for example `repos/list`). |

38| `auto_review.policy` | `string` | Local Markdown policy instructions for automatic review. Managed `guardian_policy_config` takes precedence. Blank values are ignored. |

33| `background_terminal_max_timeout` | `number` | Maximum poll window in milliseconds for empty `write_stdin` polls (background terminal polling). Default: `300000` (5 minutes). Replaces the older `background_terminal_timeout` key. |39| `background_terminal_max_timeout` | `number` | Maximum poll window in milliseconds for empty `write_stdin` polls (background terminal polling). Default: `300000` (5 minutes). Replaces the older `background_terminal_timeout` key. |

34| `chatgpt_base_url` | `string` | Override the base URL used during the ChatGPT login flow. |40| `chatgpt_base_url` | `string` | Override the base URL used during the ChatGPT login flow. |

35| `check_for_update_on_startup` | `boolean` | Check for Codex updates on startup (set to false only when updates are centrally managed). |41| `check_for_update_on_startup` | `boolean` | Check for Codex updates on startup (set to false only when updates are centrally managed). |

36| `cli_auth_credentials_store` | `file | keyring | auto` | Control where the CLI stores cached credentials (file-based auth.json vs OS keychain). |42| `cli_auth_credentials_store` | `file | keyring | auto` | Control where the CLI stores cached credentials (file-based auth.json vs OS keychain). |

43| `commit_attribution` | `string` | Override the commit co-author trailer text. Set an empty string to disable automatic attribution. |

37| `compact_prompt` | `string` | Inline override for the history compaction prompt. |44| `compact_prompt` | `string` | Inline override for the history compaction prompt. |

45| `default_permissions` | `string` | Name of the default permissions profile to apply to sandboxed tool calls. Built-ins are `:read-only`, `:workspace`, and `:danger-no-sandbox`; custom profile names require matching `[permissions.<name>]` tables. |

38| `developer_instructions` | `string` | Additional developer instructions injected into the session (optional). |46| `developer_instructions` | `string` | Additional developer instructions injected into the session (optional). |

39| `disable_paste_burst` | `boolean` | Disable burst-paste detection in the TUI. |47| `disable_paste_burst` | `boolean` | Disable burst-paste detection in the TUI. |

40| `experimental_compact_prompt_file` | `string (path)` | Load the compaction prompt override from a file (experimental). |48| `experimental_compact_prompt_file` | `string (path)` | Load the compaction prompt override from a file (experimental). |

41| `experimental_use_freeform_apply_patch` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform` or `codex --enable apply_patch_freeform`. |

42| `experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`. |49| `experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`. |

43| `features.apply_patch_freeform` | `boolean` | Expose the freeform `apply_patch` tool (experimental). |

44| `features.apps` | `boolean` | Enable ChatGPT Apps/connectors support (experimental). |50| `features.apps` | `boolean` | Enable ChatGPT Apps/connectors support (experimental). |

45| `features.apps_mcp_gateway` | `boolean` | Route Apps MCP calls through the OpenAI connectors MCP gateway (`https://api.openai.com/v1/connectors/mcp/`) instead of legacy routing (experimental). |51| `features.codex_hooks` | `boolean` | Enable lifecycle hooks loaded from `hooks.json` or inline `[hooks]` config. |

46| `features.child_agents_md` | `boolean` | Append AGENTS.md scope/precedence guidance even when no AGENTS.md is present (experimental). |52| `features.enable_request_compression` | `boolean` | Compress streaming request bodies with zstd when supported (stable; on by default). |

47| `features.collaboration_modes` | `boolean` | Enable collaboration modes such as plan mode (stable; on by default). |53| `features.fast_mode` | `boolean` | Enable Fast mode selection and the `service_tier = "fast"` path (stable; on by default). |

48| `features.multi_agent` | `boolean` | Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait`, `close_agent`, and `spawn_agents_on_csv`) (experimental; off by default). |54| `features.memories` | `boolean` | Enable [Memories](https://developers.openai.com/codex/memories) (off by default). |

55| `features.multi_agent` | `boolean` | Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait_agent`, and `close_agent`) (stable; on by default). |

49| `features.personality` | `boolean` | Enable personality selection controls (stable; on by default). |56| `features.personality` | `boolean` | Enable personality selection controls (stable; on by default). |

50| `features.powershell_utf8` | `boolean` | Force PowerShell UTF-8 output (defaults to true). |57| `features.prevent_idle_sleep` | `boolean` | Prevent the machine from sleeping while a turn is actively running (experimental; off by default). |

51| `features.remote_models` | `boolean` | Refresh remote model list before showing readiness (experimental). |58| `features.shell_snapshot` | `boolean` | Snapshot shell environment to speed up repeated commands (stable; on by default). |

52| `features.request_rule` | `boolean` | Enable Smart approvals (`prefix_rule` suggestions on escalation requests; stable; on by default). |

53| `features.runtime_metrics` | `boolean` | Show runtime metrics summary in TUI turn separators (experimental). |

54| `features.search_tool` | `boolean` | Enable `search_tool_bm25` for Apps tool discovery before invoking app MCP tools (experimental). |

55| `features.shell_snapshot` | `boolean` | Snapshot shell environment to speed up repeated commands (beta). |

56| `features.shell_tool` | `boolean` | Enable the default `shell` tool for running commands (stable; on by default). |59| `features.shell_tool` | `boolean` | Enable the default `shell` tool for running commands (stable; on by default). |

57| `features.unified_exec` | `boolean` | Use the unified PTY-backed exec tool (beta). |60| `features.skill_mcp_dependency_install` | `boolean` | Allow prompting and installing missing MCP dependencies for skills (stable; on by default). |

58| `features.use_linux_sandbox_bwrap` | `boolean` | Use the bubblewrap-based Linux sandbox pipeline (experimental; off by default). |61| `features.undo` | `boolean` | Enable undo support (stable; off by default). |

62| `features.unified_exec` | `boolean` | Use the unified PTY-backed exec tool (stable; enabled by default except on Windows). |

59| `features.web_search` | `boolean` | Deprecated legacy toggle; prefer the top-level `web_search` setting. |63| `features.web_search` | `boolean` | Deprecated legacy toggle; prefer the top-level `web_search` setting. |

60| `features.web_search_cached` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`. |64| `features.web_search_cached` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`. |

61| `features.web_search_request` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`. |65| `features.web_search_request` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`. |

66| `hide_agent_reasoning` | `boolean` | Suppress reasoning events in both the TUI and `codex exec` output. |70| `hide_agent_reasoning` | `boolean` | Suppress reasoning events in both the TUI and `codex exec` output. |

67| `history.max_bytes` | `number` | If set, caps the history file size in bytes by dropping oldest entries. |71| `history.max_bytes` | `number` | If set, caps the history file size in bytes by dropping oldest entries. |

68| `history.persistence` | `save-all | none` | Control whether Codex saves session transcripts to history.jsonl. |72| `history.persistence` | `save-all | none` | Control whether Codex saves session transcripts to history.jsonl. |

69| `include_apply_patch_tool` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`. |73| `hooks` | `table` | Lifecycle hooks configured inline in `config.toml`. Uses the same event schema as `hooks.json`; see the Hooks guide for examples and supported events. |

70| `instructions` | `string` | Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`. |74| `instructions` | `string` | Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`. |

71| `log_dir` | `string (path)` | Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`. |75| `log_dir` | `string (path)` | Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`. |

72| `mcp_oauth_callback_port` | `integer` | Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS. |76| `mcp_oauth_callback_port` | `integer` | Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS. |

81| `mcp_servers.<id>.enabled_tools` | `array<string>` | Allow list of tool names exposed by the MCP server. |85| `mcp_servers.<id>.enabled_tools` | `array<string>` | Allow list of tool names exposed by the MCP server. |

82| `mcp_servers.<id>.env` | `map<string,string>` | Environment variables forwarded to the MCP stdio server. |86| `mcp_servers.<id>.env` | `map<string,string>` | Environment variables forwarded to the MCP stdio server. |

83| `mcp_servers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables for an MCP HTTP server. |87| `mcp_servers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables for an MCP HTTP server. |

84| `mcp_servers.<id>.env_vars` | `array<string>` | Additional environment variables to whitelist for an MCP stdio server. |88| `mcp_servers.<id>.env_vars` | `array<string | { name = string, source = "local" | "remote" }>` | Additional environment variables to whitelist for an MCP stdio server. String entries default to `source = "local"`; use `source = "remote"` only with executor-backed remote stdio. |

89| `mcp_servers.<id>.experimental_environment` | `local | remote` | Experimental placement for an MCP server. `remote` starts stdio servers through a remote executor environment; streamable HTTP remote placement is not implemented. |

85| `mcp_servers.<id>.http_headers` | `map<string,string>` | Static HTTP headers included with each MCP HTTP request. |90| `mcp_servers.<id>.http_headers` | `map<string,string>` | Static HTTP headers included with each MCP HTTP request. |

91| `mcp_servers.<id>.oauth_resource` | `string` | Optional RFC 8707 OAuth resource parameter to include during MCP login. |

86| `mcp_servers.<id>.required` | `boolean` | When true, fail startup/resume if this enabled MCP server cannot initialize. |92| `mcp_servers.<id>.required` | `boolean` | When true, fail startup/resume if this enabled MCP server cannot initialize. |

93| `mcp_servers.<id>.scopes` | `array<string>` | OAuth scopes to request when authenticating to that MCP server. |

87| `mcp_servers.<id>.startup_timeout_ms` | `number` | Alias for `startup_timeout_sec` in milliseconds. |94| `mcp_servers.<id>.startup_timeout_ms` | `number` | Alias for `startup_timeout_sec` in milliseconds. |

88| `mcp_servers.<id>.startup_timeout_sec` | `number` | Override the default 10s startup timeout for an MCP server. |95| `mcp_servers.<id>.startup_timeout_sec` | `number` | Override the default 10s startup timeout for an MCP server. |

89| `mcp_servers.<id>.tool_timeout_sec` | `number` | Override the default 60s per-tool timeout for an MCP server. |96| `mcp_servers.<id>.tool_timeout_sec` | `number` | Override the default 60s per-tool timeout for an MCP server. |

90| `mcp_servers.<id>.url` | `string` | Endpoint for an MCP streamable HTTP server. |97| `mcp_servers.<id>.url` | `string` | Endpoint for an MCP streamable HTTP server. |

91| `model` | `string` | Model to use (e.g., `gpt-5-codex`). |98| `memories.consolidation_model` | `string` | Optional model override for global memory consolidation. |

99| `memories.disable_on_external_context` | `boolean` | When `true`, threads that use external context such as MCP tool calls, web search, or tool search are kept out of memory generation. Defaults to `false`. Legacy alias: `memories.no_memories_if_mcp_or_web_search`. |

100| `memories.extract_model` | `string` | Optional model override for per-thread memory extraction. |

101| `memories.generate_memories` | `boolean` | When `false`, newly created threads are not stored as memory-generation inputs. Defaults to `true`. |

102| `memories.max_raw_memories_for_consolidation` | `number` | Maximum recent raw memories retained for global consolidation. Defaults to `256` and is capped at `4096`. |

103| `memories.max_rollout_age_days` | `number` | Maximum age of threads considered for memory generation. Defaults to `30` and is clamped to `0`-`90`. |

104| `memories.max_rollouts_per_startup` | `number` | Maximum rollout candidates processed per startup pass. Defaults to `16` and is capped at `128`. |

105| `memories.max_unused_days` | `number` | Maximum days since a memory was last used before it becomes ineligible for consolidation. Defaults to `30` and is clamped to `0`-`365`. |

106| `memories.min_rate_limit_remaining_percent` | `number` | Minimum remaining percentage required in Codex rate-limit windows before memory generation starts. Defaults to `25` and is clamped to `0`-`100`. |

107| `memories.min_rollout_idle_hours` | `number` | Minimum idle time before a thread is considered for memory generation. Defaults to `6` and is clamped to `1`-`48`. |

108| `memories.use_memories` | `boolean` | When `false`, Codex skips injecting existing memories into future sessions. Defaults to `true`. |

109| `model` | `string` | Model to use (e.g., `gpt-5.5`). |

92| `model_auto_compact_token_limit` | `number` | Token threshold that triggers automatic history compaction (unset uses model defaults). |110| `model_auto_compact_token_limit` | `number` | Token threshold that triggers automatic history compaction (unset uses model defaults). |

93| `model_catalog_json` | `string (path)` | Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile. |111| `model_catalog_json` | `string (path)` | Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile. |

94| `model_context_window` | `number` | Context window tokens available to the active model. |112| `model_context_window` | `number` | Context window tokens available to the active model. |

95| `model_instructions_file` | `string (path)` | Replacement for built-in instructions instead of `AGENTS.md`. |113| `model_instructions_file` | `string (path)` | Replacement for built-in instructions instead of `AGENTS.md`. |

96| `model_provider` | `string` | Provider id from `model_providers` (default: `openai`). |114| `model_provider` | `string` | Provider id from `model_providers` (default: `openai`). |

115| `model_providers.<id>` | `table` | Custom provider definition. Built-in provider IDs (`openai`, `ollama`, and `lmstudio`) are reserved and cannot be overridden. |

116| `model_providers.<id>.auth` | `table` | Command-backed bearer token configuration for a custom provider. Do not combine with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`. |

117| `model_providers.<id>.auth.args` | `array<string>` | Arguments passed to the token command. |

118| `model_providers.<id>.auth.command` | `string` | Command to run when Codex needs a bearer token. The command must print the token to stdout. |

119| `model_providers.<id>.auth.cwd` | `string (path)` | Working directory for the token command. |

120| `model_providers.<id>.auth.refresh_interval_ms` | `number` | How often Codex proactively refreshes the token in milliseconds (default: 300000). Set to `0` to refresh only after an authentication retry. |

121| `model_providers.<id>.auth.timeout_ms` | `number` | Maximum token command runtime in milliseconds (default: 5000). |

97| `model_providers.<id>.base_url` | `string` | API base URL for the model provider. |122| `model_providers.<id>.base_url` | `string` | API base URL for the model provider. |

98| `model_providers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables when present. |123| `model_providers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables when present. |

99| `model_providers.<id>.env_key` | `string` | Environment variable supplying the provider API key. |124| `model_providers.<id>.env_key` | `string` | Environment variable supplying the provider API key. |

106| `model_providers.<id>.requires_openai_auth` | `boolean` | The provider uses OpenAI authentication (defaults to false). |131| `model_providers.<id>.requires_openai_auth` | `boolean` | The provider uses OpenAI authentication (defaults to false). |

107| `model_providers.<id>.stream_idle_timeout_ms` | `number` | Idle timeout for SSE streams in milliseconds (default: 300000). |132| `model_providers.<id>.stream_idle_timeout_ms` | `number` | Idle timeout for SSE streams in milliseconds (default: 300000). |

108| `model_providers.<id>.stream_max_retries` | `number` | Retry count for SSE streaming interruptions (default: 5). |133| `model_providers.<id>.stream_max_retries` | `number` | Retry count for SSE streaming interruptions (default: 5). |

109| `model_providers.<id>.wire_api` | `chat | responses` | Protocol used by the provider (defaults to `chat` if omitted). |134| `model_providers.<id>.supports_websockets` | `boolean` | Whether that provider supports the Responses API WebSocket transport. |

135| `model_providers.<id>.wire_api` | `responses` | Protocol used by the provider. `responses` is the only supported value, and it is the default when omitted. |

136| `model_providers.amazon-bedrock.aws.profile` | `string` | AWS profile name used by the built-in `amazon-bedrock` provider. |

137| `model_providers.amazon-bedrock.aws.region` | `string` | AWS region used by the built-in `amazon-bedrock` provider. |

110| `model_reasoning_effort` | `minimal | low | medium | high | xhigh` | Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent). |138| `model_reasoning_effort` | `minimal | low | medium | high | xhigh` | Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent). |

111| `model_reasoning_summary` | `auto | concise | detailed | none` | Select reasoning summary detail or disable summaries entirely. |139| `model_reasoning_summary` | `auto | concise | detailed | none` | Select reasoning summary detail or disable summaries entirely. |

112| `model_supports_reasoning_summaries` | `boolean` | Force Codex to send or not send reasoning metadata. |140| `model_supports_reasoning_summaries` | `boolean` | Force Codex to send or not send reasoning metadata. |

113| `model_verbosity` | `low | medium | high` | Control GPT-5 Responses API verbosity (defaults to `medium`). |141| `model_verbosity` | `low | medium | high` | Optional GPT-5 Responses API verbosity override; when unset, the selected model/preset default is used. |

114| `notice.hide_full_access_warning` | `boolean` | Track acknowledgement of the full access warning prompt. |142| `notice.hide_full_access_warning` | `boolean` | Track acknowledgement of the full access warning prompt. |

115| `notice.hide_gpt-5.1-codex-max_migration_prompt` | `boolean` | Track acknowledgement of the gpt-5.1-codex-max migration prompt. |143| `notice.hide_gpt-5.1-codex-max_migration_prompt` | `boolean` | Track acknowledgement of the gpt-5.1-codex-max migration prompt. |

116| `notice.hide_gpt5_1_migration_prompt` | `boolean` | Track acknowledgement of the GPT-5.1 migration prompt. |144| `notice.hide_gpt5_1_migration_prompt` | `boolean` | Track acknowledgement of the GPT-5.1 migration prompt. |

118| `notice.hide_world_writable_warning` | `boolean` | Track acknowledgement of the Windows world-writable directories warning. |146| `notice.hide_world_writable_warning` | `boolean` | Track acknowledgement of the Windows world-writable directories warning. |

119| `notice.model_migrations` | `map<string,string>` | Track acknowledged model migrations as old->new mappings. |147| `notice.model_migrations` | `map<string,string>` | Track acknowledged model migrations as old->new mappings. |

120| `notify` | `array<string>` | Command invoked for notifications; receives a JSON payload from Codex. |148| `notify` | `array<string>` | Command invoked for notifications; receives a JSON payload from Codex. |

149| `openai_base_url` | `string` | Base URL override for the built-in `openai` model provider. |

121| `oss_provider` | `lmstudio | ollama` | Default local provider used when running with `--oss` (defaults to prompting if unset). |150| `oss_provider` | `lmstudio | ollama` | Default local provider used when running with `--oss` (defaults to prompting if unset). |

122| `otel.environment` | `string` | Environment tag applied to emitted OpenTelemetry events (default: `dev`). |151| `otel.environment` | `string` | Environment tag applied to emitted OpenTelemetry events (default: `dev`). |

123| `otel.exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry exporter and provide any endpoint metadata. |152| `otel.exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry exporter and provide any endpoint metadata. |

128| `otel.exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL exporter TLS. |157| `otel.exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL exporter TLS. |

129| `otel.exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL exporter TLS. |158| `otel.exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL exporter TLS. |

130| `otel.log_user_prompt` | `boolean` | Opt in to exporting raw user prompts with OpenTelemetry logs. |159| `otel.log_user_prompt` | `boolean` | Opt in to exporting raw user prompts with OpenTelemetry logs. |

160| `otel.metrics_exporter` | `none | statsig | otlp-http | otlp-grpc` | Select the OpenTelemetry metrics exporter (defaults to `statsig`). |

131| `otel.trace_exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry trace exporter and provide any endpoint metadata. |161| `otel.trace_exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry trace exporter and provide any endpoint metadata. |

132| `otel.trace_exporter.<id>.endpoint` | `string` | Trace exporter endpoint for OTEL logs. |162| `otel.trace_exporter.<id>.endpoint` | `string` | Trace exporter endpoint for OTEL logs. |

133| `otel.trace_exporter.<id>.headers` | `map<string,string>` | Static headers included with OTEL trace exporter requests. |163| `otel.trace_exporter.<id>.headers` | `map<string,string>` | Static headers included with OTEL trace exporter requests. |

135| `otel.trace_exporter.<id>.tls.ca-certificate` | `string` | CA certificate path for OTEL trace exporter TLS. |165| `otel.trace_exporter.<id>.tls.ca-certificate` | `string` | CA certificate path for OTEL trace exporter TLS. |

136| `otel.trace_exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL trace exporter TLS. |166| `otel.trace_exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL trace exporter TLS. |

137| `otel.trace_exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL trace exporter TLS. |167| `otel.trace_exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL trace exporter TLS. |

168| `permissions.<name>.filesystem` | `table` | Named filesystem permission profile. Each key is an absolute path or special token such as `:minimal` or `:project_roots`. |

169| `permissions.<name>.filesystem.":project_roots".<subpath-or-glob>` | `"read" | "write" | "none"` | Scoped filesystem access relative to the detected project roots. Use `"."` for the root itself; glob subpaths such as `"**/*.env"` can deny reads with `"none"`. |

170| `permissions.<name>.filesystem.<path-or-glob>` | `"read" | "write" | "none" | table` | Grant direct access for a path, glob pattern, or special token, or scope nested entries under that root. Use `"none"` to deny reads for matching paths. |

171| `permissions.<name>.filesystem.glob_scan_max_depth` | `number` | Maximum depth for expanding deny-read glob patterns on platforms that snapshot matches before sandbox startup. Must be at least `1` when set. |

172| `permissions.<name>.network.allow_local_binding` | `boolean` | Permit local bind/listen operations through the managed proxy. |

173| `permissions.<name>.network.allow_upstream_proxy` | `boolean` | Allow the managed proxy to chain to another upstream proxy. |

174| `permissions.<name>.network.dangerously_allow_all_unix_sockets` | `boolean` | Allow the proxy to use arbitrary Unix sockets instead of the default restricted set. |

175| `permissions.<name>.network.dangerously_allow_non_loopback_proxy` | `boolean` | Permit non-loopback bind addresses for the managed proxy listener. |

176| `permissions.<name>.network.domains` | `map<string, allow | deny>` | Domain rules for the managed proxy. Use domain names or wildcard patterns as keys, with `allow` or `deny` values. |

177| `permissions.<name>.network.enable_socks5` | `boolean` | Expose a SOCKS5 listener when this permissions profile enables the managed network proxy. |

178| `permissions.<name>.network.enable_socks5_udp` | `boolean` | Allow UDP over the SOCKS5 listener when enabled. |

179| `permissions.<name>.network.enabled` | `boolean` | Enable network access for this named permissions profile. |

180| `permissions.<name>.network.mode` | `limited | full` | Network proxy mode used for subprocess traffic. |

181| `permissions.<name>.network.proxy_url` | `string` | HTTP proxy endpoint used when this permissions profile enables the managed network proxy. |

182| `permissions.<name>.network.socks_url` | `string` | SOCKS5 proxy endpoint used by this permissions profile. |

183| `permissions.<name>.network.unix_sockets` | `map<string, allow | none>` | Unix socket rules for the managed proxy. Use socket paths as keys, with `allow` or `none` values. |

138| `personality` | `none | friendly | pragmatic` | Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`. |184| `personality` | `none | friendly | pragmatic` | Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`. |

185| `plan_mode_reasoning_effort` | `none | minimal | low | medium | high | xhigh` | Plan-mode-specific reasoning override. When unset, Plan mode uses its built-in preset default. |

139| `profile` | `string` | Default profile applied at startup (equivalent to `--profile`). |186| `profile` | `string` | Default profile applied at startup (equivalent to `--profile`). |

140| `profiles.<name>.*` | `various` | Profile-scoped overrides for any of the supported configuration keys. |187| `profiles.<name>.*` | `various` | Profile-scoped overrides for any of the supported configuration keys. |

141| `profiles.<name>.experimental_use_freeform_apply_patch` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`. |188| `profiles.<name>.analytics.enabled` | `boolean` | Profile-scoped analytics enablement override. |

142| `profiles.<name>.experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec`. |189| `profiles.<name>.experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec`. |

143| `profiles.<name>.include_apply_patch_tool` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`. |

144| `profiles.<name>.model_catalog_json` | `string (path)` | Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile). |190| `profiles.<name>.model_catalog_json` | `string (path)` | Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile). |

191| `profiles.<name>.model_instructions_file` | `string (path)` | Profile-scoped replacement for the built-in instruction file. |

145| `profiles.<name>.oss_provider` | `lmstudio | ollama` | Profile-scoped OSS provider for `--oss` sessions. |192| `profiles.<name>.oss_provider` | `lmstudio | ollama` | Profile-scoped OSS provider for `--oss` sessions. |

146| `profiles.<name>.personality` | `none | friendly | pragmatic` | Profile-scoped communication style override for supported models. |193| `profiles.<name>.personality` | `none | friendly | pragmatic` | Profile-scoped communication style override for supported models. |

194| `profiles.<name>.plan_mode_reasoning_effort` | `none | minimal | low | medium | high | xhigh` | Profile-scoped Plan-mode reasoning override. |

195| `profiles.<name>.service_tier` | `flex | fast` | Profile-scoped service tier preference for new turns. |

196| `profiles.<name>.tools_view_image` | `boolean` | Enable or disable the `view_image` tool in that profile. |

147| `profiles.<name>.web_search` | `disabled | cached | live` | Profile-scoped web search mode override (default: `"cached"`). |197| `profiles.<name>.web_search` | `disabled | cached | live` | Profile-scoped web search mode override (default: `"cached"`). |

198| `profiles.<name>.windows.sandbox` | `unelevated | elevated` | Profile-scoped Windows sandbox mode override. |

148| `project_doc_fallback_filenames` | `array<string>` | Additional filenames to try when `AGENTS.md` is missing. |199| `project_doc_fallback_filenames` | `array<string>` | Additional filenames to try when `AGENTS.md` is missing. |

149| `project_doc_max_bytes` | `number` | Maximum bytes read from `AGENTS.md` when building project instructions. |200| `project_doc_max_bytes` | `number` | Maximum bytes read from `AGENTS.md` when building project instructions. |

150| `project_root_markers` | `array<string>` | List of project root marker filenames; used when searching parent directories for the project root. |201| `project_root_markers` | `array<string>` | List of project root marker filenames; used when searching parent directories for the project root. |

151| `projects.<path>.trust_level` | `string` | Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers. |202| `projects.<path>.trust_level` | `string` | Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers, including project-local config, hooks, and rules. |

152| `review_model` | `string` | Optional model override used by `/review` (defaults to the current session model). |203| `review_model` | `string` | Optional model override used by `/review` (defaults to the current session model). |

153| `sandbox_mode` | `read-only | workspace-write | danger-full-access` | Sandbox policy for filesystem and network access during command execution. |204| `sandbox_mode` | `read-only | workspace-write | danger-full-access` | Sandbox policy for filesystem and network access during command execution. |

154| `sandbox_workspace_write.exclude_slash_tmp` | `boolean` | Exclude `/tmp` from writable roots in workspace-write mode. |205| `sandbox_workspace_write.exclude_slash_tmp` | `boolean` | Exclude `/tmp` from writable roots in workspace-write mode. |

155| `sandbox_workspace_write.exclude_tmpdir_env_var` | `boolean` | Exclude `$TMPDIR` from writable roots in workspace-write mode. |206| `sandbox_workspace_write.exclude_tmpdir_env_var` | `boolean` | Exclude `$TMPDIR` from writable roots in workspace-write mode. |

156| `sandbox_workspace_write.network_access` | `boolean` | Allow outbound network access inside the workspace-write sandbox. |207| `sandbox_workspace_write.network_access` | `boolean` | Allow outbound network access inside the workspace-write sandbox. |

157| `sandbox_workspace_write.writable_roots` | `array<string>` | Additional writable roots when `sandbox_mode = "workspace-write"`. |208| `sandbox_workspace_write.writable_roots` | `array<string>` | Additional writable roots when `sandbox_mode = "workspace-write"`. |

209| `service_tier` | `flex | fast` | Preferred service tier for new turns. |

158| `shell_environment_policy.exclude` | `array<string>` | Glob patterns for removing environment variables after the defaults. |210| `shell_environment_policy.exclude` | `array<string>` | Glob patterns for removing environment variables after the defaults. |

159| `shell_environment_policy.experimental_use_profile` | `boolean` | Use the user shell profile when spawning subprocesses. |211| `shell_environment_policy.experimental_use_profile` | `boolean` | Use the user shell profile when spawning subprocesses. |

160| `shell_environment_policy.ignore_default_excludes` | `boolean` | Keep variables containing KEY/SECRET/TOKEN before other filters run. |212| `shell_environment_policy.ignore_default_excludes` | `boolean` | Keep variables containing KEY/SECRET/TOKEN before other filters run. |

168| `sqlite_home` | `string (path)` | Directory where Codex stores the SQLite-backed state DB used by agent jobs and other resumable runtime state. |220| `sqlite_home` | `string (path)` | Directory where Codex stores the SQLite-backed state DB used by agent jobs and other resumable runtime state. |

169| `suppress_unstable_features_warning` | `boolean` | Suppress the warning that appears when under-development feature flags are enabled. |221| `suppress_unstable_features_warning` | `boolean` | Suppress the warning that appears when under-development feature flags are enabled. |

170| `tool_output_token_limit` | `number` | Token budget for storing individual tool/function outputs in history. |222| `tool_output_token_limit` | `number` | Token budget for storing individual tool/function outputs in history. |

171| `tools.web_search` | `boolean` | Deprecated legacy toggle for web search; prefer the top-level `web_search` setting. |223| `tool_suggest.disabled_tools` | `array<table>` | Disable suggestions for specific discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`. |

224| `tool_suggest.discoverables` | `array<table>` | Allow tool suggestions for additional discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`. |

225| `tools.view_image` | `boolean` | Enable the local-image attachment tool `view_image`. |

226| `tools.web_search` | `boolean | { context_size = "low|medium|high", allowed_domains = [string], location = { country, region, city, timezone } }` | Optional web search tool configuration. The legacy boolean form is still accepted, but the object form lets you set search context size, allowed domains, and approximate user location. |

172| `tui` | `table` | TUI-specific options such as enabling inline desktop notifications. |227| `tui` | `table` | TUI-specific options such as enabling inline desktop notifications. |

173| `tui.alternate_screen` | `auto | always | never` | Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback). |228| `tui.alternate_screen` | `auto | always | never` | Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback). |

174| `tui.animations` | `boolean` | Enable terminal animations (welcome screen, shimmer, spinner) (default: true). |229| `tui.animations` | `boolean` | Enable terminal animations (welcome screen, shimmer, spinner) (default: true). |

175| `tui.notification_method` | `auto | osc9 | bel` | Notification method for unfocused terminal notifications (default: auto). |230| `tui.keymap.<context>.<action>` | `string | array<string>` | Keyboard shortcut binding for a TUI action. Supported contexts include `global`, `chat`, `composer`, `editor`, `pager`, `list`, and `approval`; context-specific bindings override `tui.keymap.global`. |

231| `tui.keymap.<context>.<action> = []` | `empty array` | Unbind the action in that keymap context. Key names use normalized strings such as `ctrl-a`, `shift-enter`, or `page-down`. |

232| `tui.model_availability_nux.<model>` | `integer` | Internal startup-tooltip state keyed by model slug. |

233| `tui.notification_condition` | `unfocused | always` | Control whether TUI notifications fire only when the terminal is unfocused or regardless of focus. Defaults to `unfocused`. |

234| `tui.notification_method` | `auto | osc9 | bel` | Notification method for terminal notifications (default: auto). |

176| `tui.notifications` | `boolean | array<string>` | Enable TUI notifications; optionally restrict to specific event types. |235| `tui.notifications` | `boolean | array<string>` | Enable TUI notifications; optionally restrict to specific event types. |

177| `tui.show_tooltips` | `boolean` | Show onboarding tooltips in the TUI welcome screen (default: true). |236| `tui.show_tooltips` | `boolean` | Show onboarding tooltips in the TUI welcome screen (default: true). |

178| `tui.status_line` | `array<string> | null` | Ordered list of TUI footer status-line item identifiers. `null` disables the status line. |237| `tui.status_line` | `array<string> | null` | Ordered list of TUI footer status-line item identifiers. `null` disables the status line. |

238| `tui.terminal_title` | `array<string> | null` | Ordered list of terminal window/tab title item identifiers. Defaults to `["spinner", "project"]`; `null` disables title updates. |

239| `tui.theme` | `string` | Syntax-highlighting theme override (kebab-case theme name). |

179| `web_search` | `disabled | cached | live` | Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool. |240| `web_search` | `disabled | cached | live` | Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool. |

180| `windows_wsl_setup_acknowledged` | `boolean` | Track Windows onboarding acknowledgement (Windows only). |241| `windows_wsl_setup_acknowledged` | `boolean` | Track Windows onboarding acknowledgement (Windows only). |

181| `windows.sandbox` | `unelevated | elevated` | Windows-only native sandbox mode when running Codex natively on Windows. |242| `windows.sandbox` | `unelevated | elevated` | Windows-only native sandbox mode when running Codex natively on Windows. |

243| `windows.sandbox_private_desktop` | `boolean` | Run the final sandboxed child process on a private desktop by default on native Windows. Set `false` only for compatibility with the older `Winsta0\\Default` behavior. |

182 244 

183Key245Key

184 246 

206 268 

207Key269Key

208 270 

271`agents.<name>.nickname_candidates`

272 

273Type / Values

274 

275`array<string>`

276 

277Details

278 

279Optional pool of display nicknames for spawned agents in that role.

280 

281Key

282 

209`agents.job_max_runtime_seconds`283`agents.job_max_runtime_seconds`

210 284 

211Type / Values285Type / Values

238 312 

239Details313Details

240 314 

241Maximum number of agent threads that can be open concurrently.315Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset.

242 316 

243Key317Key

244 318 

254 328 

255Key329Key

256 330 

331`analytics.enabled`

332 

333Type / Values

334 

335`boolean`

336 

337Details

338 

339Enable or disable analytics for this machine/profile. When unset, the client default applies.

340 

341Key

342 

257`approval_policy`343`approval_policy`

258 344 

259Type / Values345Type / Values

260 346 

261`untrusted | on-request | never | { reject = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool } }`347`untrusted | on-request | never | { granular = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool, request_permissions = bool, skill_approval = bool } }`

348 

349Details

350 

351Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { granular = { ... } }` to allow or auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs.

352 

353Key

354 

355`approval_policy.granular.mcp_elicitations`

356 

357Type / Values

358 

359`boolean`

360 

361Details

362 

363When `true`, MCP elicitation prompts are allowed to surface instead of being auto-rejected.

364 

365Key

366 

367`approval_policy.granular.request_permissions`

368 

369Type / Values

370 

371`boolean`

262 372 

263Details373Details

264 374 

265Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { reject = { ... } }` to auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs.375When `true`, prompts from the `request_permissions` tool are allowed to surface.

266 376 

267Key377Key

268 378 

269`approval_policy.reject.mcp_elicitations`379`approval_policy.granular.rules`

270 380 

271Type / Values381Type / Values

272 382 

274 384 

275Details385Details

276 386 

277When `true`, MCP elicitation prompts are auto-rejected instead of shown to the user.387When `true`, approvals triggered by execpolicy `prompt` rules are allowed to surface.

278 388 

279Key389Key

280 390 

281`approval_policy.reject.rules`391`approval_policy.granular.sandbox_approval`

282 392 

283Type / Values393Type / Values

284 394 

286 396 

287Details397Details

288 398 

289When `true`, approvals triggered by execpolicy `prompt` rules are auto-rejected.399When `true`, sandbox escalation approval prompts are allowed to surface.

290 400 

291Key401Key

292 402 

293`approval_policy.reject.sandbox_approval`403`approval_policy.granular.skill_approval`

294 404 

295Type / Values405Type / Values

296 406 

298 408 

299Details409Details

300 410 

301When `true`, sandbox escalation approval prompts are auto-rejected.411When `true`, skill-script approval prompts are allowed to surface.

412 

413Key

414 

415`approvals_reviewer`

416 

417Type / Values

418 

419`user | auto_review`

420 

421Details

422 

423Who reviews eligible approval prompts under `on-request` or granular approval policies. Defaults to `user`; `auto_review` uses the reviewer subagent. This setting doesn't change sandboxing or review actions already allowed inside the sandbox.

302 424 

303Key425Key

304 426 

422 544 

423Key545Key

424 546 

547`auto_review.policy`

548 

549Type / Values

550 

551`string`

552 

553Details

554 

555Local Markdown policy instructions for automatic review. Managed `guardian_policy_config` takes precedence. Blank values are ignored.

556 

557Key

558 

425`background_terminal_max_timeout`559`background_terminal_max_timeout`

426 560 

427Type / Values561Type / Values

470 604 

471Key605Key

472 606 

473`compact_prompt`607`commit_attribution`

474 608 

475Type / Values609Type / Values

476 610 

478 612 

479Details613Details

480 614 

481Inline override for the history compaction prompt.615Override the commit co-author trailer text. Set an empty string to disable automatic attribution.

482 616 

483Key617Key

484 618 

485`developer_instructions`619`compact_prompt`

486 620 

487Type / Values621Type / Values

488 622 

490 624 

491Details625Details

492 626 

493Additional developer instructions injected into the session (optional).627Inline override for the history compaction prompt.

494 628 

495Key629Key

496 630 

497`disable_paste_burst`631`default_permissions`

498 632 

499Type / Values633Type / Values

500 634 

501`boolean`635`string`

502 636 

503Details637Details

504 638 

505Disable burst-paste detection in the TUI.639Name of the default permissions profile to apply to sandboxed tool calls. Built-ins are `:read-only`, `:workspace`, and `:danger-no-sandbox`; custom profile names require matching `[permissions.<name>]` tables.

506 640 

507Key641Key

508 642 

509`experimental_compact_prompt_file`643`developer_instructions`

510 644 

511Type / Values645Type / Values

512 646 

513`string (path)`647`string`

514 648 

515Details649Details

516 650 

517Load the compaction prompt override from a file (experimental).651Additional developer instructions injected into the session (optional).

518 652 

519Key653Key

520 654 

521`experimental_use_freeform_apply_patch`655`disable_paste_burst`

522 656 

523Type / Values657Type / Values

524 658 

526 660 

527Details661Details

528 662 

529Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform` or `codex --enable apply_patch_freeform`.663Disable burst-paste detection in the TUI.

530 664 

531Key665Key

532 666 

533`experimental_use_unified_exec_tool`667`experimental_compact_prompt_file`

534 668 

535Type / Values669Type / Values

536 670 

537`boolean`671`string (path)`

538 672 

539Details673Details

540 674 

541Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`.675Load the compaction prompt override from a file (experimental).

542 676 

543Key677Key

544 678 

545`features.apply_patch_freeform`679`experimental_use_unified_exec_tool`

546 680 

547Type / Values681Type / Values

548 682 

550 684 

551Details685Details

552 686 

553Expose the freeform `apply_patch` tool (experimental).687Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`.

554 688 

555Key689Key

556 690 

566 700 

567Key701Key

568 702 

569`features.apps_mcp_gateway`703`features.codex_hooks`

570 

571Type / Values

572 

573`boolean`

574 

575Details

576 

577Route Apps MCP calls through the OpenAI connectors MCP gateway (`https://api.openai.com/v1/connectors/mcp/`) instead of legacy routing (experimental).

578 

579Key

580 

581`features.child_agents_md`

582 704 

583Type / Values705Type / Values

584 706 

586 708 

587Details709Details

588 710 

589Append AGENTS.md scope/precedence guidance even when no AGENTS.md is present (experimental).711Enable lifecycle hooks loaded from `hooks.json` or inline `[hooks]` config.

590 712 

591Key713Key

592 714 

593`features.collaboration_modes`715`features.enable_request_compression`

594 716 

595Type / Values717Type / Values

596 718 

598 720 

599Details721Details

600 722 

601Enable collaboration modes such as plan mode (stable; on by default).723Compress streaming request bodies with zstd when supported (stable; on by default).

602 724 

603Key725Key

604 726 

605`features.multi_agent`727`features.fast_mode`

606 728 

607Type / Values729Type / Values

608 730 

610 732 

611Details733Details

612 734 

613Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait`, `close_agent`, and `spawn_agents_on_csv`) (experimental; off by default).735Enable Fast mode selection and the `service_tier = "fast"` path (stable; on by default).

614 736 

615Key737Key

616 738 

617`features.personality`739`features.memories`

618 740 

619Type / Values741Type / Values

620 742 

622 744 

623Details745Details

624 746 

625Enable personality selection controls (stable; on by default).747Enable [Memories](https://developers.openai.com/codex/memories) (off by default).

626 748 

627Key749Key

628 750 

629`features.powershell_utf8`751`features.multi_agent`

630 752 

631Type / Values753Type / Values

632 754 

634 756 

635Details757Details

636 758 

637Force PowerShell UTF-8 output (defaults to true).759Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait_agent`, and `close_agent`) (stable; on by default).

638 760 

639Key761Key

640 762 

641`features.remote_models`763`features.personality`

642 764 

643Type / Values765Type / Values

644 766 

646 768 

647Details769Details

648 770 

649Refresh remote model list before showing readiness (experimental).771Enable personality selection controls (stable; on by default).

650 772 

651Key773Key

652 774 

653`features.request_rule`775`features.prevent_idle_sleep`

654 776 

655Type / Values777Type / Values

656 778 

658 780 

659Details781Details

660 782 

661Enable Smart approvals (`prefix_rule` suggestions on escalation requests; stable; on by default).783Prevent the machine from sleeping while a turn is actively running (experimental; off by default).

662 784 

663Key785Key

664 786 

665`features.runtime_metrics`787`features.shell_snapshot`

666 788 

667Type / Values789Type / Values

668 790 

670 792 

671Details793Details

672 794 

673Show runtime metrics summary in TUI turn separators (experimental).795Snapshot shell environment to speed up repeated commands (stable; on by default).

674 796 

675Key797Key

676 798 

677`features.search_tool`799`features.shell_tool`

678 800 

679Type / Values801Type / Values

680 802 

682 804 

683Details805Details

684 806 

685Enable `search_tool_bm25` for Apps tool discovery before invoking app MCP tools (experimental).807Enable the default `shell` tool for running commands (stable; on by default).

686 808 

687Key809Key

688 810 

689`features.shell_snapshot`811`features.skill_mcp_dependency_install`

690 812 

691Type / Values813Type / Values

692 814 

694 816 

695Details817Details

696 818 

697Snapshot shell environment to speed up repeated commands (beta).819Allow prompting and installing missing MCP dependencies for skills (stable; on by default).

698 820 

699Key821Key

700 822 

701`features.shell_tool`823`features.undo`

702 824 

703Type / Values825Type / Values

704 826 

706 828 

707Details829Details

708 830 

709Enable the default `shell` tool for running commands (stable; on by default).831Enable undo support (stable; off by default).

710 832 

711Key833Key

712 834 

718 840 

719Details841Details

720 842 

721Use the unified PTY-backed exec tool (beta).843Use the unified PTY-backed exec tool (stable; enabled by default except on Windows).

722 

723Key

724 

725`features.use_linux_sandbox_bwrap`

726 

727Type / Values

728 

729`boolean`

730 

731Details

732 

733Use the bubblewrap-based Linux sandbox pipeline (experimental; off by default).

734 844 

735Key845Key

736 846 

854 964 

855Key965Key

856 966 

857`include_apply_patch_tool`967`hooks`

858 968 

859Type / Values969Type / Values

860 970 

861`boolean`971`table`

862 972 

863Details973Details

864 974 

865Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`.975Lifecycle hooks configured inline in `config.toml`. Uses the same event schema as `hooks.json`; see the Hooks guide for examples and supported events.

866 976 

867Key977Key

868 978 

1038 1148 

1039Type / Values1149Type / Values

1040 1150 

1041`array<string>`1151`array<string | { name = string, source = "local" | "remote" }>`

1152 

1153Details

1154 

1155Additional environment variables to whitelist for an MCP stdio server. String entries default to `source = "local"`; use `source = "remote"` only with executor-backed remote stdio.

1156 

1157Key

1158 

1159`mcp_servers.<id>.experimental_environment`

1160 

1161Type / Values

1162 

1163`local | remote`

1042 1164 

1043Details1165Details

1044 1166 

1045Additional environment variables to whitelist for an MCP stdio server.1167Experimental placement for an MCP server. `remote` starts stdio servers through a remote executor environment; streamable HTTP remote placement is not implemented.

1046 1168 

1047Key1169Key

1048 1170 

1058 1180 

1059Key1181Key

1060 1182 

1183`mcp_servers.<id>.oauth_resource`

1184 

1185Type / Values

1186 

1187`string`

1188 

1189Details

1190 

1191Optional RFC 8707 OAuth resource parameter to include during MCP login.

1192 

1193Key

1194 

1061`mcp_servers.<id>.required`1195`mcp_servers.<id>.required`

1062 1196 

1063Type / Values1197Type / Values

1070 1204 

1071Key1205Key

1072 1206 

1207`mcp_servers.<id>.scopes`

1208 

1209Type / Values

1210 

1211`array<string>`

1212 

1213Details

1214 

1215OAuth scopes to request when authenticating to that MCP server.

1216 

1217Key

1218 

1073`mcp_servers.<id>.startup_timeout_ms`1219`mcp_servers.<id>.startup_timeout_ms`

1074 1220 

1075Type / Values1221Type / Values

1118 1264 

1119Key1265Key

1120 1266 

1121`model`1267`memories.consolidation_model`

1122 1268 

1123Type / Values1269Type / Values

1124 1270 

1126 1272 

1127Details1273Details

1128 1274 

1129Model to use (e.g., `gpt-5-codex`).1275Optional model override for global memory consolidation.

1130 1276 

1131Key1277Key

1132 1278 

1133`model_auto_compact_token_limit`1279`memories.disable_on_external_context`

1134 1280 

1135Type / Values1281Type / Values

1136 1282 

1137`number`1283`boolean`

1138 1284 

1139Details1285Details

1140 1286 

1141Token threshold that triggers automatic history compaction (unset uses model defaults).1287When `true`, threads that use external context such as MCP tool calls, web search, or tool search are kept out of memory generation. Defaults to `false`. Legacy alias: `memories.no_memories_if_mcp_or_web_search`.

1142 1288 

1143Key1289Key

1144 1290 

1145`model_catalog_json`1291`memories.extract_model`

1146 1292 

1147Type / Values1293Type / Values

1148 1294 

1149`string (path)`1295`string`

1150 1296 

1151Details1297Details

1152 1298 

1153Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile.1299Optional model override for per-thread memory extraction.

1154 1300 

1155Key1301Key

1156 1302 

1157`model_context_window`1303`memories.generate_memories`

1158 1304 

1159Type / Values1305Type / Values

1160 1306 

1161`number`1307`boolean`

1162 1308 

1163Details1309Details

1164 1310 

1165Context window tokens available to the active model.1311When `false`, newly created threads are not stored as memory-generation inputs. Defaults to `true`.

1166 1312 

1167Key1313Key

1168 1314 

1169`model_instructions_file`1315`memories.max_raw_memories_for_consolidation`

1170 1316 

1171Type / Values1317Type / Values

1172 1318 

1173`string (path)`1319`number`

1174 1320 

1175Details1321Details

1176 1322 

1177Replacement for built-in instructions instead of `AGENTS.md`.1323Maximum recent raw memories retained for global consolidation. Defaults to `256` and is capped at `4096`.

1178 1324 

1179Key1325Key

1180 1326 

1181`model_provider`1327`memories.max_rollout_age_days`

1182 1328 

1183Type / Values1329Type / Values

1184 1330 

1185`string`1331`number`

1186 1332 

1187Details1333Details

1188 1334 

1189Provider id from `model_providers` (default: `openai`).1335Maximum age of threads considered for memory generation. Defaults to `30` and is clamped to `0`-`90`.

1190 1336 

1191Key1337Key

1192 1338 

1193`model_providers.<id>.base_url`1339`memories.max_rollouts_per_startup`

1194 1340 

1195Type / Values1341Type / Values

1196 1342 

1197`string`1343`number`

1198 1344 

1199Details1345Details

1200 1346 

1201API base URL for the model provider.1347Maximum rollout candidates processed per startup pass. Defaults to `16` and is capped at `128`.

1202 1348 

1203Key1349Key

1204 1350 

1205`model_providers.<id>.env_http_headers`1351`memories.max_unused_days`

1206 1352 

1207Type / Values1353Type / Values

1208 1354 

1209`map<string,string>`1355`number`

1210 1356 

1211Details1357Details

1212 1358 

1213HTTP headers populated from environment variables when present.1359Maximum days since a memory was last used before it becomes ineligible for consolidation. Defaults to `30` and is clamped to `0`-`365`.

1214 1360 

1215Key1361Key

1216 1362 

1217`model_providers.<id>.env_key`1363`memories.min_rate_limit_remaining_percent`

1218 1364 

1219Type / Values1365Type / Values

1220 1366 

1221`string`1367`number`

1222 1368 

1223Details1369Details

1224 1370 

1225Environment variable supplying the provider API key.1371Minimum remaining percentage required in Codex rate-limit windows before memory generation starts. Defaults to `25` and is clamped to `0`-`100`.

1226 1372 

1227Key1373Key

1228 1374 

1229`model_providers.<id>.env_key_instructions`1375`memories.min_rollout_idle_hours`

1230 1376 

1231Type / Values1377Type / Values

1232 1378 

1233`string`1379`number`

1234 1380 

1235Details1381Details

1236 1382 

1237Optional setup guidance for the provider API key.1383Minimum idle time before a thread is considered for memory generation. Defaults to `6` and is clamped to `1`-`48`.

1238 1384 

1239Key1385Key

1240 1386 

1241`model_providers.<id>.experimental_bearer_token`1387`memories.use_memories`

1242 1388 

1243Type / Values1389Type / Values

1244 1390 

1245`string`1391`boolean`

1246 1392 

1247Details1393Details

1248 1394 

1249Direct bearer token for the provider (discouraged; use `env_key`).1395When `false`, Codex skips injecting existing memories into future sessions. Defaults to `true`.

1250 1396 

1251Key1397Key

1252 1398 

1253`model_providers.<id>.http_headers`1399`model`

1254 1400 

1255Type / Values1401Type / Values

1256 1402 

1257`map<string,string>`1403`string`

1258 1404 

1259Details1405Details

1260 1406 

1261Static HTTP headers added to provider requests.1407Model to use (e.g., `gpt-5.5`).

1262 1408 

1263Key1409Key

1264 1410 

1265`model_providers.<id>.name`1411`model_auto_compact_token_limit`

1266 1412 

1267Type / Values1413Type / Values

1268 1414 

1269`string`1415`number`

1270 1416 

1271Details1417Details

1272 1418 

1273Display name for a custom model provider.1419Token threshold that triggers automatic history compaction (unset uses model defaults).

1274 1420 

1275Key1421Key

1276 1422 

1277`model_providers.<id>.query_params`1423`model_catalog_json`

1278 1424 

1279Type / Values1425Type / Values

1280 1426 

1281`map<string,string>`1427`string (path)`

1282 1428 

1283Details1429Details

1284 1430 

1285Extra query parameters appended to provider requests.1431Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile.

1286 1432 

1287Key1433Key

1288 1434 

1289`model_providers.<id>.request_max_retries`1435`model_context_window`

1290 1436 

1291Type / Values1437Type / Values

1292 1438 

1294 1440 

1295Details1441Details

1296 1442 

1297Retry count for HTTP requests to the provider (default: 4).1443Context window tokens available to the active model.

1298 1444 

1299Key1445Key

1300 1446 

1301`model_providers.<id>.requires_openai_auth`1447`model_instructions_file`

1302 1448 

1303Type / Values1449Type / Values

1304 1450 

1305`boolean`1451`string (path)`

1306 1452 

1307Details1453Details

1308 1454 

1309The provider uses OpenAI authentication (defaults to false).1455Replacement for built-in instructions instead of `AGENTS.md`.

1310 1456 

1311Key1457Key

1312 1458 

1313`model_providers.<id>.stream_idle_timeout_ms`1459`model_provider`

1314 1460 

1315Type / Values1461Type / Values

1316 1462 

1317`number`1463`string`

1318 1464 

1319Details1465Details

1320 1466 

1321Idle timeout for SSE streams in milliseconds (default: 300000).1467Provider id from `model_providers` (default: `openai`).

1322 1468 

1323Key1469Key

1324 1470 

1325`model_providers.<id>.stream_max_retries`1471`model_providers.<id>`

1326 1472 

1327Type / Values1473Type / Values

1328 1474 

1329`number`1475`table`

1330 1476 

1331Details1477Details

1332 1478 

1333Retry count for SSE streaming interruptions (default: 5).1479Custom provider definition. Built-in provider IDs (`openai`, `ollama`, and `lmstudio`) are reserved and cannot be overridden.

1334 1480 

1335Key1481Key

1336 1482 

1337`model_providers.<id>.wire_api`1483`model_providers.<id>.auth`

1338 1484 

1339Type / Values1485Type / Values

1340 1486 

1341`chat | responses`1487`table`

1342 1488 

1343Details1489Details

1344 1490 

1345Protocol used by the provider (defaults to `chat` if omitted).1491Command-backed bearer token configuration for a custom provider. Do not combine with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`.

1346 1492 

1347Key1493Key

1348 1494 

1349`model_reasoning_effort`1495`model_providers.<id>.auth.args`

1350 1496 

1351Type / Values1497Type / Values

1352 1498 

1353`minimal | low | medium | high | xhigh`1499`array<string>`

1354 1500 

1355Details1501Details

1356 1502 

1357Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent).1503Arguments passed to the token command.

1358 1504 

1359Key1505Key

1360 1506 

1361`model_reasoning_summary`1507`model_providers.<id>.auth.command`

1362 1508 

1363Type / Values1509Type / Values

1364 1510 

1365`auto | concise | detailed | none`1511`string`

1366 1512 

1367Details1513Details

1368 1514 

1369Select reasoning summary detail or disable summaries entirely.1515Command to run when Codex needs a bearer token. The command must print the token to stdout.

1370 1516 

1371Key1517Key

1372 1518 

1373`model_supports_reasoning_summaries`1519`model_providers.<id>.auth.cwd`

1374 1520 

1375Type / Values1521Type / Values

1376 1522 

1377`boolean`1523`string (path)`

1378 1524 

1379Details1525Details

1380 1526 

1381Force Codex to send or not send reasoning metadata.1527Working directory for the token command.

1382 1528 

1383Key1529Key

1384 1530 

1385`model_verbosity`1531`model_providers.<id>.auth.refresh_interval_ms`

1386 1532 

1387Type / Values1533Type / Values

1388 1534 

1389`low | medium | high`1535`number`

1390 1536 

1391Details1537Details

1392 1538 

1393Control GPT-5 Responses API verbosity (defaults to `medium`).1539How often Codex proactively refreshes the token in milliseconds (default: 300000). Set to `0` to refresh only after an authentication retry.

1394 1540 

1395Key1541Key

1396 1542 

1397`notice.hide_full_access_warning`1543`model_providers.<id>.auth.timeout_ms`

1398 1544 

1399Type / Values1545Type / Values

1400 1546 

1401`boolean`1547`number`

1402 1548 

1403Details1549Details

1404 1550 

1405Track acknowledgement of the full access warning prompt.1551Maximum token command runtime in milliseconds (default: 5000).

1406 1552 

1407Key1553Key

1408 1554 

1409`notice.hide_gpt-5.1-codex-max_migration_prompt`1555`model_providers.<id>.base_url`

1410 1556 

1411Type / Values1557Type / Values

1412 1558 

1413`boolean`1559`string`

1414 1560 

1415Details1561Details

1416 1562 

1417Track acknowledgement of the gpt-5.1-codex-max migration prompt.1563API base URL for the model provider.

1418 1564 

1419Key1565Key

1420 1566 

1421`notice.hide_gpt5_1_migration_prompt`1567`model_providers.<id>.env_http_headers`

1568 

1569Type / Values

1570 

1571`map<string,string>`

1572 

1573Details

1574 

1575HTTP headers populated from environment variables when present.

1576 

1577Key

1578 

1579`model_providers.<id>.env_key`

1580 

1581Type / Values

1582 

1583`string`

1584 

1585Details

1586 

1587Environment variable supplying the provider API key.

1588 

1589Key

1590 

1591`model_providers.<id>.env_key_instructions`

1592 

1593Type / Values

1594 

1595`string`

1596 

1597Details

1598 

1599Optional setup guidance for the provider API key.

1600 

1601Key

1602 

1603`model_providers.<id>.experimental_bearer_token`

1604 

1605Type / Values

1606 

1607`string`

1608 

1609Details

1610 

1611Direct bearer token for the provider (discouraged; use `env_key`).

1612 

1613Key

1614 

1615`model_providers.<id>.http_headers`

1616 

1617Type / Values

1618 

1619`map<string,string>`

1620 

1621Details

1622 

1623Static HTTP headers added to provider requests.

1624 

1625Key

1626 

1627`model_providers.<id>.name`

1628 

1629Type / Values

1630 

1631`string`

1632 

1633Details

1634 

1635Display name for a custom model provider.

1636 

1637Key

1638 

1639`model_providers.<id>.query_params`

1640 

1641Type / Values

1642 

1643`map<string,string>`

1644 

1645Details

1646 

1647Extra query parameters appended to provider requests.

1648 

1649Key

1650 

1651`model_providers.<id>.request_max_retries`

1652 

1653Type / Values

1654 

1655`number`

1656 

1657Details

1658 

1659Retry count for HTTP requests to the provider (default: 4).

1660 

1661Key

1662 

1663`model_providers.<id>.requires_openai_auth`

1664 

1665Type / Values

1666 

1667`boolean`

1668 

1669Details

1670 

1671The provider uses OpenAI authentication (defaults to false).

1672 

1673Key

1674 

1675`model_providers.<id>.stream_idle_timeout_ms`

1676 

1677Type / Values

1678 

1679`number`

1680 

1681Details

1682 

1683Idle timeout for SSE streams in milliseconds (default: 300000).

1684 

1685Key

1686 

1687`model_providers.<id>.stream_max_retries`

1688 

1689Type / Values

1690 

1691`number`

1692 

1693Details

1694 

1695Retry count for SSE streaming interruptions (default: 5).

1696 

1697Key

1698 

1699`model_providers.<id>.supports_websockets`

1700 

1701Type / Values

1702 

1703`boolean`

1704 

1705Details

1706 

1707Whether that provider supports the Responses API WebSocket transport.

1708 

1709Key

1710 

1711`model_providers.<id>.wire_api`

1712 

1713Type / Values

1714 

1715`responses`

1716 

1717Details

1718 

1719Protocol used by the provider. `responses` is the only supported value, and it is the default when omitted.

1720 

1721Key

1722 

1723`model_providers.amazon-bedrock.aws.profile`

1724 

1725Type / Values

1726 

1727`string`

1728 

1729Details

1730 

1731AWS profile name used by the built-in `amazon-bedrock` provider.

1732 

1733Key

1734 

1735`model_providers.amazon-bedrock.aws.region`

1736 

1737Type / Values

1738 

1739`string`

1740 

1741Details

1742 

1743AWS region used by the built-in `amazon-bedrock` provider.

1744 

1745Key

1746 

1747`model_reasoning_effort`

1748 

1749Type / Values

1750 

1751`minimal | low | medium | high | xhigh`

1752 

1753Details

1754 

1755Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent).

1756 

1757Key

1758 

1759`model_reasoning_summary`

1760 

1761Type / Values

1762 

1763`auto | concise | detailed | none`

1764 

1765Details

1766 

1767Select reasoning summary detail or disable summaries entirely.

1768 

1769Key

1770 

1771`model_supports_reasoning_summaries`

1772 

1773Type / Values

1774 

1775`boolean`

1776 

1777Details

1778 

1779Force Codex to send or not send reasoning metadata.

1780 

1781Key

1782 

1783`model_verbosity`

1784 

1785Type / Values

1786 

1787`low | medium | high`

1788 

1789Details

1790 

1791Optional GPT-5 Responses API verbosity override; when unset, the selected model/preset default is used.

1792 

1793Key

1794 

1795`notice.hide_full_access_warning`

1796 

1797Type / Values

1798 

1799`boolean`

1800 

1801Details

1802 

1803Track acknowledgement of the full access warning prompt.

1804 

1805Key

1806 

1807`notice.hide_gpt-5.1-codex-max_migration_prompt`

1808 

1809Type / Values

1810 

1811`boolean`

1812 

1813Details

1814 

1815Track acknowledgement of the gpt-5.1-codex-max migration prompt.

1816 

1817Key

1818 

1819`notice.hide_gpt5_1_migration_prompt`

1422 1820 

1423Type / Values1821Type / Values

1424 1822 

1478 1876 

1479Key1877Key

1480 1878 

1879`openai_base_url`

1880 

1881Type / Values

1882 

1883`string`

1884 

1885Details

1886 

1887Base URL override for the built-in `openai` model provider.

1888 

1889Key

1890 

1481`oss_provider`1891`oss_provider`

1482 1892 

1483Type / Values1893Type / Values

1598 2008 

1599Key2009Key

1600 2010 

2011`otel.metrics_exporter`

2012 

2013Type / Values

2014 

2015`none | statsig | otlp-http | otlp-grpc`

2016 

2017Details

2018 

2019Select the OpenTelemetry metrics exporter (defaults to `statsig`).

2020 

2021Key

2022 

1601`otel.trace_exporter`2023`otel.trace_exporter`

1602 2024 

1603Type / Values2025Type / Values

1682 2104 

1683Key2105Key

1684 2106 

2107`permissions.<name>.filesystem`

2108 

2109Type / Values

2110 

2111`table`

2112 

2113Details

2114 

2115Named filesystem permission profile. Each key is an absolute path or special token such as `:minimal` or `:project_roots`.

2116 

2117Key

2118 

2119`permissions.<name>.filesystem.":project_roots".<subpath-or-glob>`

2120 

2121Type / Values

2122 

2123`"read" | "write" | "none"`

2124 

2125Details

2126 

2127Scoped filesystem access relative to the detected project roots. Use `"."` for the root itself; glob subpaths such as `"**/*.env"` can deny reads with `"none"`.

2128 

2129Key

2130 

2131`permissions.<name>.filesystem.<path-or-glob>`

2132 

2133Type / Values

2134 

2135`"read" | "write" | "none" | table`

2136 

2137Details

2138 

2139Grant direct access for a path, glob pattern, or special token, or scope nested entries under that root. Use `"none"` to deny reads for matching paths.

2140 

2141Key

2142 

2143`permissions.<name>.filesystem.glob_scan_max_depth`

2144 

2145Type / Values

2146 

2147`number`

2148 

2149Details

2150 

2151Maximum depth for expanding deny-read glob patterns on platforms that snapshot matches before sandbox startup. Must be at least `1` when set.

2152 

2153Key

2154 

2155`permissions.<name>.network.allow_local_binding`

2156 

2157Type / Values

2158 

2159`boolean`

2160 

2161Details

2162 

2163Permit local bind/listen operations through the managed proxy.

2164 

2165Key

2166 

2167`permissions.<name>.network.allow_upstream_proxy`

2168 

2169Type / Values

2170 

2171`boolean`

2172 

2173Details

2174 

2175Allow the managed proxy to chain to another upstream proxy.

2176 

2177Key

2178 

2179`permissions.<name>.network.dangerously_allow_all_unix_sockets`

2180 

2181Type / Values

2182 

2183`boolean`

2184 

2185Details

2186 

2187Allow the proxy to use arbitrary Unix sockets instead of the default restricted set.

2188 

2189Key

2190 

2191`permissions.<name>.network.dangerously_allow_non_loopback_proxy`

2192 

2193Type / Values

2194 

2195`boolean`

2196 

2197Details

2198 

2199Permit non-loopback bind addresses for the managed proxy listener.

2200 

2201Key

2202 

2203`permissions.<name>.network.domains`

2204 

2205Type / Values

2206 

2207`map<string, allow | deny>`

2208 

2209Details

2210 

2211Domain rules for the managed proxy. Use domain names or wildcard patterns as keys, with `allow` or `deny` values.

2212 

2213Key

2214 

2215`permissions.<name>.network.enable_socks5`

2216 

2217Type / Values

2218 

2219`boolean`

2220 

2221Details

2222 

2223Expose a SOCKS5 listener when this permissions profile enables the managed network proxy.

2224 

2225Key

2226 

2227`permissions.<name>.network.enable_socks5_udp`

2228 

2229Type / Values

2230 

2231`boolean`

2232 

2233Details

2234 

2235Allow UDP over the SOCKS5 listener when enabled.

2236 

2237Key

2238 

2239`permissions.<name>.network.enabled`

2240 

2241Type / Values

2242 

2243`boolean`

2244 

2245Details

2246 

2247Enable network access for this named permissions profile.

2248 

2249Key

2250 

2251`permissions.<name>.network.mode`

2252 

2253Type / Values

2254 

2255`limited | full`

2256 

2257Details

2258 

2259Network proxy mode used for subprocess traffic.

2260 

2261Key

2262 

2263`permissions.<name>.network.proxy_url`

2264 

2265Type / Values

2266 

2267`string`

2268 

2269Details

2270 

2271HTTP proxy endpoint used when this permissions profile enables the managed network proxy.

2272 

2273Key

2274 

2275`permissions.<name>.network.socks_url`

2276 

2277Type / Values

2278 

2279`string`

2280 

2281Details

2282 

2283SOCKS5 proxy endpoint used by this permissions profile.

2284 

2285Key

2286 

2287`permissions.<name>.network.unix_sockets`

2288 

2289Type / Values

2290 

2291`map<string, allow | none>`

2292 

2293Details

2294 

2295Unix socket rules for the managed proxy. Use socket paths as keys, with `allow` or `none` values.

2296 

2297Key

2298 

1685`personality`2299`personality`

1686 2300 

1687Type / Values2301Type / Values

1694 2308 

1695Key2309Key

1696 2310 

2311`plan_mode_reasoning_effort`

2312 

2313Type / Values

2314 

2315`none | minimal | low | medium | high | xhigh`

2316 

2317Details

2318 

2319Plan-mode-specific reasoning override. When unset, Plan mode uses its built-in preset default.

2320 

2321Key

2322 

1697`profile`2323`profile`

1698 2324 

1699Type / Values2325Type / Values

1718 2344 

1719Key2345Key

1720 2346 

1721`profiles.<name>.experimental_use_freeform_apply_patch`2347`profiles.<name>.analytics.enabled`

1722 2348 

1723Type / Values2349Type / Values

1724 2350 

1726 2352 

1727Details2353Details

1728 2354 

1729Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`.2355Profile-scoped analytics enablement override.

1730 2356 

1731Key2357Key

1732 2358 

1742 2368 

1743Key2369Key

1744 2370 

1745`profiles.<name>.include_apply_patch_tool`2371`profiles.<name>.model_catalog_json`

1746 2372 

1747Type / Values2373Type / Values

1748 2374 

1749`boolean`2375`string (path)`

1750 2376 

1751Details2377Details

1752 2378 

1753Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`.2379Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile).

1754 2380 

1755Key2381Key

1756 2382 

1757`profiles.<name>.model_catalog_json`2383`profiles.<name>.model_instructions_file`

1758 2384 

1759Type / Values2385Type / Values

1760 2386 

1762 2388 

1763Details2389Details

1764 2390 

1765Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile).2391Profile-scoped replacement for the built-in instruction file.

1766 2392 

1767Key2393Key

1768 2394 

1774 2400 

1775Details2401Details

1776 2402 

1777Profile-scoped OSS provider for `--oss` sessions.2403Profile-scoped OSS provider for `--oss` sessions.

2404 

2405Key

2406 

2407`profiles.<name>.personality`

2408 

2409Type / Values

2410 

2411`none | friendly | pragmatic`

2412 

2413Details

2414 

2415Profile-scoped communication style override for supported models.

2416 

2417Key

2418 

2419`profiles.<name>.plan_mode_reasoning_effort`

2420 

2421Type / Values

2422 

2423`none | minimal | low | medium | high | xhigh`

2424 

2425Details

2426 

2427Profile-scoped Plan-mode reasoning override.

2428 

2429Key

2430 

2431`profiles.<name>.service_tier`

2432 

2433Type / Values

2434 

2435`flex | fast`

2436 

2437Details

2438 

2439Profile-scoped service tier preference for new turns.

2440 

2441Key

2442 

2443`profiles.<name>.tools_view_image`

2444 

2445Type / Values

2446 

2447`boolean`

2448 

2449Details

2450 

2451Enable or disable the `view_image` tool in that profile.

1778 2452 

1779Key2453Key

1780 2454 

1781`profiles.<name>.personality`2455`profiles.<name>.web_search`

1782 2456 

1783Type / Values2457Type / Values

1784 2458 

1785`none | friendly | pragmatic`2459`disabled | cached | live`

1786 2460 

1787Details2461Details

1788 2462 

1789Profile-scoped communication style override for supported models.2463Profile-scoped web search mode override (default: `"cached"`).

1790 2464 

1791Key2465Key

1792 2466 

1793`profiles.<name>.web_search`2467`profiles.<name>.windows.sandbox`

1794 2468 

1795Type / Values2469Type / Values

1796 2470 

1797`disabled | cached | live`2471`unelevated | elevated`

1798 2472 

1799Details2473Details

1800 2474 

1801Profile-scoped web search mode override (default: `"cached"`).2475Profile-scoped Windows sandbox mode override.

1802 2476 

1803Key2477Key

1804 2478 

1846 2520 

1847Details2521Details

1848 2522 

1849Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers.2523Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers, including project-local config, hooks, and rules.

1850 2524 

1851Key2525Key

1852 2526 

1922 2596 

1923Key2597Key

1924 2598 

2599`service_tier`

2600 

2601Type / Values

2602 

2603`flex | fast`

2604 

2605Details

2606 

2607Preferred service tier for new turns.

2608 

2609Key

2610 

1925`shell_environment_policy.exclude`2611`shell_environment_policy.exclude`

1926 2612 

1927Type / Values2613Type / Values

2078 2764 

2079Key2765Key

2080 2766 

2081`tools.web_search`2767`tool_suggest.disabled_tools`

2768 

2769Type / Values

2770 

2771`array<table>`

2772 

2773Details

2774 

2775Disable suggestions for specific discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`.

2776 

2777Key

2778 

2779`tool_suggest.discoverables`

2780 

2781Type / Values

2782 

2783`array<table>`

2784 

2785Details

2786 

2787Allow tool suggestions for additional discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`.

2788 

2789Key

2790 

2791`tools.view_image`

2082 2792 

2083Type / Values2793Type / Values

2084 2794 

2086 2796 

2087Details2797Details

2088 2798 

2089Deprecated legacy toggle for web search; prefer the top-level `web_search` setting.2799Enable the local-image attachment tool `view_image`.

2800 

2801Key

2802 

2803`tools.web_search`

2804 

2805Type / Values

2806 

2807`boolean | { context_size = "low|medium|high", allowed_domains = [string], location = { country, region, city, timezone } }`

2808 

2809Details

2810 

2811Optional web search tool configuration. The legacy boolean form is still accepted, but the object form lets you set search context size, allowed domains, and approximate user location.

2090 2812 

2091Key2813Key

2092 2814 

2126 2848 

2127Key2849Key

2128 2850 

2851`tui.keymap.<context>.<action>`

2852 

2853Type / Values

2854 

2855`string | array<string>`

2856 

2857Details

2858 

2859Keyboard shortcut binding for a TUI action. Supported contexts include `global`, `chat`, `composer`, `editor`, `pager`, `list`, and `approval`; context-specific bindings override `tui.keymap.global`.

2860 

2861Key

2862 

2863`tui.keymap.<context>.<action> = []`

2864 

2865Type / Values

2866 

2867`empty array`

2868 

2869Details

2870 

2871Unbind the action in that keymap context. Key names use normalized strings such as `ctrl-a`, `shift-enter`, or `page-down`.

2872 

2873Key

2874 

2875`tui.model_availability_nux.<model>`

2876 

2877Type / Values

2878 

2879`integer`

2880 

2881Details

2882 

2883Internal startup-tooltip state keyed by model slug.

2884 

2885Key

2886 

2887`tui.notification_condition`

2888 

2889Type / Values

2890 

2891`unfocused | always`

2892 

2893Details

2894 

2895Control whether TUI notifications fire only when the terminal is unfocused or regardless of focus. Defaults to `unfocused`.

2896 

2897Key

2898 

2129`tui.notification_method`2899`tui.notification_method`

2130 2900 

2131Type / Values2901Type / Values

2134 2904 

2135Details2905Details

2136 2906 

2137Notification method for unfocused terminal notifications (default: auto).2907Notification method for terminal notifications (default: auto).

2138 2908 

2139Key2909Key

2140 2910 

2174 2944 

2175Key2945Key

2176 2946 

2947`tui.terminal_title`

2948 

2949Type / Values

2950 

2951`array<string> | null`

2952 

2953Details

2954 

2955Ordered list of terminal window/tab title item identifiers. Defaults to `["spinner", "project"]`; `null` disables title updates.

2956 

2957Key

2958 

2959`tui.theme`

2960 

2961Type / Values

2962 

2963`string`

2964 

2965Details

2966 

2967Syntax-highlighting theme override (kebab-case theme name).

2968 

2969Key

2970 

2177`web_search`2971`web_search`

2178 2972 

2179Type / Values2973Type / Values

2208 3002 

2209Windows-only native sandbox mode when running Codex natively on Windows.3003Windows-only native sandbox mode when running Codex natively on Windows.

2210 3004 

3005Key

3006 

3007`windows.sandbox_private_desktop`

3008 

3009Type / Values

3010 

3011`boolean`

3012 

3013Details

3014 

3015Run the final sandboxed child process on a private desktop by default on native Windows. Set `false` only for compatibility with the older `Winsta0\\Default` behavior.

3016 

2211Expand to view all3017Expand to view all

2212 3018 

2213You can find the latest JSON schema for `config.toml` [here](https://developers.openai.com/codex/config-schema.json).3019You can find the latest JSON schema for `config.toml` [here](https://developers.openai.com/codex/config-schema.json).

2232 3038 

2233| Key | Type / Values | Details |3039| Key | Type / Values | Details |

2234| --- | --- | --- |3040| --- | --- | --- |

2235| `allowed_approval_policies` | `array<string>` | Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `reject`). |3041| `allowed_approval_policies` | `array<string>` | Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `granular`). |

3042| `allowed_approvals_reviewers` | `array<string>` | Allowed values for `approvals_reviewer`, such as `user` and `auto_review`. |

2236| `allowed_sandbox_modes` | `array<string>` | Allowed values for `sandbox_mode`. |3043| `allowed_sandbox_modes` | `array<string>` | Allowed values for `sandbox_mode`. |

2237| `allowed_web_search_modes` | `array<string>` | Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`. |3044| `allowed_web_search_modes` | `array<string>` | Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`. |

2238| `features` | `table` | Pinned feature values keyed by the canonical names from `config.toml`'s `[features]` table. |3045| `features` | `table` | Pinned feature values keyed by the canonical names from `config.toml`'s `[features]` table. |

2239| `features.<name>` | `boolean` | Require a specific canonical feature key to stay enabled or disabled. |3046| `features.<name>` | `boolean` | Require a specific canonical feature key to stay enabled or disabled. |

3047| `features.browser_use` | `boolean` | Set to `false` in `requirements.toml` to disable Browser Use and Browser Agent availability. |

3048| `features.computer_use` | `boolean` | Set to `false` in `requirements.toml` to disable Computer Use availability and related install or enablement flows. |

3049| `features.in_app_browser` | `boolean` | Set to `false` in `requirements.toml` to disable the in-app browser pane. |

3050| `guardian_policy_config` | `string` | Managed Markdown policy instructions for automatic review. This takes precedence over local `[auto_review].policy`. Blank values are ignored. |

3051| `hooks` | `table` | Admin-enforced managed lifecycle hooks. Requires a managed hook directory and uses the same event schema as inline `[hooks]` in `config.toml`. |

3052| `hooks.<Event>` | `array<table>` | Matcher groups for a hook event such as `PreToolUse`, `PostToolUse`, `PermissionRequest`, `SessionStart`, `UserPromptSubmit`, or `Stop`. |

3053| `hooks.<Event>[].hooks` | `array<table>` | Hook handlers for a matcher group. Command hooks are currently supported; prompt and agent hook handlers are parsed but skipped. |

3054| `hooks.managed_dir` | `string (absolute path)` | Directory containing managed hook scripts on macOS and Linux. Codex validates that it is absolute and exists before loading managed hooks. |

3055| `hooks.windows_managed_dir` | `string (absolute path)` | Directory containing managed hook scripts on Windows. Codex validates that it is absolute and exists before loading managed hooks. |

2240| `mcp_servers` | `table` | Allowlist of MCP servers that may be enabled. Both the server name (`<id>`) and its identity must match for the MCP server to be enabled. Any configured MCP server not in the allowlist (or with a mismatched identity) is disabled. |3056| `mcp_servers` | `table` | Allowlist of MCP servers that may be enabled. Both the server name (`<id>`) and its identity must match for the MCP server to be enabled. Any configured MCP server not in the allowlist (or with a mismatched identity) is disabled. |

2241| `mcp_servers.<id>.identity` | `table` | Identity rule for a single MCP server. Set either `command` (stdio) or `url` (streamable HTTP). |3057| `mcp_servers.<id>.identity` | `table` | Identity rule for a single MCP server. Set either `command` (stdio) or `url` (streamable HTTP). |

2242| `mcp_servers.<id>.identity.command` | `string` | Allow an MCP stdio server when its `mcp_servers.<id>.command` matches this command. |3058| `mcp_servers.<id>.identity.command` | `string` | Allow an MCP stdio server when its `mcp_servers.<id>.command` matches this command. |

2243| `mcp_servers.<id>.identity.url` | `string` | Allow an MCP streamable HTTP server when its `mcp_servers.<id>.url` matches this URL. |3059| `mcp_servers.<id>.identity.url` | `string` | Allow an MCP streamable HTTP server when its `mcp_servers.<id>.url` matches this URL. |

3060| `permissions.filesystem.deny_read` | `array<string>` | Admin-enforced filesystem read denials. Entries can be paths or glob patterns, and users cannot weaken them with local config. |

3061| `remote_sandbox_config` | `array<table>` | Host-specific sandbox requirements. The first entry whose `hostname_patterns` match the resolved host name overrides top-level `allowed_sandbox_modes` for that requirements source. Host-specific entries currently override sandbox modes only. |

3062| `remote_sandbox_config[].allowed_sandbox_modes` | `array<string>` | Allowed sandbox modes to apply when this host-specific entry matches. |

3063| `remote_sandbox_config[].hostname_patterns` | `array<string>` | Case-insensitive host name patterns. Supports `*` for any sequence of characters and `?` for one character. |

2244| `rules` | `table` | Admin-enforced command rules merged with `.rules` files. Requirements rules must be restrictive. |3064| `rules` | `table` | Admin-enforced command rules merged with `.rules` files. Requirements rules must be restrictive. |

2245| `rules.prefix_rules` | `array<table>` | List of enforced prefix rules. Each rule must include `pattern` and `decision`. |3065| `rules.prefix_rules` | `array<table>` | List of enforced prefix rules. Each rule must include `pattern` and `decision`. |

2246| `rules.prefix_rules[].decision` | `prompt | forbidden` | Required. Requirements rules can only prompt or forbid (not allow). |3066| `rules.prefix_rules[].decision` | `prompt | forbidden` | Required. Requirements rules can only prompt or forbid (not allow). |

2259 3079 

2260Details3080Details

2261 3081 

2262Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `reject`).3082Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `granular`).

3083 

3084Key

3085 

3086`allowed_approvals_reviewers`

3087 

3088Type / Values

3089 

3090`array<string>`

3091 

3092Details

3093 

3094Allowed values for `approvals_reviewer`, such as `user` and `auto_review`.

2263 3095 

2264Key3096Key

2265 3097 

2311 3143 

2312Key3144Key

2313 3145 

3146`features.browser_use`

3147 

3148Type / Values

3149 

3150`boolean`

3151 

3152Details

3153 

3154Set to `false` in `requirements.toml` to disable Browser Use and Browser Agent availability.

3155 

3156Key

3157 

3158`features.computer_use`

3159 

3160Type / Values

3161 

3162`boolean`

3163 

3164Details

3165 

3166Set to `false` in `requirements.toml` to disable Computer Use availability and related install or enablement flows.

3167 

3168Key

3169 

3170`features.in_app_browser`

3171 

3172Type / Values

3173 

3174`boolean`

3175 

3176Details

3177 

3178Set to `false` in `requirements.toml` to disable the in-app browser pane.

3179 

3180Key

3181 

3182`guardian_policy_config`

3183 

3184Type / Values

3185 

3186`string`

3187 

3188Details

3189 

3190Managed Markdown policy instructions for automatic review. This takes precedence over local `[auto_review].policy`. Blank values are ignored.

3191 

3192Key

3193 

3194`hooks`

3195 

3196Type / Values

3197 

3198`table`

3199 

3200Details

3201 

3202Admin-enforced managed lifecycle hooks. Requires a managed hook directory and uses the same event schema as inline `[hooks]` in `config.toml`.

3203 

3204Key

3205 

3206`hooks.<Event>`

3207 

3208Type / Values

3209 

3210`array<table>`

3211 

3212Details

3213 

3214Matcher groups for a hook event such as `PreToolUse`, `PostToolUse`, `PermissionRequest`, `SessionStart`, `UserPromptSubmit`, or `Stop`.

3215 

3216Key

3217 

3218`hooks.<Event>[].hooks`

3219 

3220Type / Values

3221 

3222`array<table>`

3223 

3224Details

3225 

3226Hook handlers for a matcher group. Command hooks are currently supported; prompt and agent hook handlers are parsed but skipped.

3227 

3228Key

3229 

3230`hooks.managed_dir`

3231 

3232Type / Values

3233 

3234`string (absolute path)`

3235 

3236Details

3237 

3238Directory containing managed hook scripts on macOS and Linux. Codex validates that it is absolute and exists before loading managed hooks.

3239 

3240Key

3241 

3242`hooks.windows_managed_dir`

3243 

3244Type / Values

3245 

3246`string (absolute path)`

3247 

3248Details

3249 

3250Directory containing managed hook scripts on Windows. Codex validates that it is absolute and exists before loading managed hooks.

3251 

3252Key

3253 

2314`mcp_servers`3254`mcp_servers`

2315 3255 

2316Type / Values3256Type / Values

2359 3299 

2360Key3300Key

2361 3301 

3302`permissions.filesystem.deny_read`

3303 

3304Type / Values

3305 

3306`array<string>`

3307 

3308Details

3309 

3310Admin-enforced filesystem read denials. Entries can be paths or glob patterns, and users cannot weaken them with local config.

3311 

3312Key

3313 

3314`remote_sandbox_config`

3315 

3316Type / Values

3317 

3318`array<table>`

3319 

3320Details

3321 

3322Host-specific sandbox requirements. The first entry whose `hostname_patterns` match the resolved host name overrides top-level `allowed_sandbox_modes` for that requirements source. Host-specific entries currently override sandbox modes only.

3323 

3324Key

3325 

3326`remote_sandbox_config[].allowed_sandbox_modes`

3327 

3328Type / Values

3329 

3330`array<string>`

3331 

3332Details

3333 

3334Allowed sandbox modes to apply when this host-specific entry matches.

3335 

3336Key

3337 

3338`remote_sandbox_config[].hostname_patterns`

3339 

3340Type / Values

3341 

3342`array<string>`

3343 

3344Details

3345 

3346Case-insensitive host name patterns. Supports `*` for any sequence of characters and `?` for one character.

3347 

3348Key

3349 

2362`rules`3350`rules`

2363 3351 

2364Type / Values3352Type / Values