SpyBara
Go Premium Account

config-reference.md Codex Docs, 2026-03-07 18:10 UTC → 2026-04-24 18:20 UTC

Inspect the documentation page or source diff for this selected snapshot comparison.

2026
7 Mar 2026, 18:10
14 May 2026, 21:00 14 May 2026, 07:00 13 May 2026, 00:57 12 May 2026, 01:59 11 May 2026, 18:00 7 May 2026, 20:02 7 May 2026, 17:08 5 May 2026, 23:00 2 May 2026, 06:45 2 May 2026, 00:48 1 May 2026, 18:29 30 Apr 2026, 18:36 29 Apr 2026, 12:40 29 Apr 2026, 00:50 25 Apr 2026, 06:37 25 Apr 2026, 00:42 24 Apr 2026, 18:20 24 Apr 2026, 12:28 23 Apr 2026, 18:31 23 Apr 2026, 12:28 23 Apr 2026, 00:46 22 Apr 2026, 18:29 22 Apr 2026, 00:42 21 Apr 2026, 18:29 21 Apr 2026, 12:30 21 Apr 2026, 06:45 20 Apr 2026, 18:26 20 Apr 2026, 06:53 18 Apr 2026, 18:18 17 Apr 2026, 00:44 16 Apr 2026, 18:31 16 Apr 2026, 00:46 15 Apr 2026, 18:31 15 Apr 2026, 06:44 14 Apr 2026, 18:31 14 Apr 2026, 12:29 13 Apr 2026, 18:37 13 Apr 2026, 00:44 12 Apr 2026, 06:38 10 Apr 2026, 18:23 9 Apr 2026, 00:33 8 Apr 2026, 18:32 8 Apr 2026, 00:40 7 Apr 2026, 00:40 2 Apr 2026, 18:23 31 Mar 2026, 06:35 31 Mar 2026, 00:39 28 Mar 2026, 06:26 28 Mar 2026, 00:36 27 Mar 2026, 18:23 27 Mar 2026, 00:39 26 Mar 2026, 18:27 25 Mar 2026, 18:24 23 Mar 2026, 18:22 20 Mar 2026, 00:35 18 Mar 2026, 12:23 18 Mar 2026, 00:36 17 Mar 2026, 18:24 17 Mar 2026, 00:33 16 Mar 2026, 18:25 16 Mar 2026, 12:23 14 Mar 2026, 00:32 13 Mar 2026, 18:15 13 Mar 2026, 00:34 11 Mar 2026, 00:31 9 Mar 2026, 00:34 8 Mar 2026, 18:10 8 Mar 2026, 00:35 7 Mar 2026, 18:10 7 Mar 2026, 06:14 7 Mar 2026, 00:33 6 Mar 2026, 00:38 5 Mar 2026, 18:41 5 Mar 2026, 06:22 5 Mar 2026, 00:34 4 Mar 2026, 18:18 4 Mar 2026, 06:20 3 Mar 2026, 18:20 3 Mar 2026, 00:35 27 Feb 2026, 18:15 24 Feb 2026, 06:27 24 Feb 2026, 00:33 23 Feb 2026, 18:27 21 Feb 2026, 00:33 20 Feb 2026, 12:16 19 Feb 2026, 20:53 19 Feb 2026, 20:37
24 Apr 2026, 18:20
14 May 2026, 21:00 14 May 2026, 07:00 13 May 2026, 00:57 12 May 2026, 01:59 11 May 2026, 18:00 7 May 2026, 20:02 7 May 2026, 17:08 5 May 2026, 23:00 2 May 2026, 06:45 2 May 2026, 00:48 1 May 2026, 18:29 30 Apr 2026, 18:36 29 Apr 2026, 12:40 29 Apr 2026, 00:50 25 Apr 2026, 06:37 25 Apr 2026, 00:42 24 Apr 2026, 18:20 24 Apr 2026, 12:28 23 Apr 2026, 18:31 23 Apr 2026, 12:28 23 Apr 2026, 00:46 22 Apr 2026, 18:29 22 Apr 2026, 00:42 21 Apr 2026, 18:29 21 Apr 2026, 12:30 21 Apr 2026, 06:45 20 Apr 2026, 18:26 20 Apr 2026, 06:53 18 Apr 2026, 18:18 17 Apr 2026, 00:44 16 Apr 2026, 18:31 16 Apr 2026, 00:46 15 Apr 2026, 18:31 15 Apr 2026, 06:44 14 Apr 2026, 18:31 14 Apr 2026, 12:29 13 Apr 2026, 18:37 13 Apr 2026, 00:44 12 Apr 2026, 06:38 10 Apr 2026, 18:23 9 Apr 2026, 00:33 8 Apr 2026, 18:32 8 Apr 2026, 00:40 7 Apr 2026, 00:40 2 Apr 2026, 18:23 31 Mar 2026, 06:35 31 Mar 2026, 00:39 28 Mar 2026, 06:26 28 Mar 2026, 00:36 27 Mar 2026, 18:23 27 Mar 2026, 00:39 26 Mar 2026, 18:27 25 Mar 2026, 18:24 23 Mar 2026, 18:22 20 Mar 2026, 00:35 18 Mar 2026, 12:23 18 Mar 2026, 00:36 17 Mar 2026, 18:24 17 Mar 2026, 00:33 16 Mar 2026, 18:25 16 Mar 2026, 12:23 14 Mar 2026, 00:32 13 Mar 2026, 18:15 13 Mar 2026, 00:34 11 Mar 2026, 00:31 9 Mar 2026, 00:34 8 Mar 2026, 18:10 8 Mar 2026, 00:35 7 Mar 2026, 18:10 7 Mar 2026, 06:14 7 Mar 2026, 00:33 6 Mar 2026, 00:38 5 Mar 2026, 18:41 5 Mar 2026, 06:22 5 Mar 2026, 00:34 4 Mar 2026, 18:18 4 Mar 2026, 06:20 3 Mar 2026, 18:20 3 Mar 2026, 00:35 27 Feb 2026, 18:15 24 Feb 2026, 06:27 24 Feb 2026, 00:33 23 Feb 2026, 18:27 21 Feb 2026, 00:33 20 Feb 2026, 12:16 19 Feb 2026, 20:53 19 Feb 2026, 20:37
Thu 2 18:23 Tue 7 00:40 Wed 8 00:40 Wed 8 18:32 Thu 9 00:33 Fri 10 18:23 Sun 12 06:38 Mon 13 00:44 Mon 13 18:37 Tue 14 12:29 Tue 14 18:31 Wed 15 06:44 Wed 15 18:31 Thu 16 00:46 Thu 16 18:31 Fri 17 00:44 Sat 18 18:18 Mon 20 06:53 Mon 20 18:26 Tue 21 06:45 Tue 21 12:30 Tue 21 18:29 Wed 22 00:42 Wed 22 18:29 Thu 23 00:46 Thu 23 12:28 Thu 23 18:31 Fri 24 12:28 Fri 24 18:20 Sat 25 00:42 Sat 25 06:37 Wed 29 00:50 Wed 29 12:40 Thu 30 18:36

config-reference.md +1022 −268

Details

12| --- | --- | --- |12| --- | --- | --- |

13| `agents.<name>.config_file` | `string (path)` | Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role. |13| `agents.<name>.config_file` | `string (path)` | Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role. |

14| `agents.<name>.description` | `string` | Role guidance shown to Codex when choosing and spawning that agent type. |14| `agents.<name>.description` | `string` | Role guidance shown to Codex when choosing and spawning that agent type. |

15| `agents.<name>.nickname_candidates` | `array<string>` | Optional pool of display nicknames for spawned agents in that role. |

15| `agents.job_max_runtime_seconds` | `number` | Default per-worker timeout for `spawn_agents_on_csv` jobs. When unset, the tool falls back to 1800 seconds per worker. |16| `agents.job_max_runtime_seconds` | `number` | Default per-worker timeout for `spawn_agents_on_csv` jobs. When unset, the tool falls back to 1800 seconds per worker. |

16| `agents.max_depth` | `number` | Maximum nesting depth allowed for spawned agent threads (root sessions start at depth 0; default: 1). |17| `agents.max_depth` | `number` | Maximum nesting depth allowed for spawned agent threads (root sessions start at depth 0; default: 1). |

17| `agents.max_threads` | `number` | Maximum number of agent threads that can be open concurrently. |18| `agents.max_threads` | `number` | Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset. |

18| `allow_login_shell` | `boolean` | Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells. |19| `allow_login_shell` | `boolean` | Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells. |

19| `approval_policy` | `untrusted | on-request | never | { reject = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool } }` | Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { reject = { ... } }` to auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs. |20| `analytics.enabled` | `boolean` | Enable or disable analytics for this machine/profile. When unset, the client default applies. |

20| `approval_policy.reject.mcp_elicitations` | `boolean` | When `true`, MCP elicitation prompts are auto-rejected instead of shown to the user. |21| `approval_policy` | `untrusted | on-request | never | { granular = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool, request_permissions = bool, skill_approval = bool } }` | Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { granular = { ... } }` to allow or auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs. |

21| `approval_policy.reject.rules` | `boolean` | When `true`, approvals triggered by execpolicy `prompt` rules are auto-rejected. |22| `approval_policy.granular.mcp_elicitations` | `boolean` | When `true`, MCP elicitation prompts are allowed to surface instead of being auto-rejected. |

22| `approval_policy.reject.sandbox_approval` | `boolean` | When `true`, sandbox escalation approval prompts are auto-rejected. |23| `approval_policy.granular.request_permissions` | `boolean` | When `true`, prompts from the `request_permissions` tool are allowed to surface. |

24| `approval_policy.granular.rules` | `boolean` | When `true`, approvals triggered by execpolicy `prompt` rules are allowed to surface. |

25| `approval_policy.granular.sandbox_approval` | `boolean` | When `true`, sandbox escalation approval prompts are allowed to surface. |

26| `approval_policy.granular.skill_approval` | `boolean` | When `true`, skill-script approval prompts are allowed to surface. |

27| `approvals_reviewer` | `user | auto_review` | Who reviews eligible approval prompts under `on-request` or granular approval policies. Defaults to `user`; `auto_review` uses the reviewer subagent. This setting doesn't change sandboxing or review actions already allowed inside the sandbox. |

23| `apps._default.destructive_enabled` | `boolean` | Default allow/deny for app tools with `destructive_hint = true`. |28| `apps._default.destructive_enabled` | `boolean` | Default allow/deny for app tools with `destructive_hint = true`. |

24| `apps._default.enabled` | `boolean` | Default app enabled state for all apps unless overridden per app. |29| `apps._default.enabled` | `boolean` | Default app enabled state for all apps unless overridden per app. |

25| `apps._default.open_world_enabled` | `boolean` | Default allow/deny for app tools with `open_world_hint = true`. |30| `apps._default.open_world_enabled` | `boolean` | Default allow/deny for app tools with `open_world_hint = true`. |

30| `apps.<id>.open_world_enabled` | `boolean` | Allow or block tools in this app that advertise `open_world_hint = true`. |35| `apps.<id>.open_world_enabled` | `boolean` | Allow or block tools in this app that advertise `open_world_hint = true`. |

31| `apps.<id>.tools.<tool>.approval_mode` | `auto | prompt | approve` | Per-tool approval behavior override for a single app tool. |36| `apps.<id>.tools.<tool>.approval_mode` | `auto | prompt | approve` | Per-tool approval behavior override for a single app tool. |

32| `apps.<id>.tools.<tool>.enabled` | `boolean` | Per-tool enabled override for an app tool (for example `repos/list`). |37| `apps.<id>.tools.<tool>.enabled` | `boolean` | Per-tool enabled override for an app tool (for example `repos/list`). |

38| `auto_review.policy` | `string` | Local Markdown policy instructions for automatic review. Managed `guardian_policy_config` takes precedence. Blank values are ignored. |

33| `background_terminal_max_timeout` | `number` | Maximum poll window in milliseconds for empty `write_stdin` polls (background terminal polling). Default: `300000` (5 minutes). Replaces the older `background_terminal_timeout` key. |39| `background_terminal_max_timeout` | `number` | Maximum poll window in milliseconds for empty `write_stdin` polls (background terminal polling). Default: `300000` (5 minutes). Replaces the older `background_terminal_timeout` key. |

34| `chatgpt_base_url` | `string` | Override the base URL used during the ChatGPT login flow. |40| `chatgpt_base_url` | `string` | Override the base URL used during the ChatGPT login flow. |

35| `check_for_update_on_startup` | `boolean` | Check for Codex updates on startup (set to false only when updates are centrally managed). |41| `check_for_update_on_startup` | `boolean` | Check for Codex updates on startup (set to false only when updates are centrally managed). |

36| `cli_auth_credentials_store` | `file | keyring | auto` | Control where the CLI stores cached credentials (file-based auth.json vs OS keychain). |42| `cli_auth_credentials_store` | `file | keyring | auto` | Control where the CLI stores cached credentials (file-based auth.json vs OS keychain). |

43| `commit_attribution` | `string` | Override the commit co-author trailer text. Set an empty string to disable automatic attribution. |

37| `compact_prompt` | `string` | Inline override for the history compaction prompt. |44| `compact_prompt` | `string` | Inline override for the history compaction prompt. |

45| `default_permissions` | `string` | Name of the default permissions profile to apply to sandboxed tool calls. |

38| `developer_instructions` | `string` | Additional developer instructions injected into the session (optional). |46| `developer_instructions` | `string` | Additional developer instructions injected into the session (optional). |

39| `disable_paste_burst` | `boolean` | Disable burst-paste detection in the TUI. |47| `disable_paste_burst` | `boolean` | Disable burst-paste detection in the TUI. |

40| `experimental_compact_prompt_file` | `string (path)` | Load the compaction prompt override from a file (experimental). |48| `experimental_compact_prompt_file` | `string (path)` | Load the compaction prompt override from a file (experimental). |

41| `experimental_use_freeform_apply_patch` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform` or `codex --enable apply_patch_freeform`. |

42| `experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`. |49| `experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`. |

43| `features.apply_patch_freeform` | `boolean` | Expose the freeform `apply_patch` tool (experimental). |

44| `features.apps` | `boolean` | Enable ChatGPT Apps/connectors support (experimental). |50| `features.apps` | `boolean` | Enable ChatGPT Apps/connectors support (experimental). |

45| `features.apps_mcp_gateway` | `boolean` | Route Apps MCP calls through the OpenAI connectors MCP gateway (`https://api.openai.com/v1/connectors/mcp/`) instead of legacy routing (experimental). |51| `features.codex_hooks` | `boolean` | Enable lifecycle hooks loaded from `hooks.json` (under development; off by default). |

46| `features.child_agents_md` | `boolean` | Append AGENTS.md scope/precedence guidance even when no AGENTS.md is present (experimental). |52| `features.enable_request_compression` | `boolean` | Compress streaming request bodies with zstd when supported (stable; on by default). |

47| `features.collaboration_modes` | `boolean` | Enable collaboration modes such as plan mode (stable; on by default). |53| `features.fast_mode` | `boolean` | Enable Fast mode selection and the `service_tier = "fast"` path (stable; on by default). |

48| `features.multi_agent` | `boolean` | Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait`, `close_agent`, and `spawn_agents_on_csv`) (experimental; off by default). |54| `features.memories` | `boolean` | Enable [Memories](https://developers.openai.com/codex/memories) (off by default). |

55| `features.multi_agent` | `boolean` | Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait_agent`, and `close_agent`) (stable; on by default). |

49| `features.personality` | `boolean` | Enable personality selection controls (stable; on by default). |56| `features.personality` | `boolean` | Enable personality selection controls (stable; on by default). |

50| `features.powershell_utf8` | `boolean` | Force PowerShell UTF-8 output (defaults to true). |57| `features.prevent_idle_sleep` | `boolean` | Prevent the machine from sleeping while a turn is actively running (experimental; off by default). |

51| `features.remote_models` | `boolean` | Refresh remote model list before showing readiness (experimental). |58| `features.shell_snapshot` | `boolean` | Snapshot shell environment to speed up repeated commands (stable; on by default). |

52| `features.request_rule` | `boolean` | Enable Smart approvals (`prefix_rule` suggestions on escalation requests; stable; on by default). |

53| `features.runtime_metrics` | `boolean` | Show runtime metrics summary in TUI turn separators (experimental). |

54| `features.search_tool` | `boolean` | Enable `search_tool_bm25` for Apps tool discovery before invoking app MCP tools (experimental). |

55| `features.shell_snapshot` | `boolean` | Snapshot shell environment to speed up repeated commands (beta). |

56| `features.shell_tool` | `boolean` | Enable the default `shell` tool for running commands (stable; on by default). |59| `features.shell_tool` | `boolean` | Enable the default `shell` tool for running commands (stable; on by default). |

57| `features.unified_exec` | `boolean` | Use the unified PTY-backed exec tool (beta). |60| `features.skill_mcp_dependency_install` | `boolean` | Allow prompting and installing missing MCP dependencies for skills (stable; on by default). |

58| `features.use_linux_sandbox_bwrap` | `boolean` | Use the bubblewrap-based Linux sandbox pipeline (experimental; off by default). |61| `features.undo` | `boolean` | Enable undo support (stable; off by default). |

62| `features.unified_exec` | `boolean` | Use the unified PTY-backed exec tool (stable; enabled by default except on Windows). |

59| `features.web_search` | `boolean` | Deprecated legacy toggle; prefer the top-level `web_search` setting. |63| `features.web_search` | `boolean` | Deprecated legacy toggle; prefer the top-level `web_search` setting. |

60| `features.web_search_cached` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`. |64| `features.web_search_cached` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`. |

61| `features.web_search_request` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`. |65| `features.web_search_request` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`. |

66| `hide_agent_reasoning` | `boolean` | Suppress reasoning events in both the TUI and `codex exec` output. |70| `hide_agent_reasoning` | `boolean` | Suppress reasoning events in both the TUI and `codex exec` output. |

67| `history.max_bytes` | `number` | If set, caps the history file size in bytes by dropping oldest entries. |71| `history.max_bytes` | `number` | If set, caps the history file size in bytes by dropping oldest entries. |

68| `history.persistence` | `save-all | none` | Control whether Codex saves session transcripts to history.jsonl. |72| `history.persistence` | `save-all | none` | Control whether Codex saves session transcripts to history.jsonl. |

69| `include_apply_patch_tool` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`. |

70| `instructions` | `string` | Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`. |73| `instructions` | `string` | Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`. |

71| `log_dir` | `string (path)` | Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`. |74| `log_dir` | `string (path)` | Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`. |

72| `mcp_oauth_callback_port` | `integer` | Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS. |75| `mcp_oauth_callback_port` | `integer` | Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS. |

81| `mcp_servers.<id>.enabled_tools` | `array<string>` | Allow list of tool names exposed by the MCP server. |84| `mcp_servers.<id>.enabled_tools` | `array<string>` | Allow list of tool names exposed by the MCP server. |

82| `mcp_servers.<id>.env` | `map<string,string>` | Environment variables forwarded to the MCP stdio server. |85| `mcp_servers.<id>.env` | `map<string,string>` | Environment variables forwarded to the MCP stdio server. |

83| `mcp_servers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables for an MCP HTTP server. |86| `mcp_servers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables for an MCP HTTP server. |

84| `mcp_servers.<id>.env_vars` | `array<string>` | Additional environment variables to whitelist for an MCP stdio server. |87| `mcp_servers.<id>.env_vars` | `array<string | { name = string, source = "local" | "remote" }>` | Additional environment variables to whitelist for an MCP stdio server. String entries default to `source = "local"`; use `source = "remote"` only with executor-backed remote stdio. |

88| `mcp_servers.<id>.experimental_environment` | `local | remote` | Experimental placement for an MCP server. `remote` starts stdio servers through a remote executor environment; streamable HTTP remote placement is not implemented. |

85| `mcp_servers.<id>.http_headers` | `map<string,string>` | Static HTTP headers included with each MCP HTTP request. |89| `mcp_servers.<id>.http_headers` | `map<string,string>` | Static HTTP headers included with each MCP HTTP request. |

90| `mcp_servers.<id>.oauth_resource` | `string` | Optional RFC 8707 OAuth resource parameter to include during MCP login. |

86| `mcp_servers.<id>.required` | `boolean` | When true, fail startup/resume if this enabled MCP server cannot initialize. |91| `mcp_servers.<id>.required` | `boolean` | When true, fail startup/resume if this enabled MCP server cannot initialize. |

92| `mcp_servers.<id>.scopes` | `array<string>` | OAuth scopes to request when authenticating to that MCP server. |

87| `mcp_servers.<id>.startup_timeout_ms` | `number` | Alias for `startup_timeout_sec` in milliseconds. |93| `mcp_servers.<id>.startup_timeout_ms` | `number` | Alias for `startup_timeout_sec` in milliseconds. |

88| `mcp_servers.<id>.startup_timeout_sec` | `number` | Override the default 10s startup timeout for an MCP server. |94| `mcp_servers.<id>.startup_timeout_sec` | `number` | Override the default 10s startup timeout for an MCP server. |

89| `mcp_servers.<id>.tool_timeout_sec` | `number` | Override the default 60s per-tool timeout for an MCP server. |95| `mcp_servers.<id>.tool_timeout_sec` | `number` | Override the default 60s per-tool timeout for an MCP server. |

90| `mcp_servers.<id>.url` | `string` | Endpoint for an MCP streamable HTTP server. |96| `mcp_servers.<id>.url` | `string` | Endpoint for an MCP streamable HTTP server. |

91| `model` | `string` | Model to use (e.g., `gpt-5-codex`). |97| `memories.consolidation_model` | `string` | Optional model override for global memory consolidation. |

98| `memories.disable_on_external_context` | `boolean` | When `true`, threads that use external context such as MCP tool calls, web search, or tool search are kept out of memory generation. Defaults to `false`. Legacy alias: `memories.no_memories_if_mcp_or_web_search`. |

99| `memories.extract_model` | `string` | Optional model override for per-thread memory extraction. |

100| `memories.generate_memories` | `boolean` | When `false`, newly created threads are not stored as memory-generation inputs. Defaults to `true`. |

101| `memories.max_raw_memories_for_consolidation` | `number` | Maximum recent raw memories retained for global consolidation. Defaults to `256` and is capped at `4096`. |

102| `memories.max_rollout_age_days` | `number` | Maximum age of threads considered for memory generation. Defaults to `30` and is clamped to `0`-`90`. |

103| `memories.max_rollouts_per_startup` | `number` | Maximum rollout candidates processed per startup pass. Defaults to `16` and is capped at `128`. |

104| `memories.max_unused_days` | `number` | Maximum days since a memory was last used before it becomes ineligible for consolidation. Defaults to `30` and is clamped to `0`-`365`. |

105| `memories.min_rollout_idle_hours` | `number` | Minimum idle time before a thread is considered for memory generation. Defaults to `6` and is clamped to `1`-`48`. |

106| `memories.use_memories` | `boolean` | When `false`, Codex skips injecting existing memories into future sessions. Defaults to `true`. |

107| `model` | `string` | Model to use (e.g., `gpt-5.5`). |

92| `model_auto_compact_token_limit` | `number` | Token threshold that triggers automatic history compaction (unset uses model defaults). |108| `model_auto_compact_token_limit` | `number` | Token threshold that triggers automatic history compaction (unset uses model defaults). |

93| `model_catalog_json` | `string (path)` | Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile. |109| `model_catalog_json` | `string (path)` | Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile. |

94| `model_context_window` | `number` | Context window tokens available to the active model. |110| `model_context_window` | `number` | Context window tokens available to the active model. |

95| `model_instructions_file` | `string (path)` | Replacement for built-in instructions instead of `AGENTS.md`. |111| `model_instructions_file` | `string (path)` | Replacement for built-in instructions instead of `AGENTS.md`. |

96| `model_provider` | `string` | Provider id from `model_providers` (default: `openai`). |112| `model_provider` | `string` | Provider id from `model_providers` (default: `openai`). |

113| `model_providers.<id>` | `table` | Custom provider definition. Built-in provider IDs (`openai`, `ollama`, and `lmstudio`) are reserved and cannot be overridden. |

114| `model_providers.<id>.auth` | `table` | Command-backed bearer token configuration for a custom provider. Do not combine with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`. |

115| `model_providers.<id>.auth.args` | `array<string>` | Arguments passed to the token command. |

116| `model_providers.<id>.auth.command` | `string` | Command to run when Codex needs a bearer token. The command must print the token to stdout. |

117| `model_providers.<id>.auth.cwd` | `string (path)` | Working directory for the token command. |

118| `model_providers.<id>.auth.refresh_interval_ms` | `number` | How often Codex proactively refreshes the token in milliseconds (default: 300000). Set to `0` to refresh only after an authentication retry. |

119| `model_providers.<id>.auth.timeout_ms` | `number` | Maximum token command runtime in milliseconds (default: 5000). |

97| `model_providers.<id>.base_url` | `string` | API base URL for the model provider. |120| `model_providers.<id>.base_url` | `string` | API base URL for the model provider. |

98| `model_providers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables when present. |121| `model_providers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables when present. |

99| `model_providers.<id>.env_key` | `string` | Environment variable supplying the provider API key. |122| `model_providers.<id>.env_key` | `string` | Environment variable supplying the provider API key. |

106| `model_providers.<id>.requires_openai_auth` | `boolean` | The provider uses OpenAI authentication (defaults to false). |129| `model_providers.<id>.requires_openai_auth` | `boolean` | The provider uses OpenAI authentication (defaults to false). |

107| `model_providers.<id>.stream_idle_timeout_ms` | `number` | Idle timeout for SSE streams in milliseconds (default: 300000). |130| `model_providers.<id>.stream_idle_timeout_ms` | `number` | Idle timeout for SSE streams in milliseconds (default: 300000). |

108| `model_providers.<id>.stream_max_retries` | `number` | Retry count for SSE streaming interruptions (default: 5). |131| `model_providers.<id>.stream_max_retries` | `number` | Retry count for SSE streaming interruptions (default: 5). |

109| `model_providers.<id>.wire_api` | `chat | responses` | Protocol used by the provider (defaults to `chat` if omitted). |132| `model_providers.<id>.supports_websockets` | `boolean` | Whether that provider supports the Responses API WebSocket transport. |

133| `model_providers.<id>.wire_api` | `responses` | Protocol used by the provider. `responses` is the only supported value, and it is the default when omitted. |

110| `model_reasoning_effort` | `minimal | low | medium | high | xhigh` | Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent). |134| `model_reasoning_effort` | `minimal | low | medium | high | xhigh` | Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent). |

111| `model_reasoning_summary` | `auto | concise | detailed | none` | Select reasoning summary detail or disable summaries entirely. |135| `model_reasoning_summary` | `auto | concise | detailed | none` | Select reasoning summary detail or disable summaries entirely. |

112| `model_supports_reasoning_summaries` | `boolean` | Force Codex to send or not send reasoning metadata. |136| `model_supports_reasoning_summaries` | `boolean` | Force Codex to send or not send reasoning metadata. |

113| `model_verbosity` | `low | medium | high` | Control GPT-5 Responses API verbosity (defaults to `medium`). |137| `model_verbosity` | `low | medium | high` | Optional GPT-5 Responses API verbosity override; when unset, the selected model/preset default is used. |

114| `notice.hide_full_access_warning` | `boolean` | Track acknowledgement of the full access warning prompt. |138| `notice.hide_full_access_warning` | `boolean` | Track acknowledgement of the full access warning prompt. |

115| `notice.hide_gpt-5.1-codex-max_migration_prompt` | `boolean` | Track acknowledgement of the gpt-5.1-codex-max migration prompt. |139| `notice.hide_gpt-5.1-codex-max_migration_prompt` | `boolean` | Track acknowledgement of the gpt-5.1-codex-max migration prompt. |

116| `notice.hide_gpt5_1_migration_prompt` | `boolean` | Track acknowledgement of the GPT-5.1 migration prompt. |140| `notice.hide_gpt5_1_migration_prompt` | `boolean` | Track acknowledgement of the GPT-5.1 migration prompt. |

118| `notice.hide_world_writable_warning` | `boolean` | Track acknowledgement of the Windows world-writable directories warning. |142| `notice.hide_world_writable_warning` | `boolean` | Track acknowledgement of the Windows world-writable directories warning. |

119| `notice.model_migrations` | `map<string,string>` | Track acknowledged model migrations as old->new mappings. |143| `notice.model_migrations` | `map<string,string>` | Track acknowledged model migrations as old->new mappings. |

120| `notify` | `array<string>` | Command invoked for notifications; receives a JSON payload from Codex. |144| `notify` | `array<string>` | Command invoked for notifications; receives a JSON payload from Codex. |

145| `openai_base_url` | `string` | Base URL override for the built-in `openai` model provider. |

121| `oss_provider` | `lmstudio | ollama` | Default local provider used when running with `--oss` (defaults to prompting if unset). |146| `oss_provider` | `lmstudio | ollama` | Default local provider used when running with `--oss` (defaults to prompting if unset). |

122| `otel.environment` | `string` | Environment tag applied to emitted OpenTelemetry events (default: `dev`). |147| `otel.environment` | `string` | Environment tag applied to emitted OpenTelemetry events (default: `dev`). |

123| `otel.exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry exporter and provide any endpoint metadata. |148| `otel.exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry exporter and provide any endpoint metadata. |

128| `otel.exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL exporter TLS. |153| `otel.exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL exporter TLS. |

129| `otel.exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL exporter TLS. |154| `otel.exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL exporter TLS. |

130| `otel.log_user_prompt` | `boolean` | Opt in to exporting raw user prompts with OpenTelemetry logs. |155| `otel.log_user_prompt` | `boolean` | Opt in to exporting raw user prompts with OpenTelemetry logs. |

156| `otel.metrics_exporter` | `none | statsig | otlp-http | otlp-grpc` | Select the OpenTelemetry metrics exporter (defaults to `statsig`). |

131| `otel.trace_exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry trace exporter and provide any endpoint metadata. |157| `otel.trace_exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry trace exporter and provide any endpoint metadata. |

132| `otel.trace_exporter.<id>.endpoint` | `string` | Trace exporter endpoint for OTEL logs. |158| `otel.trace_exporter.<id>.endpoint` | `string` | Trace exporter endpoint for OTEL logs. |

133| `otel.trace_exporter.<id>.headers` | `map<string,string>` | Static headers included with OTEL trace exporter requests. |159| `otel.trace_exporter.<id>.headers` | `map<string,string>` | Static headers included with OTEL trace exporter requests. |

135| `otel.trace_exporter.<id>.tls.ca-certificate` | `string` | CA certificate path for OTEL trace exporter TLS. |161| `otel.trace_exporter.<id>.tls.ca-certificate` | `string` | CA certificate path for OTEL trace exporter TLS. |

136| `otel.trace_exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL trace exporter TLS. |162| `otel.trace_exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL trace exporter TLS. |

137| `otel.trace_exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL trace exporter TLS. |163| `otel.trace_exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL trace exporter TLS. |

164| `permissions.<name>.filesystem` | `table` | Named filesystem permission profile. Each key is an absolute path or special token such as `:minimal` or `:project_roots`. |

165| `permissions.<name>.filesystem.":project_roots".<subpath-or-glob>` | `"read" | "write" | "none"` | Scoped filesystem access relative to the detected project roots. Use `"."` for the root itself; glob subpaths such as `"**/*.env"` can deny reads with `"none"`. |

166| `permissions.<name>.filesystem.<path-or-glob>` | `"read" | "write" | "none" | table` | Grant direct access for a path, glob pattern, or special token, or scope nested entries under that root. Use `"none"` to deny reads for matching paths. |

167| `permissions.<name>.filesystem.glob_scan_max_depth` | `number` | Maximum depth for expanding deny-read glob patterns on platforms that snapshot matches before sandbox startup. Must be at least `1` when set. |

168| `permissions.<name>.network.allow_local_binding` | `boolean` | Permit local bind/listen operations through the managed proxy. |

169| `permissions.<name>.network.allow_upstream_proxy` | `boolean` | Allow the managed proxy to chain to another upstream proxy. |

170| `permissions.<name>.network.dangerously_allow_all_unix_sockets` | `boolean` | Allow the proxy to use arbitrary Unix sockets instead of the default restricted set. |

171| `permissions.<name>.network.dangerously_allow_non_loopback_proxy` | `boolean` | Permit non-loopback bind addresses for the managed proxy listener. |

172| `permissions.<name>.network.domains` | `map<string, allow | deny>` | Domain rules for the managed proxy. Use domain names or wildcard patterns as keys, with `allow` or `deny` values. |

173| `permissions.<name>.network.enable_socks5` | `boolean` | Expose a SOCKS5 listener when this permissions profile enables the managed network proxy. |

174| `permissions.<name>.network.enable_socks5_udp` | `boolean` | Allow UDP over the SOCKS5 listener when enabled. |

175| `permissions.<name>.network.enabled` | `boolean` | Enable network access for this named permissions profile. |

176| `permissions.<name>.network.mode` | `limited | full` | Network proxy mode used for subprocess traffic. |

177| `permissions.<name>.network.proxy_url` | `string` | HTTP proxy endpoint used when this permissions profile enables the managed network proxy. |

178| `permissions.<name>.network.socks_url` | `string` | SOCKS5 proxy endpoint used by this permissions profile. |

179| `permissions.<name>.network.unix_sockets` | `map<string, allow | none>` | Unix socket rules for the managed proxy. Use socket paths as keys, with `allow` or `none` values. |

138| `personality` | `none | friendly | pragmatic` | Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`. |180| `personality` | `none | friendly | pragmatic` | Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`. |

181| `plan_mode_reasoning_effort` | `none | minimal | low | medium | high | xhigh` | Plan-mode-specific reasoning override. When unset, Plan mode uses its built-in preset default. |

139| `profile` | `string` | Default profile applied at startup (equivalent to `--profile`). |182| `profile` | `string` | Default profile applied at startup (equivalent to `--profile`). |

140| `profiles.<name>.*` | `various` | Profile-scoped overrides for any of the supported configuration keys. |183| `profiles.<name>.*` | `various` | Profile-scoped overrides for any of the supported configuration keys. |

141| `profiles.<name>.experimental_use_freeform_apply_patch` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`. |184| `profiles.<name>.analytics.enabled` | `boolean` | Profile-scoped analytics enablement override. |

142| `profiles.<name>.experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec`. |185| `profiles.<name>.experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec`. |

143| `profiles.<name>.include_apply_patch_tool` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`. |

144| `profiles.<name>.model_catalog_json` | `string (path)` | Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile). |186| `profiles.<name>.model_catalog_json` | `string (path)` | Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile). |

187| `profiles.<name>.model_instructions_file` | `string (path)` | Profile-scoped replacement for the built-in instruction file. |

145| `profiles.<name>.oss_provider` | `lmstudio | ollama` | Profile-scoped OSS provider for `--oss` sessions. |188| `profiles.<name>.oss_provider` | `lmstudio | ollama` | Profile-scoped OSS provider for `--oss` sessions. |

146| `profiles.<name>.personality` | `none | friendly | pragmatic` | Profile-scoped communication style override for supported models. |189| `profiles.<name>.personality` | `none | friendly | pragmatic` | Profile-scoped communication style override for supported models. |

190| `profiles.<name>.plan_mode_reasoning_effort` | `none | minimal | low | medium | high | xhigh` | Profile-scoped Plan-mode reasoning override. |

191| `profiles.<name>.service_tier` | `flex | fast` | Profile-scoped service tier preference for new turns. |

192| `profiles.<name>.tools_view_image` | `boolean` | Enable or disable the `view_image` tool in that profile. |

147| `profiles.<name>.web_search` | `disabled | cached | live` | Profile-scoped web search mode override (default: `"cached"`). |193| `profiles.<name>.web_search` | `disabled | cached | live` | Profile-scoped web search mode override (default: `"cached"`). |

194| `profiles.<name>.windows.sandbox` | `unelevated | elevated` | Profile-scoped Windows sandbox mode override. |

148| `project_doc_fallback_filenames` | `array<string>` | Additional filenames to try when `AGENTS.md` is missing. |195| `project_doc_fallback_filenames` | `array<string>` | Additional filenames to try when `AGENTS.md` is missing. |

149| `project_doc_max_bytes` | `number` | Maximum bytes read from `AGENTS.md` when building project instructions. |196| `project_doc_max_bytes` | `number` | Maximum bytes read from `AGENTS.md` when building project instructions. |

150| `project_root_markers` | `array<string>` | List of project root marker filenames; used when searching parent directories for the project root. |197| `project_root_markers` | `array<string>` | List of project root marker filenames; used when searching parent directories for the project root. |

151| `projects.<path>.trust_level` | `string` | Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers. |198| `projects.<path>.trust_level` | `string` | Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers, including project-local config, hooks, and rules. |

152| `review_model` | `string` | Optional model override used by `/review` (defaults to the current session model). |199| `review_model` | `string` | Optional model override used by `/review` (defaults to the current session model). |

153| `sandbox_mode` | `read-only | workspace-write | danger-full-access` | Sandbox policy for filesystem and network access during command execution. |200| `sandbox_mode` | `read-only | workspace-write | danger-full-access` | Sandbox policy for filesystem and network access during command execution. |

154| `sandbox_workspace_write.exclude_slash_tmp` | `boolean` | Exclude `/tmp` from writable roots in workspace-write mode. |201| `sandbox_workspace_write.exclude_slash_tmp` | `boolean` | Exclude `/tmp` from writable roots in workspace-write mode. |

155| `sandbox_workspace_write.exclude_tmpdir_env_var` | `boolean` | Exclude `$TMPDIR` from writable roots in workspace-write mode. |202| `sandbox_workspace_write.exclude_tmpdir_env_var` | `boolean` | Exclude `$TMPDIR` from writable roots in workspace-write mode. |

156| `sandbox_workspace_write.network_access` | `boolean` | Allow outbound network access inside the workspace-write sandbox. |203| `sandbox_workspace_write.network_access` | `boolean` | Allow outbound network access inside the workspace-write sandbox. |

157| `sandbox_workspace_write.writable_roots` | `array<string>` | Additional writable roots when `sandbox_mode = "workspace-write"`. |204| `sandbox_workspace_write.writable_roots` | `array<string>` | Additional writable roots when `sandbox_mode = "workspace-write"`. |

205| `service_tier` | `flex | fast` | Preferred service tier for new turns. |

158| `shell_environment_policy.exclude` | `array<string>` | Glob patterns for removing environment variables after the defaults. |206| `shell_environment_policy.exclude` | `array<string>` | Glob patterns for removing environment variables after the defaults. |

159| `shell_environment_policy.experimental_use_profile` | `boolean` | Use the user shell profile when spawning subprocesses. |207| `shell_environment_policy.experimental_use_profile` | `boolean` | Use the user shell profile when spawning subprocesses. |

160| `shell_environment_policy.ignore_default_excludes` | `boolean` | Keep variables containing KEY/SECRET/TOKEN before other filters run. |208| `shell_environment_policy.ignore_default_excludes` | `boolean` | Keep variables containing KEY/SECRET/TOKEN before other filters run. |

168| `sqlite_home` | `string (path)` | Directory where Codex stores the SQLite-backed state DB used by agent jobs and other resumable runtime state. |216| `sqlite_home` | `string (path)` | Directory where Codex stores the SQLite-backed state DB used by agent jobs and other resumable runtime state. |

169| `suppress_unstable_features_warning` | `boolean` | Suppress the warning that appears when under-development feature flags are enabled. |217| `suppress_unstable_features_warning` | `boolean` | Suppress the warning that appears when under-development feature flags are enabled. |

170| `tool_output_token_limit` | `number` | Token budget for storing individual tool/function outputs in history. |218| `tool_output_token_limit` | `number` | Token budget for storing individual tool/function outputs in history. |

171| `tools.web_search` | `boolean` | Deprecated legacy toggle for web search; prefer the top-level `web_search` setting. |219| `tool_suggest.discoverables` | `array<table>` | Allow tool suggestions for additional discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`. |

220| `tools.view_image` | `boolean` | Enable the local-image attachment tool `view_image`. |

221| `tools.web_search` | `boolean | { context_size = "low|medium|high", allowed_domains = [string], location = { country, region, city, timezone } }` | Optional web search tool configuration. The legacy boolean form is still accepted, but the object form lets you set search context size, allowed domains, and approximate user location. |

172| `tui` | `table` | TUI-specific options such as enabling inline desktop notifications. |222| `tui` | `table` | TUI-specific options such as enabling inline desktop notifications. |

173| `tui.alternate_screen` | `auto | always | never` | Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback). |223| `tui.alternate_screen` | `auto | always | never` | Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback). |

174| `tui.animations` | `boolean` | Enable terminal animations (welcome screen, shimmer, spinner) (default: true). |224| `tui.animations` | `boolean` | Enable terminal animations (welcome screen, shimmer, spinner) (default: true). |

175| `tui.notification_method` | `auto | osc9 | bel` | Notification method for unfocused terminal notifications (default: auto). |225| `tui.model_availability_nux.<model>` | `integer` | Internal startup-tooltip state keyed by model slug. |

226| `tui.notification_condition` | `unfocused | always` | Control whether TUI notifications fire only when the terminal is unfocused or regardless of focus. Defaults to `unfocused`. |

227| `tui.notification_method` | `auto | osc9 | bel` | Notification method for terminal notifications (default: auto). |

176| `tui.notifications` | `boolean | array<string>` | Enable TUI notifications; optionally restrict to specific event types. |228| `tui.notifications` | `boolean | array<string>` | Enable TUI notifications; optionally restrict to specific event types. |

177| `tui.show_tooltips` | `boolean` | Show onboarding tooltips in the TUI welcome screen (default: true). |229| `tui.show_tooltips` | `boolean` | Show onboarding tooltips in the TUI welcome screen (default: true). |

178| `tui.status_line` | `array<string> | null` | Ordered list of TUI footer status-line item identifiers. `null` disables the status line. |230| `tui.status_line` | `array<string> | null` | Ordered list of TUI footer status-line item identifiers. `null` disables the status line. |

231| `tui.terminal_title` | `array<string> | null` | Ordered list of terminal window/tab title item identifiers. Defaults to `["spinner", "project"]`; `null` disables title updates. |

232| `tui.theme` | `string` | Syntax-highlighting theme override (kebab-case theme name). |

179| `web_search` | `disabled | cached | live` | Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool. |233| `web_search` | `disabled | cached | live` | Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool. |

180| `windows_wsl_setup_acknowledged` | `boolean` | Track Windows onboarding acknowledgement (Windows only). |234| `windows_wsl_setup_acknowledged` | `boolean` | Track Windows onboarding acknowledgement (Windows only). |

181| `windows.sandbox` | `unelevated | elevated` | Windows-only native sandbox mode when running Codex natively on Windows. |235| `windows.sandbox` | `unelevated | elevated` | Windows-only native sandbox mode when running Codex natively on Windows. |

236| `windows.sandbox_private_desktop` | `boolean` | Run the final sandboxed child process on a private desktop by default on native Windows. Set `false` only for compatibility with the older `Winsta0\\Default` behavior. |

182 237 

183Key238Key

184 239 

206 261 

207Key262Key

208 263 

264`agents.<name>.nickname_candidates`

265 

266Type / Values

267 

268`array<string>`

269 

270Details

271 

272Optional pool of display nicknames for spawned agents in that role.

273 

274Key

275 

209`agents.job_max_runtime_seconds`276`agents.job_max_runtime_seconds`

210 277 

211Type / Values278Type / Values

238 305 

239Details306Details

240 307 

241Maximum number of agent threads that can be open concurrently.308Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset.

242 309 

243Key310Key

244 311 

254 321 

255Key322Key

256 323 

324`analytics.enabled`

325 

326Type / Values

327 

328`boolean`

329 

330Details

331 

332Enable or disable analytics for this machine/profile. When unset, the client default applies.

333 

334Key

335 

257`approval_policy`336`approval_policy`

258 337 

259Type / Values338Type / Values

260 339 

261`untrusted | on-request | never | { reject = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool } }`340`untrusted | on-request | never | { granular = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool, request_permissions = bool, skill_approval = bool } }`

341 

342Details

343 

344Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { granular = { ... } }` to allow or auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs.

345 

346Key

347 

348`approval_policy.granular.mcp_elicitations`

349 

350Type / Values

351 

352`boolean`

353 

354Details

355 

356When `true`, MCP elicitation prompts are allowed to surface instead of being auto-rejected.

357 

358Key

359 

360`approval_policy.granular.request_permissions`

361 

362Type / Values

363 

364`boolean`

262 365 

263Details366Details

264 367 

265Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { reject = { ... } }` to auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs.368When `true`, prompts from the `request_permissions` tool are allowed to surface.

266 369 

267Key370Key

268 371 

269`approval_policy.reject.mcp_elicitations`372`approval_policy.granular.rules`

270 373 

271Type / Values374Type / Values

272 375 

274 377 

275Details378Details

276 379 

277When `true`, MCP elicitation prompts are auto-rejected instead of shown to the user.380When `true`, approvals triggered by execpolicy `prompt` rules are allowed to surface.

278 381 

279Key382Key

280 383 

281`approval_policy.reject.rules`384`approval_policy.granular.sandbox_approval`

282 385 

283Type / Values386Type / Values

284 387 

286 389 

287Details390Details

288 391 

289When `true`, approvals triggered by execpolicy `prompt` rules are auto-rejected.392When `true`, sandbox escalation approval prompts are allowed to surface.

290 393 

291Key394Key

292 395 

293`approval_policy.reject.sandbox_approval`396`approval_policy.granular.skill_approval`

294 397 

295Type / Values398Type / Values

296 399 

298 401 

299Details402Details

300 403 

301When `true`, sandbox escalation approval prompts are auto-rejected.404When `true`, skill-script approval prompts are allowed to surface.

405 

406Key

407 

408`approvals_reviewer`

409 

410Type / Values

411 

412`user | auto_review`

413 

414Details

415 

416Who reviews eligible approval prompts under `on-request` or granular approval policies. Defaults to `user`; `auto_review` uses the reviewer subagent. This setting doesn't change sandboxing or review actions already allowed inside the sandbox.

302 417 

303Key418Key

304 419 

422 537 

423Key538Key

424 539 

540`auto_review.policy`

541 

542Type / Values

543 

544`string`

545 

546Details

547 

548Local Markdown policy instructions for automatic review. Managed `guardian_policy_config` takes precedence. Blank values are ignored.

549 

550Key

551 

425`background_terminal_max_timeout`552`background_terminal_max_timeout`

426 553 

427Type / Values554Type / Values

470 597 

471Key598Key

472 599 

473`compact_prompt`600`commit_attribution`

474 601 

475Type / Values602Type / Values

476 603 

478 605 

479Details606Details

480 607 

481Inline override for the history compaction prompt.608Override the commit co-author trailer text. Set an empty string to disable automatic attribution.

482 609 

483Key610Key

484 611 

485`developer_instructions`612`compact_prompt`

486 613 

487Type / Values614Type / Values

488 615 

490 617 

491Details618Details

492 619 

493Additional developer instructions injected into the session (optional).620Inline override for the history compaction prompt.

494 621 

495Key622Key

496 623 

497`disable_paste_burst`624`default_permissions`

498 625 

499Type / Values626Type / Values

500 627 

501`boolean`628`string`

502 629 

503Details630Details

504 631 

505Disable burst-paste detection in the TUI.632Name of the default permissions profile to apply to sandboxed tool calls.

506 633 

507Key634Key

508 635 

509`experimental_compact_prompt_file`636`developer_instructions`

510 637 

511Type / Values638Type / Values

512 639 

513`string (path)`640`string`

514 641 

515Details642Details

516 643 

517Load the compaction prompt override from a file (experimental).644Additional developer instructions injected into the session (optional).

518 645 

519Key646Key

520 647 

521`experimental_use_freeform_apply_patch`648`disable_paste_burst`

522 649 

523Type / Values650Type / Values

524 651 

526 653 

527Details654Details

528 655 

529Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform` or `codex --enable apply_patch_freeform`.656Disable burst-paste detection in the TUI.

530 657 

531Key658Key

532 659 

533`experimental_use_unified_exec_tool`660`experimental_compact_prompt_file`

534 661 

535Type / Values662Type / Values

536 663 

537`boolean`664`string (path)`

538 665 

539Details666Details

540 667 

541Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`.668Load the compaction prompt override from a file (experimental).

542 669 

543Key670Key

544 671 

545`features.apply_patch_freeform`672`experimental_use_unified_exec_tool`

546 673 

547Type / Values674Type / Values

548 675 

550 677 

551Details678Details

552 679 

553Expose the freeform `apply_patch` tool (experimental).680Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`.

554 681 

555Key682Key

556 683 

566 693 

567Key694Key

568 695 

569`features.apps_mcp_gateway`696`features.codex_hooks`

570 

571Type / Values

572 

573`boolean`

574 

575Details

576 

577Route Apps MCP calls through the OpenAI connectors MCP gateway (`https://api.openai.com/v1/connectors/mcp/`) instead of legacy routing (experimental).

578 

579Key

580 

581`features.child_agents_md`

582 697 

583Type / Values698Type / Values

584 699 

586 701 

587Details702Details

588 703 

589Append AGENTS.md scope/precedence guidance even when no AGENTS.md is present (experimental).704Enable lifecycle hooks loaded from `hooks.json` (under development; off by default).

590 705 

591Key706Key

592 707 

593`features.collaboration_modes`708`features.enable_request_compression`

594 709 

595Type / Values710Type / Values

596 711 

598 713 

599Details714Details

600 715 

601Enable collaboration modes such as plan mode (stable; on by default).716Compress streaming request bodies with zstd when supported (stable; on by default).

602 717 

603Key718Key

604 719 

605`features.multi_agent`720`features.fast_mode`

606 721 

607Type / Values722Type / Values

608 723 

610 725 

611Details726Details

612 727 

613Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait`, `close_agent`, and `spawn_agents_on_csv`) (experimental; off by default).728Enable Fast mode selection and the `service_tier = "fast"` path (stable; on by default).

614 729 

615Key730Key

616 731 

617`features.personality`732`features.memories`

618 733 

619Type / Values734Type / Values

620 735 

622 737 

623Details738Details

624 739 

625Enable personality selection controls (stable; on by default).740Enable [Memories](https://developers.openai.com/codex/memories) (off by default).

626 741 

627Key742Key

628 743 

629`features.powershell_utf8`744`features.multi_agent`

630 745 

631Type / Values746Type / Values

632 747 

634 749 

635Details750Details

636 751 

637Force PowerShell UTF-8 output (defaults to true).752Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait_agent`, and `close_agent`) (stable; on by default).

638 753 

639Key754Key

640 755 

641`features.remote_models`756`features.personality`

642 757 

643Type / Values758Type / Values

644 759 

646 761 

647Details762Details

648 763 

649Refresh remote model list before showing readiness (experimental).764Enable personality selection controls (stable; on by default).

650 765 

651Key766Key

652 767 

653`features.request_rule`768`features.prevent_idle_sleep`

654 769 

655Type / Values770Type / Values

656 771 

658 773 

659Details774Details

660 775 

661Enable Smart approvals (`prefix_rule` suggestions on escalation requests; stable; on by default).776Prevent the machine from sleeping while a turn is actively running (experimental; off by default).

662 777 

663Key778Key

664 779 

665`features.runtime_metrics`780`features.shell_snapshot`

666 781 

667Type / Values782Type / Values

668 783 

670 785 

671Details786Details

672 787 

673Show runtime metrics summary in TUI turn separators (experimental).788Snapshot shell environment to speed up repeated commands (stable; on by default).

674 789 

675Key790Key

676 791 

677`features.search_tool`792`features.shell_tool`

678 793 

679Type / Values794Type / Values

680 795 

682 797 

683Details798Details

684 799 

685Enable `search_tool_bm25` for Apps tool discovery before invoking app MCP tools (experimental).800Enable the default `shell` tool for running commands (stable; on by default).

686 801 

687Key802Key

688 803 

689`features.shell_snapshot`804`features.skill_mcp_dependency_install`

690 805 

691Type / Values806Type / Values

692 807 

694 809 

695Details810Details

696 811 

697Snapshot shell environment to speed up repeated commands (beta).812Allow prompting and installing missing MCP dependencies for skills (stable; on by default).

698 813 

699Key814Key

700 815 

701`features.shell_tool`816`features.undo`

702 817 

703Type / Values818Type / Values

704 819 

706 821 

707Details822Details

708 823 

709Enable the default `shell` tool for running commands (stable; on by default).824Enable undo support (stable; off by default).

710 825 

711Key826Key

712 827 

718 833 

719Details834Details

720 835 

721Use the unified PTY-backed exec tool (beta).836Use the unified PTY-backed exec tool (stable; enabled by default except on Windows).

722 

723Key

724 

725`features.use_linux_sandbox_bwrap`

726 

727Type / Values

728 

729`boolean`

730 

731Details

732 

733Use the bubblewrap-based Linux sandbox pipeline (experimental; off by default).

734 837 

735Key838Key

736 839 

854 957 

855Key958Key

856 959 

857`include_apply_patch_tool`

858 

859Type / Values

860 

861`boolean`

862 

863Details

864 

865Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`.

866 

867Key

868 

869`instructions`960`instructions`

870 961 

871Type / Values962Type / Values

1038 1129 

1039Type / Values1130Type / Values

1040 1131 

1041`array<string>`1132`array<string | { name = string, source = "local" | "remote" }>`

1042 1133 

1043Details1134Details

1044 1135 

1045Additional environment variables to whitelist for an MCP stdio server.1136Additional environment variables to whitelist for an MCP stdio server. String entries default to `source = "local"`; use `source = "remote"` only with executor-backed remote stdio.

1137 

1138Key

1139 

1140`mcp_servers.<id>.experimental_environment`

1141 

1142Type / Values

1143 

1144`local | remote`

1145 

1146Details

1147 

1148Experimental placement for an MCP server. `remote` starts stdio servers through a remote executor environment; streamable HTTP remote placement is not implemented.

1046 1149 

1047Key1150Key

1048 1151 

1058 1161 

1059Key1162Key

1060 1163 

1164`mcp_servers.<id>.oauth_resource`

1165 

1166Type / Values

1167 

1168`string`

1169 

1170Details

1171 

1172Optional RFC 8707 OAuth resource parameter to include during MCP login.

1173 

1174Key

1175 

1061`mcp_servers.<id>.required`1176`mcp_servers.<id>.required`

1062 1177 

1063Type / Values1178Type / Values

1070 1185 

1071Key1186Key

1072 1187 

1188`mcp_servers.<id>.scopes`

1189 

1190Type / Values

1191 

1192`array<string>`

1193 

1194Details

1195 

1196OAuth scopes to request when authenticating to that MCP server.

1197 

1198Key

1199 

1073`mcp_servers.<id>.startup_timeout_ms`1200`mcp_servers.<id>.startup_timeout_ms`

1074 1201 

1075Type / Values1202Type / Values

1118 1245 

1119Key1246Key

1120 1247 

1121`model`1248`memories.consolidation_model`

1122 1249 

1123Type / Values1250Type / Values

1124 1251 

1126 1253 

1127Details1254Details

1128 1255 

1129Model to use (e.g., `gpt-5-codex`).1256Optional model override for global memory consolidation.

1130 1257 

1131Key1258Key

1132 1259 

1133`model_auto_compact_token_limit`1260`memories.disable_on_external_context`

1134 1261 

1135Type / Values1262Type / Values

1136 1263 

1137`number`1264`boolean`

1138 1265 

1139Details1266Details

1140 1267 

1141Token threshold that triggers automatic history compaction (unset uses model defaults).1268When `true`, threads that use external context such as MCP tool calls, web search, or tool search are kept out of memory generation. Defaults to `false`. Legacy alias: `memories.no_memories_if_mcp_or_web_search`.

1142 1269 

1143Key1270Key

1144 1271 

1145`model_catalog_json`1272`memories.extract_model`

1146 1273 

1147Type / Values1274Type / Values

1148 1275 

1149`string (path)`1276`string`

1150 1277 

1151Details1278Details

1152 1279 

1153Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile.1280Optional model override for per-thread memory extraction.

1154 1281 

1155Key1282Key

1156 1283 

1157`model_context_window`1284`memories.generate_memories`

1158 1285 

1159Type / Values1286Type / Values

1160 1287 

1161`number`1288`boolean`

1162 1289 

1163Details1290Details

1164 1291 

1165Context window tokens available to the active model.1292When `false`, newly created threads are not stored as memory-generation inputs. Defaults to `true`.

1166 1293 

1167Key1294Key

1168 1295 

1169`model_instructions_file`1296`memories.max_raw_memories_for_consolidation`

1170 1297 

1171Type / Values1298Type / Values

1172 1299 

1173`string (path)`1300`number`

1174 1301 

1175Details1302Details

1176 1303 

1177Replacement for built-in instructions instead of `AGENTS.md`.1304Maximum recent raw memories retained for global consolidation. Defaults to `256` and is capped at `4096`.

1178 1305 

1179Key1306Key

1180 1307 

1181`model_provider`1308`memories.max_rollout_age_days`

1182 1309 

1183Type / Values1310Type / Values

1184 1311 

1185`string`1312`number`

1186 1313 

1187Details1314Details

1188 1315 

1189Provider id from `model_providers` (default: `openai`).1316Maximum age of threads considered for memory generation. Defaults to `30` and is clamped to `0`-`90`.

1190 1317 

1191Key1318Key

1192 1319 

1193`model_providers.<id>.base_url`1320`memories.max_rollouts_per_startup`

1194 1321 

1195Type / Values1322Type / Values

1196 1323 

1197`string`1324`number`

1198 1325 

1199Details1326Details

1200 1327 

1201API base URL for the model provider.1328Maximum rollout candidates processed per startup pass. Defaults to `16` and is capped at `128`.

1202 1329 

1203Key1330Key

1204 1331 

1205`model_providers.<id>.env_http_headers`1332`memories.max_unused_days`

1206 1333 

1207Type / Values1334Type / Values

1208 1335 

1209`map<string,string>`1336`number`

1210 1337 

1211Details1338Details

1212 1339 

1213HTTP headers populated from environment variables when present.1340Maximum days since a memory was last used before it becomes ineligible for consolidation. Defaults to `30` and is clamped to `0`-`365`.

1214 1341 

1215Key1342Key

1216 1343 

1217`model_providers.<id>.env_key`1344`memories.min_rollout_idle_hours`

1218 1345 

1219Type / Values1346Type / Values

1220 1347 

1221`string`1348`number`

1222 1349 

1223Details1350Details

1224 1351 

1225Environment variable supplying the provider API key.1352Minimum idle time before a thread is considered for memory generation. Defaults to `6` and is clamped to `1`-`48`.

1226 1353 

1227Key1354Key

1228 1355 

1229`model_providers.<id>.env_key_instructions`1356`memories.use_memories`

1230 1357 

1231Type / Values1358Type / Values

1232 1359 

1233`string`1360`boolean`

1234 1361 

1235Details1362Details

1236 1363 

1237Optional setup guidance for the provider API key.1364When `false`, Codex skips injecting existing memories into future sessions. Defaults to `true`.

1238 1365 

1239Key1366Key

1240 1367 

1241`model_providers.<id>.experimental_bearer_token`1368`model`

1242 1369 

1243Type / Values1370Type / Values

1244 1371 

1246 1373 

1247Details1374Details

1248 1375 

1249Direct bearer token for the provider (discouraged; use `env_key`).1376Model to use (e.g., `gpt-5.5`).

1250 1377 

1251Key1378Key

1252 1379 

1253`model_providers.<id>.http_headers`1380`model_auto_compact_token_limit`

1254 1381 

1255Type / Values1382Type / Values

1256 1383 

1257`map<string,string>`1384`number`

1258 1385 

1259Details1386Details

1260 1387 

1261Static HTTP headers added to provider requests.1388Token threshold that triggers automatic history compaction (unset uses model defaults).

1262 1389 

1263Key1390Key

1264 1391 

1265`model_providers.<id>.name`1392`model_catalog_json`

1266 1393 

1267Type / Values1394Type / Values

1268 1395 

1269`string`1396`string (path)`

1270 1397 

1271Details1398Details

1272 1399 

1273Display name for a custom model provider.1400Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile.

1274 1401 

1275Key1402Key

1276 1403 

1277`model_providers.<id>.query_params`1404`model_context_window`

1278 1405 

1279Type / Values1406Type / Values

1280 1407 

1281`map<string,string>`1408`number`

1282 1409 

1283Details1410Details

1284 1411 

1285Extra query parameters appended to provider requests.1412Context window tokens available to the active model.

1286 1413 

1287Key1414Key

1288 1415 

1289`model_providers.<id>.request_max_retries`1416`model_instructions_file`

1290 1417 

1291Type / Values1418Type / Values

1292 1419 

1293`number`1420`string (path)`

1294 1421 

1295Details1422Details

1296 1423 

1297Retry count for HTTP requests to the provider (default: 4).1424Replacement for built-in instructions instead of `AGENTS.md`.

1298 1425 

1299Key1426Key

1300 1427 

1301`model_providers.<id>.requires_openai_auth`1428`model_provider`

1302 1429 

1303Type / Values1430Type / Values

1304 1431 

1305`boolean`1432`string`

1306 1433 

1307Details1434Details

1308 1435 

1309The provider uses OpenAI authentication (defaults to false).1436Provider id from `model_providers` (default: `openai`).

1310 1437 

1311Key1438Key

1312 1439 

1313`model_providers.<id>.stream_idle_timeout_ms`1440`model_providers.<id>`

1314 1441 

1315Type / Values1442Type / Values

1316 1443 

1317`number`1444`table`

1318 1445 

1319Details1446Details

1320 1447 

1321Idle timeout for SSE streams in milliseconds (default: 300000).1448Custom provider definition. Built-in provider IDs (`openai`, `ollama`, and `lmstudio`) are reserved and cannot be overridden.

1322 1449 

1323Key1450Key

1324 1451 

1325`model_providers.<id>.stream_max_retries`1452`model_providers.<id>.auth`

1326 1453 

1327Type / Values1454Type / Values

1328 1455 

1329`number`1456`table`

1330 1457 

1331Details1458Details

1332 1459 

1333Retry count for SSE streaming interruptions (default: 5).1460Command-backed bearer token configuration for a custom provider. Do not combine with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`.

1334 1461 

1335Key1462Key

1336 1463 

1337`model_providers.<id>.wire_api`1464`model_providers.<id>.auth.args`

1338 1465 

1339Type / Values1466Type / Values

1340 1467 

1341`chat | responses`1468`array<string>`

1342 1469 

1343Details1470Details

1344 1471 

1345Protocol used by the provider (defaults to `chat` if omitted).1472Arguments passed to the token command.

1346 1473 

1347Key1474Key

1348 1475 

1349`model_reasoning_effort`1476`model_providers.<id>.auth.command`

1350 1477 

1351Type / Values1478Type / Values

1352 1479 

1353`minimal | low | medium | high | xhigh`1480`string`

1354 1481 

1355Details1482Details

1356 1483 

1357Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent).1484Command to run when Codex needs a bearer token. The command must print the token to stdout.

1358 1485 

1359Key1486Key

1360 1487 

1361`model_reasoning_summary`1488`model_providers.<id>.auth.cwd`

1362 1489 

1363Type / Values1490Type / Values

1364 1491 

1365`auto | concise | detailed | none`1492`string (path)`

1366 1493 

1367Details1494Details

1368 1495 

1369Select reasoning summary detail or disable summaries entirely.1496Working directory for the token command.

1370 1497 

1371Key1498Key

1372 1499 

1373`model_supports_reasoning_summaries`1500`model_providers.<id>.auth.refresh_interval_ms`

1374 1501 

1375Type / Values1502Type / Values

1376 1503 

1377`boolean`1504`number`

1378 1505 

1379Details1506Details

1380 1507 

1381Force Codex to send or not send reasoning metadata.1508How often Codex proactively refreshes the token in milliseconds (default: 300000). Set to `0` to refresh only after an authentication retry.

1382 1509 

1383Key1510Key

1384 1511 

1385`model_verbosity`1512`model_providers.<id>.auth.timeout_ms`

1386 1513 

1387Type / Values1514Type / Values

1388 1515 

1389`low | medium | high`1516`number`

1390 1517 

1391Details1518Details

1392 1519 

1393Control GPT-5 Responses API verbosity (defaults to `medium`).1520Maximum token command runtime in milliseconds (default: 5000).

1394 1521 

1395Key1522Key

1396 1523 

1397`notice.hide_full_access_warning`1524`model_providers.<id>.base_url`

1398 1525 

1399Type / Values1526Type / Values

1400 1527 

1401`boolean`1528`string`

1529 

1530Details

1531 

1532API base URL for the model provider.

1533 

1534Key

1535 

1536`model_providers.<id>.env_http_headers`

1537 

1538Type / Values

1539 

1540`map<string,string>`

1541 

1542Details

1543 

1544HTTP headers populated from environment variables when present.

1545 

1546Key

1547 

1548`model_providers.<id>.env_key`

1549 

1550Type / Values

1551 

1552`string`

1553 

1554Details

1555 

1556Environment variable supplying the provider API key.

1557 

1558Key

1559 

1560`model_providers.<id>.env_key_instructions`

1561 

1562Type / Values

1563 

1564`string`

1565 

1566Details

1567 

1568Optional setup guidance for the provider API key.

1569 

1570Key

1571 

1572`model_providers.<id>.experimental_bearer_token`

1573 

1574Type / Values

1575 

1576`string`

1577 

1578Details

1579 

1580Direct bearer token for the provider (discouraged; use `env_key`).

1581 

1582Key

1583 

1584`model_providers.<id>.http_headers`

1585 

1586Type / Values

1587 

1588`map<string,string>`

1589 

1590Details

1591 

1592Static HTTP headers added to provider requests.

1593 

1594Key

1595 

1596`model_providers.<id>.name`

1597 

1598Type / Values

1599 

1600`string`

1601 

1602Details

1603 

1604Display name for a custom model provider.

1605 

1606Key

1607 

1608`model_providers.<id>.query_params`

1609 

1610Type / Values

1611 

1612`map<string,string>`

1613 

1614Details

1615 

1616Extra query parameters appended to provider requests.

1617 

1618Key

1619 

1620`model_providers.<id>.request_max_retries`

1621 

1622Type / Values

1623 

1624`number`

1625 

1626Details

1627 

1628Retry count for HTTP requests to the provider (default: 4).

1629 

1630Key

1631 

1632`model_providers.<id>.requires_openai_auth`

1633 

1634Type / Values

1635 

1636`boolean`

1637 

1638Details

1639 

1640The provider uses OpenAI authentication (defaults to false).

1641 

1642Key

1643 

1644`model_providers.<id>.stream_idle_timeout_ms`

1645 

1646Type / Values

1647 

1648`number`

1649 

1650Details

1651 

1652Idle timeout for SSE streams in milliseconds (default: 300000).

1653 

1654Key

1655 

1656`model_providers.<id>.stream_max_retries`

1657 

1658Type / Values

1659 

1660`number`

1661 

1662Details

1663 

1664Retry count for SSE streaming interruptions (default: 5).

1665 

1666Key

1667 

1668`model_providers.<id>.supports_websockets`

1669 

1670Type / Values

1671 

1672`boolean`

1673 

1674Details

1675 

1676Whether that provider supports the Responses API WebSocket transport.

1677 

1678Key

1679 

1680`model_providers.<id>.wire_api`

1681 

1682Type / Values

1683 

1684`responses`

1685 

1686Details

1687 

1688Protocol used by the provider. `responses` is the only supported value, and it is the default when omitted.

1689 

1690Key

1691 

1692`model_reasoning_effort`

1693 

1694Type / Values

1695 

1696`minimal | low | medium | high | xhigh`

1697 

1698Details

1699 

1700Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent).

1701 

1702Key

1703 

1704`model_reasoning_summary`

1705 

1706Type / Values

1707 

1708`auto | concise | detailed | none`

1709 

1710Details

1711 

1712Select reasoning summary detail or disable summaries entirely.

1713 

1714Key

1715 

1716`model_supports_reasoning_summaries`

1717 

1718Type / Values

1719 

1720`boolean`

1721 

1722Details

1723 

1724Force Codex to send or not send reasoning metadata.

1725 

1726Key

1727 

1728`model_verbosity`

1729 

1730Type / Values

1731 

1732`low | medium | high`

1733 

1734Details

1735 

1736Optional GPT-5 Responses API verbosity override; when unset, the selected model/preset default is used.

1737 

1738Key

1739 

1740`notice.hide_full_access_warning`

1741 

1742Type / Values

1743 

1744`boolean`

1402 1745 

1403Details1746Details

1404 1747 

1406 1749 

1407Key1750Key

1408 1751 

1409`notice.hide_gpt-5.1-codex-max_migration_prompt`1752`notice.hide_gpt-5.1-codex-max_migration_prompt`

1753 

1754Type / Values

1755 

1756`boolean`

1757 

1758Details

1759 

1760Track acknowledgement of the gpt-5.1-codex-max migration prompt.

1761 

1762Key

1763 

1764`notice.hide_gpt5_1_migration_prompt`

1765 

1766Type / Values

1767 

1768`boolean`

1769 

1770Details

1771 

1772Track acknowledgement of the GPT-5.1 migration prompt.

1773 

1774Key

1775 

1776`notice.hide_rate_limit_model_nudge`

1777 

1778Type / Values

1779 

1780`boolean`

1781 

1782Details

1783 

1784Track opt-out of the rate limit model switch reminder.

1785 

1786Key

1787 

1788`notice.hide_world_writable_warning`

1789 

1790Type / Values

1791 

1792`boolean`

1793 

1794Details

1795 

1796Track acknowledgement of the Windows world-writable directories warning.

1797 

1798Key

1799 

1800`notice.model_migrations`

1801 

1802Type / Values

1803 

1804`map<string,string>`

1805 

1806Details

1807 

1808Track acknowledged model migrations as old->new mappings.

1809 

1810Key

1811 

1812`notify`

1813 

1814Type / Values

1815 

1816`array<string>`

1817 

1818Details

1819 

1820Command invoked for notifications; receives a JSON payload from Codex.

1821 

1822Key

1823 

1824`openai_base_url`

1825 

1826Type / Values

1827 

1828`string`

1829 

1830Details

1831 

1832Base URL override for the built-in `openai` model provider.

1833 

1834Key

1835 

1836`oss_provider`

1837 

1838Type / Values

1839 

1840`lmstudio | ollama`

1841 

1842Details

1843 

1844Default local provider used when running with `--oss` (defaults to prompting if unset).

1845 

1846Key

1847 

1848`otel.environment`

1849 

1850Type / Values

1851 

1852`string`

1853 

1854Details

1855 

1856Environment tag applied to emitted OpenTelemetry events (default: `dev`).

1857 

1858Key

1859 

1860`otel.exporter`

1861 

1862Type / Values

1863 

1864`none | otlp-http | otlp-grpc`

1865 

1866Details

1867 

1868Select the OpenTelemetry exporter and provide any endpoint metadata.

1869 

1870Key

1871 

1872`otel.exporter.<id>.endpoint`

1873 

1874Type / Values

1875 

1876`string`

1877 

1878Details

1879 

1880Exporter endpoint for OTEL logs.

1881 

1882Key

1883 

1884`otel.exporter.<id>.headers`

1885 

1886Type / Values

1887 

1888`map<string,string>`

1889 

1890Details

1891 

1892Static headers included with OTEL exporter requests.

1893 

1894Key

1895 

1896`otel.exporter.<id>.protocol`

1897 

1898Type / Values

1899 

1900`binary | json`

1901 

1902Details

1903 

1904Protocol used by the OTLP/HTTP exporter.

1905 

1906Key

1907 

1908`otel.exporter.<id>.tls.ca-certificate`

1909 

1910Type / Values

1911 

1912`string`

1913 

1914Details

1915 

1916CA certificate path for OTEL exporter TLS.

1917 

1918Key

1919 

1920`otel.exporter.<id>.tls.client-certificate`

1921 

1922Type / Values

1923 

1924`string`

1925 

1926Details

1927 

1928Client certificate path for OTEL exporter TLS.

1929 

1930Key

1931 

1932`otel.exporter.<id>.tls.client-private-key`

1933 

1934Type / Values

1935 

1936`string`

1937 

1938Details

1939 

1940Client private key path for OTEL exporter TLS.

1941 

1942Key

1943 

1944`otel.log_user_prompt`

1945 

1946Type / Values

1947 

1948`boolean`

1949 

1950Details

1951 

1952Opt in to exporting raw user prompts with OpenTelemetry logs.

1953 

1954Key

1955 

1956`otel.metrics_exporter`

1957 

1958Type / Values

1959 

1960`none | statsig | otlp-http | otlp-grpc`

1961 

1962Details

1963 

1964Select the OpenTelemetry metrics exporter (defaults to `statsig`).

1965 

1966Key

1967 

1968`otel.trace_exporter`

1969 

1970Type / Values

1971 

1972`none | otlp-http | otlp-grpc`

1973 

1974Details

1975 

1976Select the OpenTelemetry trace exporter and provide any endpoint metadata.

1977 

1978Key

1979 

1980`otel.trace_exporter.<id>.endpoint`

1410 1981 

1411Type / Values1982Type / Values

1412 1983 

1413`boolean`1984`string`

1414 1985 

1415Details1986Details

1416 1987 

1417Track acknowledgement of the gpt-5.1-codex-max migration prompt.1988Trace exporter endpoint for OTEL logs.

1418 1989 

1419Key1990Key

1420 1991 

1421`notice.hide_gpt5_1_migration_prompt`1992`otel.trace_exporter.<id>.headers`

1422 1993 

1423Type / Values1994Type / Values

1424 1995 

1425`boolean`1996`map<string,string>`

1426 1997 

1427Details1998Details

1428 1999 

1429Track acknowledgement of the GPT-5.1 migration prompt.2000Static headers included with OTEL trace exporter requests.

1430 2001 

1431Key2002Key

1432 2003 

1433`notice.hide_rate_limit_model_nudge`2004`otel.trace_exporter.<id>.protocol`

1434 2005 

1435Type / Values2006Type / Values

1436 2007 

1437`boolean`2008`binary | json`

1438 2009 

1439Details2010Details

1440 2011 

1441Track opt-out of the rate limit model switch reminder.2012Protocol used by the OTLP/HTTP trace exporter.

1442 2013 

1443Key2014Key

1444 2015 

1445`notice.hide_world_writable_warning`2016`otel.trace_exporter.<id>.tls.ca-certificate`

1446 2017 

1447Type / Values2018Type / Values

1448 2019 

1449`boolean`2020`string`

1450 2021 

1451Details2022Details

1452 2023 

1453Track acknowledgement of the Windows world-writable directories warning.2024CA certificate path for OTEL trace exporter TLS.

1454 2025 

1455Key2026Key

1456 2027 

1457`notice.model_migrations`2028`otel.trace_exporter.<id>.tls.client-certificate`

1458 2029 

1459Type / Values2030Type / Values

1460 2031 

1461`map<string,string>`2032`string`

1462 2033 

1463Details2034Details

1464 2035 

1465Track acknowledged model migrations as old->new mappings.2036Client certificate path for OTEL trace exporter TLS.

1466 2037 

1467Key2038Key

1468 2039 

1469`notify`2040`otel.trace_exporter.<id>.tls.client-private-key`

1470 2041 

1471Type / Values2042Type / Values

1472 2043 

1473`array<string>`2044`string`

1474 2045 

1475Details2046Details

1476 2047 

1477Command invoked for notifications; receives a JSON payload from Codex.2048Client private key path for OTEL trace exporter TLS.

1478 2049 

1479Key2050Key

1480 2051 

1481`oss_provider`2052`permissions.<name>.filesystem`

1482 2053 

1483Type / Values2054Type / Values

1484 2055 

1485`lmstudio | ollama`2056`table`

1486 2057 

1487Details2058Details

1488 2059 

1489Default local provider used when running with `--oss` (defaults to prompting if unset).2060Named filesystem permission profile. Each key is an absolute path or special token such as `:minimal` or `:project_roots`.

1490 2061 

1491Key2062Key

1492 2063 

1493`otel.environment`2064`permissions.<name>.filesystem.":project_roots".<subpath-or-glob>`

1494 2065 

1495Type / Values2066Type / Values

1496 2067 

1497`string`2068`"read" | "write" | "none"`

1498 2069 

1499Details2070Details

1500 2071 

1501Environment tag applied to emitted OpenTelemetry events (default: `dev`).2072Scoped filesystem access relative to the detected project roots. Use `"."` for the root itself; glob subpaths such as `"**/*.env"` can deny reads with `"none"`.

1502 2073 

1503Key2074Key

1504 2075 

1505`otel.exporter`2076`permissions.<name>.filesystem.<path-or-glob>`

1506 2077 

1507Type / Values2078Type / Values

1508 2079 

1509`none | otlp-http | otlp-grpc`2080`"read" | "write" | "none" | table`

1510 2081 

1511Details2082Details

1512 2083 

1513Select the OpenTelemetry exporter and provide any endpoint metadata.2084Grant direct access for a path, glob pattern, or special token, or scope nested entries under that root. Use `"none"` to deny reads for matching paths.

1514 2085 

1515Key2086Key

1516 2087 

1517`otel.exporter.<id>.endpoint`2088`permissions.<name>.filesystem.glob_scan_max_depth`

1518 2089 

1519Type / Values2090Type / Values

1520 2091 

1521`string`2092`number`

1522 2093 

1523Details2094Details

1524 2095 

1525Exporter endpoint for OTEL logs.2096Maximum depth for expanding deny-read glob patterns on platforms that snapshot matches before sandbox startup. Must be at least `1` when set.

1526 2097 

1527Key2098Key

1528 2099 

1529`otel.exporter.<id>.headers`2100`permissions.<name>.network.allow_local_binding`

1530 2101 

1531Type / Values2102Type / Values

1532 2103 

1533`map<string,string>`2104`boolean`

1534 2105 

1535Details2106Details

1536 2107 

1537Static headers included with OTEL exporter requests.2108Permit local bind/listen operations through the managed proxy.

1538 2109 

1539Key2110Key

1540 2111 

1541`otel.exporter.<id>.protocol`2112`permissions.<name>.network.allow_upstream_proxy`

1542 2113 

1543Type / Values2114Type / Values

1544 2115 

1545`binary | json`2116`boolean`

1546 2117 

1547Details2118Details

1548 2119 

1549Protocol used by the OTLP/HTTP exporter.2120Allow the managed proxy to chain to another upstream proxy.

1550 2121 

1551Key2122Key

1552 2123 

1553`otel.exporter.<id>.tls.ca-certificate`2124`permissions.<name>.network.dangerously_allow_all_unix_sockets`

1554 2125 

1555Type / Values2126Type / Values

1556 2127 

1557`string`2128`boolean`

1558 2129 

1559Details2130Details

1560 2131 

1561CA certificate path for OTEL exporter TLS.2132Allow the proxy to use arbitrary Unix sockets instead of the default restricted set.

1562 2133 

1563Key2134Key

1564 2135 

1565`otel.exporter.<id>.tls.client-certificate`2136`permissions.<name>.network.dangerously_allow_non_loopback_proxy`

1566 2137 

1567Type / Values2138Type / Values

1568 2139 

1569`string`2140`boolean`

1570 2141 

1571Details2142Details

1572 2143 

1573Client certificate path for OTEL exporter TLS.2144Permit non-loopback bind addresses for the managed proxy listener.

1574 2145 

1575Key2146Key

1576 2147 

1577`otel.exporter.<id>.tls.client-private-key`2148`permissions.<name>.network.domains`

1578 2149 

1579Type / Values2150Type / Values

1580 2151 

1581`string`2152`map<string, allow | deny>`

1582 2153 

1583Details2154Details

1584 2155 

1585Client private key path for OTEL exporter TLS.2156Domain rules for the managed proxy. Use domain names or wildcard patterns as keys, with `allow` or `deny` values.

1586 2157 

1587Key2158Key

1588 2159 

1589`otel.log_user_prompt`2160`permissions.<name>.network.enable_socks5`

1590 2161 

1591Type / Values2162Type / Values

1592 2163 

1594 2165 

1595Details2166Details

1596 2167 

1597Opt in to exporting raw user prompts with OpenTelemetry logs.2168Expose a SOCKS5 listener when this permissions profile enables the managed network proxy.

1598 2169 

1599Key2170Key

1600 2171 

1601`otel.trace_exporter`2172`permissions.<name>.network.enable_socks5_udp`

1602 2173 

1603Type / Values2174Type / Values

1604 2175 

1605`none | otlp-http | otlp-grpc`2176`boolean`

1606 2177 

1607Details2178Details

1608 2179 

1609Select the OpenTelemetry trace exporter and provide any endpoint metadata.2180Allow UDP over the SOCKS5 listener when enabled.

1610 2181 

1611Key2182Key

1612 2183 

1613`otel.trace_exporter.<id>.endpoint`2184`permissions.<name>.network.enabled`

1614 2185 

1615Type / Values2186Type / Values

1616 2187 

1617`string`2188`boolean`

1618 2189 

1619Details2190Details

1620 2191 

1621Trace exporter endpoint for OTEL logs.2192Enable network access for this named permissions profile.

1622 2193 

1623Key2194Key

1624 2195 

1625`otel.trace_exporter.<id>.headers`2196`permissions.<name>.network.mode`

1626 2197 

1627Type / Values2198Type / Values

1628 2199 

1629`map<string,string>`2200`limited | full`

1630 2201 

1631Details2202Details

1632 2203 

1633Static headers included with OTEL trace exporter requests.2204Network proxy mode used for subprocess traffic.

1634 2205 

1635Key2206Key

1636 2207 

1637`otel.trace_exporter.<id>.protocol`2208`permissions.<name>.network.proxy_url`

1638 2209 

1639Type / Values2210Type / Values

1640 2211 

1641`binary | json`2212`string`

1642 2213 

1643Details2214Details

1644 2215 

1645Protocol used by the OTLP/HTTP trace exporter.2216HTTP proxy endpoint used when this permissions profile enables the managed network proxy.

1646 2217 

1647Key2218Key

1648 2219 

1649`otel.trace_exporter.<id>.tls.ca-certificate`2220`permissions.<name>.network.socks_url`

1650 2221 

1651Type / Values2222Type / Values

1652 2223 

1654 2225 

1655Details2226Details

1656 2227 

1657CA certificate path for OTEL trace exporter TLS.2228SOCKS5 proxy endpoint used by this permissions profile.

1658 2229 

1659Key2230Key

1660 2231 

1661`otel.trace_exporter.<id>.tls.client-certificate`2232`permissions.<name>.network.unix_sockets`

1662 2233 

1663Type / Values2234Type / Values

1664 2235 

1665`string`2236`map<string, allow | none>`

1666 2237 

1667Details2238Details

1668 2239 

1669Client certificate path for OTEL trace exporter TLS.2240Unix socket rules for the managed proxy. Use socket paths as keys, with `allow` or `none` values.

1670 2241 

1671Key2242Key

1672 2243 

1673`otel.trace_exporter.<id>.tls.client-private-key`2244`personality`

1674 2245 

1675Type / Values2246Type / Values

1676 2247 

1677`string`2248`none | friendly | pragmatic`

1678 2249 

1679Details2250Details

1680 2251 

1681Client private key path for OTEL trace exporter TLS.2252Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`.

1682 2253 

1683Key2254Key

1684 2255 

1685`personality`2256`plan_mode_reasoning_effort`

1686 2257 

1687Type / Values2258Type / Values

1688 2259 

1689`none | friendly | pragmatic`2260`none | minimal | low | medium | high | xhigh`

1690 2261 

1691Details2262Details

1692 2263 

1693Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`.2264Plan-mode-specific reasoning override. When unset, Plan mode uses its built-in preset default.

1694 2265 

1695Key2266Key

1696 2267 

1718 2289 

1719Key2290Key

1720 2291 

1721`profiles.<name>.experimental_use_freeform_apply_patch`2292`profiles.<name>.analytics.enabled`

1722 2293 

1723Type / Values2294Type / Values

1724 2295 

1726 2297 

1727Details2298Details

1728 2299 

1729Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`.2300Profile-scoped analytics enablement override.

1730 2301 

1731Key2302Key

1732 2303 

1742 2313 

1743Key2314Key

1744 2315 

1745`profiles.<name>.include_apply_patch_tool`2316`profiles.<name>.model_catalog_json`

1746 2317 

1747Type / Values2318Type / Values

1748 2319 

1749`boolean`2320`string (path)`

1750 2321 

1751Details2322Details

1752 2323 

1753Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`.2324Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile).

1754 2325 

1755Key2326Key

1756 2327 

1757`profiles.<name>.model_catalog_json`2328`profiles.<name>.model_instructions_file`

1758 2329 

1759Type / Values2330Type / Values

1760 2331 

1762 2333 

1763Details2334Details

1764 2335 

1765Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile).2336Profile-scoped replacement for the built-in instruction file.

1766 2337 

1767Key2338Key

1768 2339 

1790 2361 

1791Key2362Key

1792 2363 

2364`profiles.<name>.plan_mode_reasoning_effort`

2365 

2366Type / Values

2367 

2368`none | minimal | low | medium | high | xhigh`

2369 

2370Details

2371 

2372Profile-scoped Plan-mode reasoning override.

2373 

2374Key

2375 

2376`profiles.<name>.service_tier`

2377 

2378Type / Values

2379 

2380`flex | fast`

2381 

2382Details

2383 

2384Profile-scoped service tier preference for new turns.

2385 

2386Key

2387 

2388`profiles.<name>.tools_view_image`

2389 

2390Type / Values

2391 

2392`boolean`

2393 

2394Details

2395 

2396Enable or disable the `view_image` tool in that profile.

2397 

2398Key

2399 

1793`profiles.<name>.web_search`2400`profiles.<name>.web_search`

1794 2401 

1795Type / Values2402Type / Values

1802 2409 

1803Key2410Key

1804 2411 

2412`profiles.<name>.windows.sandbox`

2413 

2414Type / Values

2415 

2416`unelevated | elevated`

2417 

2418Details

2419 

2420Profile-scoped Windows sandbox mode override.

2421 

2422Key

2423 

1805`project_doc_fallback_filenames`2424`project_doc_fallback_filenames`

1806 2425 

1807Type / Values2426Type / Values

1846 2465 

1847Details2466Details

1848 2467 

1849Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers.2468Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers, including project-local config, hooks, and rules.

1850 2469 

1851Key2470Key

1852 2471 

1922 2541 

1923Key2542Key

1924 2543 

2544`service_tier`

2545 

2546Type / Values

2547 

2548`flex | fast`

2549 

2550Details

2551 

2552Preferred service tier for new turns.

2553 

2554Key

2555 

1925`shell_environment_policy.exclude`2556`shell_environment_policy.exclude`

1926 2557 

1927Type / Values2558Type / Values

2078 2709 

2079Key2710Key

2080 2711 

2081`tools.web_search`2712`tool_suggest.discoverables`

2713 

2714Type / Values

2715 

2716`array<table>`

2717 

2718Details

2719 

2720Allow tool suggestions for additional discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`.

2721 

2722Key

2723 

2724`tools.view_image`

2082 2725 

2083Type / Values2726Type / Values

2084 2727 

2086 2729 

2087Details2730Details

2088 2731 

2089Deprecated legacy toggle for web search; prefer the top-level `web_search` setting.2732Enable the local-image attachment tool `view_image`.

2733 

2734Key

2735 

2736`tools.web_search`

2737 

2738Type / Values

2739 

2740`boolean | { context_size = "low|medium|high", allowed_domains = [string], location = { country, region, city, timezone } }`

2741 

2742Details

2743 

2744Optional web search tool configuration. The legacy boolean form is still accepted, but the object form lets you set search context size, allowed domains, and approximate user location.

2090 2745 

2091Key2746Key

2092 2747 

2126 2781 

2127Key2782Key

2128 2783 

2784`tui.model_availability_nux.<model>`

2785 

2786Type / Values

2787 

2788`integer`

2789 

2790Details

2791 

2792Internal startup-tooltip state keyed by model slug.

2793 

2794Key

2795 

2796`tui.notification_condition`

2797 

2798Type / Values

2799 

2800`unfocused | always`

2801 

2802Details

2803 

2804Control whether TUI notifications fire only when the terminal is unfocused or regardless of focus. Defaults to `unfocused`.

2805 

2806Key

2807 

2129`tui.notification_method`2808`tui.notification_method`

2130 2809 

2131Type / Values2810Type / Values

2134 2813 

2135Details2814Details

2136 2815 

2137Notification method for unfocused terminal notifications (default: auto).2816Notification method for terminal notifications (default: auto).

2138 2817 

2139Key2818Key

2140 2819 

2174 2853 

2175Key2854Key

2176 2855 

2856`tui.terminal_title`

2857 

2858Type / Values

2859 

2860`array<string> | null`

2861 

2862Details

2863 

2864Ordered list of terminal window/tab title item identifiers. Defaults to `["spinner", "project"]`; `null` disables title updates.

2865 

2866Key

2867 

2868`tui.theme`

2869 

2870Type / Values

2871 

2872`string`

2873 

2874Details

2875 

2876Syntax-highlighting theme override (kebab-case theme name).

2877 

2878Key

2879 

2177`web_search`2880`web_search`

2178 2881 

2179Type / Values2882Type / Values

2208 2911 

2209Windows-only native sandbox mode when running Codex natively on Windows.2912Windows-only native sandbox mode when running Codex natively on Windows.

2210 2913 

2914Key

2915 

2916`windows.sandbox_private_desktop`

2917 

2918Type / Values

2919 

2920`boolean`

2921 

2922Details

2923 

2924Run the final sandboxed child process on a private desktop by default on native Windows. Set `false` only for compatibility with the older `Winsta0\\Default` behavior.

2925 

2211Expand to view all2926Expand to view all

2212 2927 

2213You can find the latest JSON schema for `config.toml` [here](https://developers.openai.com/codex/config-schema.json).2928You can find the latest JSON schema for `config.toml` [here](https://developers.openai.com/codex/config-schema.json).

2232 2947 

2233| Key | Type / Values | Details |2948| Key | Type / Values | Details |

2234| --- | --- | --- |2949| --- | --- | --- |

2235| `allowed_approval_policies` | `array<string>` | Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `reject`). |2950| `allowed_approval_policies` | `array<string>` | Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `granular`). |

2951| `allowed_approvals_reviewers` | `array<string>` | Allowed values for `approvals_reviewer`, such as `user` and `auto_review`. |

2236| `allowed_sandbox_modes` | `array<string>` | Allowed values for `sandbox_mode`. |2952| `allowed_sandbox_modes` | `array<string>` | Allowed values for `sandbox_mode`. |

2237| `allowed_web_search_modes` | `array<string>` | Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`. |2953| `allowed_web_search_modes` | `array<string>` | Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`. |

2238| `features` | `table` | Pinned feature values keyed by the canonical names from `config.toml`'s `[features]` table. |2954| `features` | `table` | Pinned feature values keyed by the canonical names from `config.toml`'s `[features]` table. |

2239| `features.<name>` | `boolean` | Require a specific canonical feature key to stay enabled or disabled. |2955| `features.<name>` | `boolean` | Require a specific canonical feature key to stay enabled or disabled. |

2956| `guardian_policy_config` | `string` | Managed Markdown policy instructions for automatic review. This takes precedence over local `[auto_review].policy`. Blank values are ignored. |

2240| `mcp_servers` | `table` | Allowlist of MCP servers that may be enabled. Both the server name (`<id>`) and its identity must match for the MCP server to be enabled. Any configured MCP server not in the allowlist (or with a mismatched identity) is disabled. |2957| `mcp_servers` | `table` | Allowlist of MCP servers that may be enabled. Both the server name (`<id>`) and its identity must match for the MCP server to be enabled. Any configured MCP server not in the allowlist (or with a mismatched identity) is disabled. |

2241| `mcp_servers.<id>.identity` | `table` | Identity rule for a single MCP server. Set either `command` (stdio) or `url` (streamable HTTP). |2958| `mcp_servers.<id>.identity` | `table` | Identity rule for a single MCP server. Set either `command` (stdio) or `url` (streamable HTTP). |

2242| `mcp_servers.<id>.identity.command` | `string` | Allow an MCP stdio server when its `mcp_servers.<id>.command` matches this command. |2959| `mcp_servers.<id>.identity.command` | `string` | Allow an MCP stdio server when its `mcp_servers.<id>.command` matches this command. |

2243| `mcp_servers.<id>.identity.url` | `string` | Allow an MCP streamable HTTP server when its `mcp_servers.<id>.url` matches this URL. |2960| `mcp_servers.<id>.identity.url` | `string` | Allow an MCP streamable HTTP server when its `mcp_servers.<id>.url` matches this URL. |

2961| `permissions.filesystem.deny_read` | `array<string>` | Admin-enforced filesystem read denials. Entries can be paths or glob patterns, and users cannot weaken them with local config. |

2244| `rules` | `table` | Admin-enforced command rules merged with `.rules` files. Requirements rules must be restrictive. |2962| `rules` | `table` | Admin-enforced command rules merged with `.rules` files. Requirements rules must be restrictive. |

2245| `rules.prefix_rules` | `array<table>` | List of enforced prefix rules. Each rule must include `pattern` and `decision`. |2963| `rules.prefix_rules` | `array<table>` | List of enforced prefix rules. Each rule must include `pattern` and `decision`. |

2246| `rules.prefix_rules[].decision` | `prompt | forbidden` | Required. Requirements rules can only prompt or forbid (not allow). |2964| `rules.prefix_rules[].decision` | `prompt | forbidden` | Required. Requirements rules can only prompt or forbid (not allow). |

2259 2977 

2260Details2978Details

2261 2979 

2262Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `reject`).2980Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `granular`).

2981 

2982Key

2983 

2984`allowed_approvals_reviewers`

2985 

2986Type / Values

2987 

2988`array<string>`

2989 

2990Details

2991 

2992Allowed values for `approvals_reviewer`, such as `user` and `auto_review`.

2263 2993 

2264Key2994Key

2265 2995 

2311 3041 

2312Key3042Key

2313 3043 

3044`guardian_policy_config`

3045 

3046Type / Values

3047 

3048`string`

3049 

3050Details

3051 

3052Managed Markdown policy instructions for automatic review. This takes precedence over local `[auto_review].policy`. Blank values are ignored.

3053 

3054Key

3055 

2314`mcp_servers`3056`mcp_servers`

2315 3057 

2316Type / Values3058Type / Values

2359 3101 

2360Key3102Key

2361 3103 

3104`permissions.filesystem.deny_read`

3105 

3106Type / Values

3107 

3108`array<string>`

3109 

3110Details

3111 

3112Admin-enforced filesystem read denials. Entries can be paths or glob patterns, and users cannot weaken them with local config.

3113 

3114Key

3115 

2362`rules`3116`rules`

2363 3117 

2364Type / Values3118Type / Values