SpyBara
Go Premium Account

config-reference.md Codex Docs, 2026-03-13 18:15 UTC → 2026-04-29 12:40 UTC

Inspect the documentation page or source diff for this selected snapshot comparison.

2026
13 Mar 2026, 18:15
19 May 2026, 11:58 18 May 2026, 22:01 14 May 2026, 21:00 14 May 2026, 07:00 13 May 2026, 00:57 12 May 2026, 01:59 11 May 2026, 18:00 7 May 2026, 20:02 7 May 2026, 17:08 5 May 2026, 23:00 2 May 2026, 06:45 2 May 2026, 00:48 1 May 2026, 18:29 30 Apr 2026, 18:36 29 Apr 2026, 12:40 29 Apr 2026, 00:50 25 Apr 2026, 06:37 25 Apr 2026, 00:42 24 Apr 2026, 18:20 24 Apr 2026, 12:28 23 Apr 2026, 18:31 23 Apr 2026, 12:28 23 Apr 2026, 00:46 22 Apr 2026, 18:29 22 Apr 2026, 00:42 21 Apr 2026, 18:29 21 Apr 2026, 12:30 21 Apr 2026, 06:45 20 Apr 2026, 18:26 20 Apr 2026, 06:53 18 Apr 2026, 18:18 17 Apr 2026, 00:44 16 Apr 2026, 18:31 16 Apr 2026, 00:46 15 Apr 2026, 18:31 15 Apr 2026, 06:44 14 Apr 2026, 18:31 14 Apr 2026, 12:29 13 Apr 2026, 18:37 13 Apr 2026, 00:44 12 Apr 2026, 06:38 10 Apr 2026, 18:23 9 Apr 2026, 00:33 8 Apr 2026, 18:32 8 Apr 2026, 00:40 7 Apr 2026, 00:40 2 Apr 2026, 18:23 31 Mar 2026, 06:35 31 Mar 2026, 00:39 28 Mar 2026, 06:26 28 Mar 2026, 00:36 27 Mar 2026, 18:23 27 Mar 2026, 00:39 26 Mar 2026, 18:27 25 Mar 2026, 18:24 23 Mar 2026, 18:22 20 Mar 2026, 00:35 18 Mar 2026, 12:23 18 Mar 2026, 00:36 17 Mar 2026, 18:24 17 Mar 2026, 00:33 16 Mar 2026, 18:25 16 Mar 2026, 12:23 14 Mar 2026, 00:32 13 Mar 2026, 18:15 13 Mar 2026, 00:34 11 Mar 2026, 00:31 9 Mar 2026, 00:34 8 Mar 2026, 18:10 8 Mar 2026, 00:35 7 Mar 2026, 18:10 7 Mar 2026, 06:14 7 Mar 2026, 00:33 6 Mar 2026, 00:38 5 Mar 2026, 18:41 5 Mar 2026, 06:22 5 Mar 2026, 00:34 4 Mar 2026, 18:18 4 Mar 2026, 06:20 3 Mar 2026, 18:20 3 Mar 2026, 00:35 27 Feb 2026, 18:15 24 Feb 2026, 06:27 24 Feb 2026, 00:33 23 Feb 2026, 18:27 21 Feb 2026, 00:33 20 Feb 2026, 12:16 19 Feb 2026, 20:53 19 Feb 2026, 20:37
29 Apr 2026, 12:40
19 May 2026, 11:58 18 May 2026, 22:01 14 May 2026, 21:00 14 May 2026, 07:00 13 May 2026, 00:57 12 May 2026, 01:59 11 May 2026, 18:00 7 May 2026, 20:02 7 May 2026, 17:08 5 May 2026, 23:00 2 May 2026, 06:45 2 May 2026, 00:48 1 May 2026, 18:29 30 Apr 2026, 18:36 29 Apr 2026, 12:40 29 Apr 2026, 00:50 25 Apr 2026, 06:37 25 Apr 2026, 00:42 24 Apr 2026, 18:20 24 Apr 2026, 12:28 23 Apr 2026, 18:31 23 Apr 2026, 12:28 23 Apr 2026, 00:46 22 Apr 2026, 18:29 22 Apr 2026, 00:42 21 Apr 2026, 18:29 21 Apr 2026, 12:30 21 Apr 2026, 06:45 20 Apr 2026, 18:26 20 Apr 2026, 06:53 18 Apr 2026, 18:18 17 Apr 2026, 00:44 16 Apr 2026, 18:31 16 Apr 2026, 00:46 15 Apr 2026, 18:31 15 Apr 2026, 06:44 14 Apr 2026, 18:31 14 Apr 2026, 12:29 13 Apr 2026, 18:37 13 Apr 2026, 00:44 12 Apr 2026, 06:38 10 Apr 2026, 18:23 9 Apr 2026, 00:33 8 Apr 2026, 18:32 8 Apr 2026, 00:40 7 Apr 2026, 00:40 2 Apr 2026, 18:23 31 Mar 2026, 06:35 31 Mar 2026, 00:39 28 Mar 2026, 06:26 28 Mar 2026, 00:36 27 Mar 2026, 18:23 27 Mar 2026, 00:39 26 Mar 2026, 18:27 25 Mar 2026, 18:24 23 Mar 2026, 18:22 20 Mar 2026, 00:35 18 Mar 2026, 12:23 18 Mar 2026, 00:36 17 Mar 2026, 18:24 17 Mar 2026, 00:33 16 Mar 2026, 18:25 16 Mar 2026, 12:23 14 Mar 2026, 00:32 13 Mar 2026, 18:15 13 Mar 2026, 00:34 11 Mar 2026, 00:31 9 Mar 2026, 00:34 8 Mar 2026, 18:10 8 Mar 2026, 00:35 7 Mar 2026, 18:10 7 Mar 2026, 06:14 7 Mar 2026, 00:33 6 Mar 2026, 00:38 5 Mar 2026, 18:41 5 Mar 2026, 06:22 5 Mar 2026, 00:34 4 Mar 2026, 18:18 4 Mar 2026, 06:20 3 Mar 2026, 18:20 3 Mar 2026, 00:35 27 Feb 2026, 18:15 24 Feb 2026, 06:27 24 Feb 2026, 00:33 23 Feb 2026, 18:27 21 Feb 2026, 00:33 20 Feb 2026, 12:16 19 Feb 2026, 20:53 19 Feb 2026, 20:37
Thu 2 18:23 Tue 7 00:40 Wed 8 00:40 Wed 8 18:32 Thu 9 00:33 Fri 10 18:23 Sun 12 06:38 Mon 13 00:44 Mon 13 18:37 Tue 14 12:29 Tue 14 18:31 Wed 15 06:44 Wed 15 18:31 Thu 16 00:46 Thu 16 18:31 Fri 17 00:44 Sat 18 18:18 Mon 20 06:53 Mon 20 18:26 Tue 21 06:45 Tue 21 12:30 Tue 21 18:29 Wed 22 00:42 Wed 22 18:29 Thu 23 00:46 Thu 23 12:28 Thu 23 18:31 Fri 24 12:28 Fri 24 18:20 Sat 25 00:42 Sat 25 06:37 Wed 29 00:50 Wed 29 12:40 Thu 30 18:36

config-reference.md +628 −277

Details

18| `agents.max_threads` | `number` | Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset. |18| `agents.max_threads` | `number` | Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset. |

19| `allow_login_shell` | `boolean` | Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells. |19| `allow_login_shell` | `boolean` | Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells. |

20| `analytics.enabled` | `boolean` | Enable or disable analytics for this machine/profile. When unset, the client default applies. |20| `analytics.enabled` | `boolean` | Enable or disable analytics for this machine/profile. When unset, the client default applies. |

21| `approval_policy` | `untrusted | on-request | never | { reject = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool } }` | Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { reject = { ... } }` to auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs. |21| `approval_policy` | `untrusted | on-request | never | { granular = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool, request_permissions = bool, skill_approval = bool } }` | Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { granular = { ... } }` to allow or auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs. |

22| `approval_policy.reject.mcp_elicitations` | `boolean` | When `true`, MCP elicitation prompts are auto-rejected instead of shown to the user. |22| `approval_policy.granular.mcp_elicitations` | `boolean` | When `true`, MCP elicitation prompts are allowed to surface instead of being auto-rejected. |

23| `approval_policy.reject.rules` | `boolean` | When `true`, approvals triggered by execpolicy `prompt` rules are auto-rejected. |23| `approval_policy.granular.request_permissions` | `boolean` | When `true`, prompts from the `request_permissions` tool are allowed to surface. |

24| `approval_policy.reject.sandbox_approval` | `boolean` | When `true`, sandbox escalation approval prompts are auto-rejected. |24| `approval_policy.granular.rules` | `boolean` | When `true`, approvals triggered by execpolicy `prompt` rules are allowed to surface. |

25| `approval_policy.granular.sandbox_approval` | `boolean` | When `true`, sandbox escalation approval prompts are allowed to surface. |

26| `approval_policy.granular.skill_approval` | `boolean` | When `true`, skill-script approval prompts are allowed to surface. |

27| `approvals_reviewer` | `user | auto_review` | Who reviews eligible approval prompts under `on-request` or granular approval policies. Defaults to `user`; `auto_review` uses the reviewer subagent. This setting doesn't change sandboxing or review actions already allowed inside the sandbox. |

25| `apps._default.destructive_enabled` | `boolean` | Default allow/deny for app tools with `destructive_hint = true`. |28| `apps._default.destructive_enabled` | `boolean` | Default allow/deny for app tools with `destructive_hint = true`. |

26| `apps._default.enabled` | `boolean` | Default app enabled state for all apps unless overridden per app. |29| `apps._default.enabled` | `boolean` | Default app enabled state for all apps unless overridden per app. |

27| `apps._default.open_world_enabled` | `boolean` | Default allow/deny for app tools with `open_world_hint = true`. |30| `apps._default.open_world_enabled` | `boolean` | Default allow/deny for app tools with `open_world_hint = true`. |

32| `apps.<id>.open_world_enabled` | `boolean` | Allow or block tools in this app that advertise `open_world_hint = true`. |35| `apps.<id>.open_world_enabled` | `boolean` | Allow or block tools in this app that advertise `open_world_hint = true`. |

33| `apps.<id>.tools.<tool>.approval_mode` | `auto | prompt | approve` | Per-tool approval behavior override for a single app tool. |36| `apps.<id>.tools.<tool>.approval_mode` | `auto | prompt | approve` | Per-tool approval behavior override for a single app tool. |

34| `apps.<id>.tools.<tool>.enabled` | `boolean` | Per-tool enabled override for an app tool (for example `repos/list`). |37| `apps.<id>.tools.<tool>.enabled` | `boolean` | Per-tool enabled override for an app tool (for example `repos/list`). |

38| `auto_review.policy` | `string` | Local Markdown policy instructions for automatic review. Managed `guardian_policy_config` takes precedence. Blank values are ignored. |

35| `background_terminal_max_timeout` | `number` | Maximum poll window in milliseconds for empty `write_stdin` polls (background terminal polling). Default: `300000` (5 minutes). Replaces the older `background_terminal_timeout` key. |39| `background_terminal_max_timeout` | `number` | Maximum poll window in milliseconds for empty `write_stdin` polls (background terminal polling). Default: `300000` (5 minutes). Replaces the older `background_terminal_timeout` key. |

36| `chatgpt_base_url` | `string` | Override the base URL used during the ChatGPT login flow. |40| `chatgpt_base_url` | `string` | Override the base URL used during the ChatGPT login flow. |

37| `check_for_update_on_startup` | `boolean` | Check for Codex updates on startup (set to false only when updates are centrally managed). |41| `check_for_update_on_startup` | `boolean` | Check for Codex updates on startup (set to false only when updates are centrally managed). |

38| `cli_auth_credentials_store` | `file | keyring | auto` | Control where the CLI stores cached credentials (file-based auth.json vs OS keychain). |42| `cli_auth_credentials_store` | `file | keyring | auto` | Control where the CLI stores cached credentials (file-based auth.json vs OS keychain). |

39| `commit_attribution` | `string` | Override the commit co-author trailer text. Set an empty string to disable automatic attribution. |43| `commit_attribution` | `string` | Override the commit co-author trailer text. Set an empty string to disable automatic attribution. |

40| `compact_prompt` | `string` | Inline override for the history compaction prompt. |44| `compact_prompt` | `string` | Inline override for the history compaction prompt. |

45| `default_permissions` | `string` | Name of the default permissions profile to apply to sandboxed tool calls. |

41| `developer_instructions` | `string` | Additional developer instructions injected into the session (optional). |46| `developer_instructions` | `string` | Additional developer instructions injected into the session (optional). |

42| `disable_paste_burst` | `boolean` | Disable burst-paste detection in the TUI. |47| `disable_paste_burst` | `boolean` | Disable burst-paste detection in the TUI. |

43| `experimental_compact_prompt_file` | `string (path)` | Load the compaction prompt override from a file (experimental). |48| `experimental_compact_prompt_file` | `string (path)` | Load the compaction prompt override from a file (experimental). |

44| `experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`. |49| `experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`. |

45| `features.apps` | `boolean` | Enable ChatGPT Apps/connectors support (experimental). |50| `features.apps` | `boolean` | Enable ChatGPT Apps/connectors support (experimental). |

46| `features.apps_mcp_gateway` | `boolean` | Route Apps MCP calls through the OpenAI connectors MCP gateway (`https://api.openai.com/v1/connectors/mcp/`) instead of legacy routing (experimental). |51| `features.codex_hooks` | `boolean` | Enable lifecycle hooks loaded from `hooks.json` or inline `[hooks]` config. |

47| `features.artifact` | `boolean` | Enable native artifact tools such as slides and spreadsheets (under development). |

48| `features.child_agents_md` | `boolean` | Append AGENTS.md scope/precedence guidance even when no AGENTS.md is present (experimental). |

49| `features.collaboration_modes` | `boolean` | Legacy toggle for collaboration modes. Plan and default modes are available in current builds without setting this key. |

50| `features.default_mode_request_user_input` | `boolean` | Allow `request_user_input` in default collaboration mode (under development; off by default). |

51| `features.elevated_windows_sandbox` | `boolean` | Legacy toggle for an earlier elevated Windows sandbox rollout. Current builds do not use it. |

52| `features.enable_request_compression` | `boolean` | Compress streaming request bodies with zstd when supported (stable; on by default). |52| `features.enable_request_compression` | `boolean` | Compress streaming request bodies with zstd when supported (stable; on by default). |

53| `features.experimental_windows_sandbox` | `boolean` | Legacy toggle for an earlier Windows sandbox rollout. Current builds do not use it. |

54| `features.fast_mode` | `boolean` | Enable Fast mode selection and the `service_tier = "fast"` path (stable; on by default). |53| `features.fast_mode` | `boolean` | Enable Fast mode selection and the `service_tier = "fast"` path (stable; on by default). |

55| `features.image_detail_original` | `boolean` | Allow image outputs with `detail = "original"` on supported models (under development). |54| `features.memories` | `boolean` | Enable [Memories](https://developers.openai.com/codex/memories) (off by default). |

56| `features.image_generation` | `boolean` | Enable the built-in image generation tool (under development). |55| `features.multi_agent` | `boolean` | Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait_agent`, and `close_agent`) (stable; on by default). |

57| `features.multi_agent` | `boolean` | Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait`, `close_agent`, and `spawn_agents_on_csv`) (experimental; off by default). |

58| `features.personality` | `boolean` | Enable personality selection controls (stable; on by default). |56| `features.personality` | `boolean` | Enable personality selection controls (stable; on by default). |

59| `features.powershell_utf8` | `boolean` | Force PowerShell UTF-8 output. Enabled by default on Windows and off elsewhere. |

60| `features.prevent_idle_sleep` | `boolean` | Prevent the machine from sleeping while a turn is actively running (experimental; off by default). |57| `features.prevent_idle_sleep` | `boolean` | Prevent the machine from sleeping while a turn is actively running (experimental; off by default). |

61| `features.remote_models` | `boolean` | Legacy toggle for an older remote-model readiness flow. Current builds do not use it. |

62| `features.request_rule` | `boolean` | Legacy toggle for Smart approvals. Current builds include this behavior by default, so most users can leave this unset. |

63| `features.responses_websockets` | `boolean` | Prefer the Responses API WebSocket transport for supported providers (under development). |

64| `features.responses_websockets_v2` | `boolean` | Enable Responses API WebSocket v2 mode (under development). |

65| `features.runtime_metrics` | `boolean` | Show runtime metrics summary in TUI turn separators (experimental). |

66| `features.search_tool` | `boolean` | Legacy toggle for an older Apps discovery flow. Current builds do not use it. |

67| `features.shell_snapshot` | `boolean` | Snapshot shell environment to speed up repeated commands (stable; on by default). |58| `features.shell_snapshot` | `boolean` | Snapshot shell environment to speed up repeated commands (stable; on by default). |

68| `features.shell_tool` | `boolean` | Enable the default `shell` tool for running commands (stable; on by default). |59| `features.shell_tool` | `boolean` | Enable the default `shell` tool for running commands (stable; on by default). |

69| `features.skill_env_var_dependency_prompt` | `boolean` | Prompt for missing skill environment-variable dependencies (under development). |

70| `features.skill_mcp_dependency_install` | `boolean` | Allow prompting and installing missing MCP dependencies for skills (stable; on by default). |60| `features.skill_mcp_dependency_install` | `boolean` | Allow prompting and installing missing MCP dependencies for skills (stable; on by default). |

71| `features.sqlite` | `boolean` | Enable SQLite-backed state persistence (stable; on by default). |

72| `features.steer` | `boolean` | Legacy toggle from an earlier Enter/Tab steering rollout. Current builds always use the current steering behavior. |

73| `features.undo` | `boolean` | Enable undo support (stable; off by default). |61| `features.undo` | `boolean` | Enable undo support (stable; off by default). |

74| `features.unified_exec` | `boolean` | Use the unified PTY-backed exec tool (stable; enabled by default except on Windows). |62| `features.unified_exec` | `boolean` | Use the unified PTY-backed exec tool (stable; enabled by default except on Windows). |

75| `features.use_linux_sandbox_bwrap` | `boolean` | Use the bubblewrap-based Linux sandbox pipeline (experimental; off by default). |

76| `features.web_search` | `boolean` | Deprecated legacy toggle; prefer the top-level `web_search` setting. |63| `features.web_search` | `boolean` | Deprecated legacy toggle; prefer the top-level `web_search` setting. |

77| `features.web_search_cached` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`. |64| `features.web_search_cached` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`. |

78| `features.web_search_request` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`. |65| `features.web_search_request` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`. |

83| `hide_agent_reasoning` | `boolean` | Suppress reasoning events in both the TUI and `codex exec` output. |70| `hide_agent_reasoning` | `boolean` | Suppress reasoning events in both the TUI and `codex exec` output. |

84| `history.max_bytes` | `number` | If set, caps the history file size in bytes by dropping oldest entries. |71| `history.max_bytes` | `number` | If set, caps the history file size in bytes by dropping oldest entries. |

85| `history.persistence` | `save-all | none` | Control whether Codex saves session transcripts to history.jsonl. |72| `history.persistence` | `save-all | none` | Control whether Codex saves session transcripts to history.jsonl. |

73| `hooks` | `table` | Lifecycle hooks configured inline in `config.toml`. Uses the same event schema as `hooks.json`; see the Hooks guide for examples and supported events. |

86| `instructions` | `string` | Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`. |74| `instructions` | `string` | Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`. |

87| `log_dir` | `string (path)` | Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`. |75| `log_dir` | `string (path)` | Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`. |

88| `mcp_oauth_callback_port` | `integer` | Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS. |76| `mcp_oauth_callback_port` | `integer` | Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS. |

97| `mcp_servers.<id>.enabled_tools` | `array<string>` | Allow list of tool names exposed by the MCP server. |85| `mcp_servers.<id>.enabled_tools` | `array<string>` | Allow list of tool names exposed by the MCP server. |

98| `mcp_servers.<id>.env` | `map<string,string>` | Environment variables forwarded to the MCP stdio server. |86| `mcp_servers.<id>.env` | `map<string,string>` | Environment variables forwarded to the MCP stdio server. |

99| `mcp_servers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables for an MCP HTTP server. |87| `mcp_servers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables for an MCP HTTP server. |

100| `mcp_servers.<id>.env_vars` | `array<string>` | Additional environment variables to whitelist for an MCP stdio server. |88| `mcp_servers.<id>.env_vars` | `array<string | { name = string, source = "local" | "remote" }>` | Additional environment variables to whitelist for an MCP stdio server. String entries default to `source = "local"`; use `source = "remote"` only with executor-backed remote stdio. |

89| `mcp_servers.<id>.experimental_environment` | `local | remote` | Experimental placement for an MCP server. `remote` starts stdio servers through a remote executor environment; streamable HTTP remote placement is not implemented. |

101| `mcp_servers.<id>.http_headers` | `map<string,string>` | Static HTTP headers included with each MCP HTTP request. |90| `mcp_servers.<id>.http_headers` | `map<string,string>` | Static HTTP headers included with each MCP HTTP request. |

102| `mcp_servers.<id>.oauth_resource` | `string` | Optional RFC 8707 OAuth resource parameter to include during MCP login. |91| `mcp_servers.<id>.oauth_resource` | `string` | Optional RFC 8707 OAuth resource parameter to include during MCP login. |

103| `mcp_servers.<id>.required` | `boolean` | When true, fail startup/resume if this enabled MCP server cannot initialize. |92| `mcp_servers.<id>.required` | `boolean` | When true, fail startup/resume if this enabled MCP server cannot initialize. |

106| `mcp_servers.<id>.startup_timeout_sec` | `number` | Override the default 10s startup timeout for an MCP server. |95| `mcp_servers.<id>.startup_timeout_sec` | `number` | Override the default 10s startup timeout for an MCP server. |

107| `mcp_servers.<id>.tool_timeout_sec` | `number` | Override the default 60s per-tool timeout for an MCP server. |96| `mcp_servers.<id>.tool_timeout_sec` | `number` | Override the default 60s per-tool timeout for an MCP server. |

108| `mcp_servers.<id>.url` | `string` | Endpoint for an MCP streamable HTTP server. |97| `mcp_servers.<id>.url` | `string` | Endpoint for an MCP streamable HTTP server. |

109| `model` | `string` | Model to use (e.g., `gpt-5-codex`). |98| `memories.consolidation_model` | `string` | Optional model override for global memory consolidation. |

99| `memories.disable_on_external_context` | `boolean` | When `true`, threads that use external context such as MCP tool calls, web search, or tool search are kept out of memory generation. Defaults to `false`. Legacy alias: `memories.no_memories_if_mcp_or_web_search`. |

100| `memories.extract_model` | `string` | Optional model override for per-thread memory extraction. |

101| `memories.generate_memories` | `boolean` | When `false`, newly created threads are not stored as memory-generation inputs. Defaults to `true`. |

102| `memories.max_raw_memories_for_consolidation` | `number` | Maximum recent raw memories retained for global consolidation. Defaults to `256` and is capped at `4096`. |

103| `memories.max_rollout_age_days` | `number` | Maximum age of threads considered for memory generation. Defaults to `30` and is clamped to `0`-`90`. |

104| `memories.max_rollouts_per_startup` | `number` | Maximum rollout candidates processed per startup pass. Defaults to `16` and is capped at `128`. |

105| `memories.max_unused_days` | `number` | Maximum days since a memory was last used before it becomes ineligible for consolidation. Defaults to `30` and is clamped to `0`-`365`. |

106| `memories.min_rate_limit_remaining_percent` | `number` | Minimum remaining percentage required in Codex rate-limit windows before memory generation starts. Defaults to `25` and is clamped to `0`-`100`. |

107| `memories.min_rollout_idle_hours` | `number` | Minimum idle time before a thread is considered for memory generation. Defaults to `6` and is clamped to `1`-`48`. |

108| `memories.use_memories` | `boolean` | When `false`, Codex skips injecting existing memories into future sessions. Defaults to `true`. |

109| `model` | `string` | Model to use (e.g., `gpt-5.5`). |

110| `model_auto_compact_token_limit` | `number` | Token threshold that triggers automatic history compaction (unset uses model defaults). |110| `model_auto_compact_token_limit` | `number` | Token threshold that triggers automatic history compaction (unset uses model defaults). |

111| `model_catalog_json` | `string (path)` | Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile. |111| `model_catalog_json` | `string (path)` | Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile. |

112| `model_context_window` | `number` | Context window tokens available to the active model. |112| `model_context_window` | `number` | Context window tokens available to the active model. |

113| `model_instructions_file` | `string (path)` | Replacement for built-in instructions instead of `AGENTS.md`. |113| `model_instructions_file` | `string (path)` | Replacement for built-in instructions instead of `AGENTS.md`. |

114| `model_provider` | `string` | Provider id from `model_providers` (default: `openai`). |114| `model_provider` | `string` | Provider id from `model_providers` (default: `openai`). |

115| `model_providers.<id>` | `table` | Custom provider definition. Built-in provider IDs (`openai`, `ollama`, and `lmstudio`) are reserved and cannot be overridden. |

116| `model_providers.<id>.auth` | `table` | Command-backed bearer token configuration for a custom provider. Do not combine with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`. |

117| `model_providers.<id>.auth.args` | `array<string>` | Arguments passed to the token command. |

118| `model_providers.<id>.auth.command` | `string` | Command to run when Codex needs a bearer token. The command must print the token to stdout. |

119| `model_providers.<id>.auth.cwd` | `string (path)` | Working directory for the token command. |

120| `model_providers.<id>.auth.refresh_interval_ms` | `number` | How often Codex proactively refreshes the token in milliseconds (default: 300000). Set to `0` to refresh only after an authentication retry. |

121| `model_providers.<id>.auth.timeout_ms` | `number` | Maximum token command runtime in milliseconds (default: 5000). |

115| `model_providers.<id>.base_url` | `string` | API base URL for the model provider. |122| `model_providers.<id>.base_url` | `string` | API base URL for the model provider. |

116| `model_providers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables when present. |123| `model_providers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables when present. |

117| `model_providers.<id>.env_key` | `string` | Environment variable supplying the provider API key. |124| `model_providers.<id>.env_key` | `string` | Environment variable supplying the provider API key. |

137| `notice.hide_world_writable_warning` | `boolean` | Track acknowledgement of the Windows world-writable directories warning. |144| `notice.hide_world_writable_warning` | `boolean` | Track acknowledgement of the Windows world-writable directories warning. |

138| `notice.model_migrations` | `map<string,string>` | Track acknowledged model migrations as old->new mappings. |145| `notice.model_migrations` | `map<string,string>` | Track acknowledged model migrations as old->new mappings. |

139| `notify` | `array<string>` | Command invoked for notifications; receives a JSON payload from Codex. |146| `notify` | `array<string>` | Command invoked for notifications; receives a JSON payload from Codex. |

147| `openai_base_url` | `string` | Base URL override for the built-in `openai` model provider. |

140| `oss_provider` | `lmstudio | ollama` | Default local provider used when running with `--oss` (defaults to prompting if unset). |148| `oss_provider` | `lmstudio | ollama` | Default local provider used when running with `--oss` (defaults to prompting if unset). |

141| `otel.environment` | `string` | Environment tag applied to emitted OpenTelemetry events (default: `dev`). |149| `otel.environment` | `string` | Environment tag applied to emitted OpenTelemetry events (default: `dev`). |

142| `otel.exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry exporter and provide any endpoint metadata. |150| `otel.exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry exporter and provide any endpoint metadata. |

155| `otel.trace_exporter.<id>.tls.ca-certificate` | `string` | CA certificate path for OTEL trace exporter TLS. |163| `otel.trace_exporter.<id>.tls.ca-certificate` | `string` | CA certificate path for OTEL trace exporter TLS. |

156| `otel.trace_exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL trace exporter TLS. |164| `otel.trace_exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL trace exporter TLS. |

157| `otel.trace_exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL trace exporter TLS. |165| `otel.trace_exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL trace exporter TLS. |

158| `permissions.network.admin_url` | `string` | Admin endpoint for the managed network proxy. |166| `permissions.<name>.filesystem` | `table` | Named filesystem permission profile. Each key is an absolute path or special token such as `:minimal` or `:project_roots`. |

159| `permissions.network.allow_local_binding` | `boolean` | Permit local bind/listen operations through the managed proxy. |167| `permissions.<name>.filesystem.":project_roots".<subpath-or-glob>` | `"read" | "write" | "none"` | Scoped filesystem access relative to the detected project roots. Use `"."` for the root itself; glob subpaths such as `"**/*.env"` can deny reads with `"none"`. |

160| `permissions.network.allow_unix_sockets` | `array<string>` | Allowlist of Unix socket paths permitted through the managed proxy. |168| `permissions.<name>.filesystem.<path-or-glob>` | `"read" | "write" | "none" | table` | Grant direct access for a path, glob pattern, or special token, or scope nested entries under that root. Use `"none"` to deny reads for matching paths. |

161| `permissions.network.allow_upstream_proxy` | `boolean` | Allow the managed proxy to chain to another upstream proxy. |169| `permissions.<name>.filesystem.glob_scan_max_depth` | `number` | Maximum depth for expanding deny-read glob patterns on platforms that snapshot matches before sandbox startup. Must be at least `1` when set. |

162| `permissions.network.allowed_domains` | `array<string>` | Allowlist of domains permitted through the managed proxy. |170| `permissions.<name>.network.allow_local_binding` | `boolean` | Permit local bind/listen operations through the managed proxy. |

163| `permissions.network.dangerously_allow_all_unix_sockets` | `boolean` | Allow the proxy to use arbitrary Unix sockets instead of the default restricted set. |171| `permissions.<name>.network.allow_upstream_proxy` | `boolean` | Allow the managed proxy to chain to another upstream proxy. |

164| `permissions.network.dangerously_allow_non_loopback_admin` | `boolean` | Permit non-loopback bind addresses for the managed proxy admin listener. |172| `permissions.<name>.network.dangerously_allow_all_unix_sockets` | `boolean` | Allow the proxy to use arbitrary Unix sockets instead of the default restricted set. |

165| `permissions.network.dangerously_allow_non_loopback_proxy` | `boolean` | Permit non-loopback bind addresses for the managed proxy listener. |173| `permissions.<name>.network.dangerously_allow_non_loopback_proxy` | `boolean` | Permit non-loopback bind addresses for the managed proxy listener. |

166| `permissions.network.denied_domains` | `array<string>` | Denylist of domains blocked by the managed proxy. |174| `permissions.<name>.network.domains` | `map<string, allow | deny>` | Domain rules for the managed proxy. Use domain names or wildcard patterns as keys, with `allow` or `deny` values. |

167| `permissions.network.enable_socks5` | `boolean` | Expose a SOCKS5 listener from the managed network proxy. |175| `permissions.<name>.network.enable_socks5` | `boolean` | Expose a SOCKS5 listener when this permissions profile enables the managed network proxy. |

168| `permissions.network.enable_socks5_udp` | `boolean` | Allow UDP over the SOCKS5 listener when enabled. |176| `permissions.<name>.network.enable_socks5_udp` | `boolean` | Allow UDP over the SOCKS5 listener when enabled. |

169| `permissions.network.enabled` | `boolean` | Enable the managed network proxy configuration for subprocesses. |177| `permissions.<name>.network.enabled` | `boolean` | Enable network access for this named permissions profile. |

170| `permissions.network.mode` | `limited | full` | Network proxy mode used for subprocess traffic. |178| `permissions.<name>.network.mode` | `limited | full` | Network proxy mode used for subprocess traffic. |

171| `permissions.network.proxy_url` | `string` | HTTP proxy endpoint used by the managed network proxy. |179| `permissions.<name>.network.proxy_url` | `string` | HTTP proxy endpoint used when this permissions profile enables the managed network proxy. |

172| `permissions.network.socks_url` | `string` | SOCKS5 proxy endpoint used by the managed network proxy. |180| `permissions.<name>.network.socks_url` | `string` | SOCKS5 proxy endpoint used by this permissions profile. |

181| `permissions.<name>.network.unix_sockets` | `map<string, allow | none>` | Unix socket rules for the managed proxy. Use socket paths as keys, with `allow` or `none` values. |

173| `personality` | `none | friendly | pragmatic` | Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`. |182| `personality` | `none | friendly | pragmatic` | Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`. |

174| `plan_mode_reasoning_effort` | `none | minimal | low | medium | high | xhigh` | Plan-mode-specific reasoning override. When unset, Plan mode uses its built-in preset default. |183| `plan_mode_reasoning_effort` | `none | minimal | low | medium | high | xhigh` | Plan-mode-specific reasoning override. When unset, Plan mode uses its built-in preset default. |

175| `profile` | `string` | Default profile applied at startup (equivalent to `--profile`). |184| `profile` | `string` | Default profile applied at startup (equivalent to `--profile`). |

188| `project_doc_fallback_filenames` | `array<string>` | Additional filenames to try when `AGENTS.md` is missing. |197| `project_doc_fallback_filenames` | `array<string>` | Additional filenames to try when `AGENTS.md` is missing. |

189| `project_doc_max_bytes` | `number` | Maximum bytes read from `AGENTS.md` when building project instructions. |198| `project_doc_max_bytes` | `number` | Maximum bytes read from `AGENTS.md` when building project instructions. |

190| `project_root_markers` | `array<string>` | List of project root marker filenames; used when searching parent directories for the project root. |199| `project_root_markers` | `array<string>` | List of project root marker filenames; used when searching parent directories for the project root. |

191| `projects.<path>.trust_level` | `string` | Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers. |200| `projects.<path>.trust_level` | `string` | Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers, including project-local config, hooks, and rules. |

192| `review_model` | `string` | Optional model override used by `/review` (defaults to the current session model). |201| `review_model` | `string` | Optional model override used by `/review` (defaults to the current session model). |

193| `sandbox_mode` | `read-only | workspace-write | danger-full-access` | Sandbox policy for filesystem and network access during command execution. |202| `sandbox_mode` | `read-only | workspace-write | danger-full-access` | Sandbox policy for filesystem and network access during command execution. |

194| `sandbox_workspace_write.exclude_slash_tmp` | `boolean` | Exclude `/tmp` from writable roots in workspace-write mode. |203| `sandbox_workspace_write.exclude_slash_tmp` | `boolean` | Exclude `/tmp` from writable roots in workspace-write mode. |

195| `sandbox_workspace_write.exclude_tmpdir_env_var` | `boolean` | Exclude `$TMPDIR` from writable roots in workspace-write mode. |204| `sandbox_workspace_write.exclude_tmpdir_env_var` | `boolean` | Exclude `$TMPDIR` from writable roots in workspace-write mode. |

196| `sandbox_workspace_write.network_access` | `boolean` | Allow outbound network access inside the workspace-write sandbox. |205| `sandbox_workspace_write.network_access` | `boolean` | Allow outbound network access inside the workspace-write sandbox. |

197| `sandbox_workspace_write.writable_roots` | `array<string>` | Additional writable roots when `sandbox_mode = "workspace-write"`. |206| `sandbox_workspace_write.writable_roots` | `array<string>` | Additional writable roots when `sandbox_mode = "workspace-write"`. |

198| `service_tier` | `flex | fast` | Preferred service tier for new turns. `fast` is honored only when the `features.fast_mode` gate is enabled. |207| `service_tier` | `flex | fast` | Preferred service tier for new turns. |

199| `shell_environment_policy.exclude` | `array<string>` | Glob patterns for removing environment variables after the defaults. |208| `shell_environment_policy.exclude` | `array<string>` | Glob patterns for removing environment variables after the defaults. |

200| `shell_environment_policy.experimental_use_profile` | `boolean` | Use the user shell profile when spawning subprocesses. |209| `shell_environment_policy.experimental_use_profile` | `boolean` | Use the user shell profile when spawning subprocesses. |

201| `shell_environment_policy.ignore_default_excludes` | `boolean` | Keep variables containing KEY/SECRET/TOKEN before other filters run. |210| `shell_environment_policy.ignore_default_excludes` | `boolean` | Keep variables containing KEY/SECRET/TOKEN before other filters run. |

209| `sqlite_home` | `string (path)` | Directory where Codex stores the SQLite-backed state DB used by agent jobs and other resumable runtime state. |218| `sqlite_home` | `string (path)` | Directory where Codex stores the SQLite-backed state DB used by agent jobs and other resumable runtime state. |

210| `suppress_unstable_features_warning` | `boolean` | Suppress the warning that appears when under-development feature flags are enabled. |219| `suppress_unstable_features_warning` | `boolean` | Suppress the warning that appears when under-development feature flags are enabled. |

211| `tool_output_token_limit` | `number` | Token budget for storing individual tool/function outputs in history. |220| `tool_output_token_limit` | `number` | Token budget for storing individual tool/function outputs in history. |

221| `tool_suggest.discoverables` | `array<table>` | Allow tool suggestions for additional discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`. |

212| `tools.view_image` | `boolean` | Enable the local-image attachment tool `view_image`. |222| `tools.view_image` | `boolean` | Enable the local-image attachment tool `view_image`. |

213| `tools.web_search` | `boolean` | Deprecated legacy toggle for web search; prefer the top-level `web_search` setting. |223| `tools.web_search` | `boolean | { context_size = "low|medium|high", allowed_domains = [string], location = { country, region, city, timezone } }` | Optional web search tool configuration. The legacy boolean form is still accepted, but the object form lets you set search context size, allowed domains, and approximate user location. |

214| `tui` | `table` | TUI-specific options such as enabling inline desktop notifications. |224| `tui` | `table` | TUI-specific options such as enabling inline desktop notifications. |

215| `tui.alternate_screen` | `auto | always | never` | Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback). |225| `tui.alternate_screen` | `auto | always | never` | Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback). |

216| `tui.animations` | `boolean` | Enable terminal animations (welcome screen, shimmer, spinner) (default: true). |226| `tui.animations` | `boolean` | Enable terminal animations (welcome screen, shimmer, spinner) (default: true). |

217| `tui.model_availability_nux.<model>` | `integer` | Internal startup-tooltip state keyed by model slug. |227| `tui.model_availability_nux.<model>` | `integer` | Internal startup-tooltip state keyed by model slug. |

218| `tui.notification_method` | `auto | osc9 | bel` | Notification method for unfocused terminal notifications (default: auto). |228| `tui.notification_condition` | `unfocused | always` | Control whether TUI notifications fire only when the terminal is unfocused or regardless of focus. Defaults to `unfocused`. |

229| `tui.notification_method` | `auto | osc9 | bel` | Notification method for terminal notifications (default: auto). |

219| `tui.notifications` | `boolean | array<string>` | Enable TUI notifications; optionally restrict to specific event types. |230| `tui.notifications` | `boolean | array<string>` | Enable TUI notifications; optionally restrict to specific event types. |

220| `tui.show_tooltips` | `boolean` | Show onboarding tooltips in the TUI welcome screen (default: true). |231| `tui.show_tooltips` | `boolean` | Show onboarding tooltips in the TUI welcome screen (default: true). |

221| `tui.status_line` | `array<string> | null` | Ordered list of TUI footer status-line item identifiers. `null` disables the status line. |232| `tui.status_line` | `array<string> | null` | Ordered list of TUI footer status-line item identifiers. `null` disables the status line. |

233| `tui.terminal_title` | `array<string> | null` | Ordered list of terminal window/tab title item identifiers. Defaults to `["spinner", "project"]`; `null` disables title updates. |

222| `tui.theme` | `string` | Syntax-highlighting theme override (kebab-case theme name). |234| `tui.theme` | `string` | Syntax-highlighting theme override (kebab-case theme name). |

223| `web_search` | `disabled | cached | live` | Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool. |235| `web_search` | `disabled | cached | live` | Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool. |

224| `windows_wsl_setup_acknowledged` | `boolean` | Track Windows onboarding acknowledgement (Windows only). |236| `windows_wsl_setup_acknowledged` | `boolean` | Track Windows onboarding acknowledgement (Windows only). |

225| `windows.sandbox` | `unelevated | elevated` | Windows-only native sandbox mode when running Codex natively on Windows. |237| `windows.sandbox` | `unelevated | elevated` | Windows-only native sandbox mode when running Codex natively on Windows. |

238| `windows.sandbox_private_desktop` | `boolean` | Run the final sandboxed child process on a private desktop by default on native Windows. Set `false` only for compatibility with the older `Winsta0\\Default` behavior. |

226 239 

227Key240Key

228 241 

326 339 

327Type / Values340Type / Values

328 341 

329`untrusted | on-request | never | { reject = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool } }`342`untrusted | on-request | never | { granular = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool, request_permissions = bool, skill_approval = bool } }`

330 343 

331Details344Details

332 345 

333Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { reject = { ... } }` to auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs.346Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { granular = { ... } }` to allow or auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs.

334 347 

335Key348Key

336 349 

337`approval_policy.reject.mcp_elicitations`350`approval_policy.granular.mcp_elicitations`

338 351 

339Type / Values352Type / Values

340 353 

342 355 

343Details356Details

344 357 

345When `true`, MCP elicitation prompts are auto-rejected instead of shown to the user.358When `true`, MCP elicitation prompts are allowed to surface instead of being auto-rejected.

346 359 

347Key360Key

348 361 

349`approval_policy.reject.rules`362`approval_policy.granular.request_permissions`

350 363 

351Type / Values364Type / Values

352 365 

354 367 

355Details368Details

356 369 

357When `true`, approvals triggered by execpolicy `prompt` rules are auto-rejected.370When `true`, prompts from the `request_permissions` tool are allowed to surface.

358 371 

359Key372Key

360 373 

361`approval_policy.reject.sandbox_approval`374`approval_policy.granular.rules`

362 375 

363Type / Values376Type / Values

364 377 

366 379 

367Details380Details

368 381 

369When `true`, sandbox escalation approval prompts are auto-rejected.382When `true`, approvals triggered by execpolicy `prompt` rules are allowed to surface.

383 

384Key

385 

386`approval_policy.granular.sandbox_approval`

387 

388Type / Values

389 

390`boolean`

391 

392Details

393 

394When `true`, sandbox escalation approval prompts are allowed to surface.

395 

396Key

397 

398`approval_policy.granular.skill_approval`

399 

400Type / Values

401 

402`boolean`

403 

404Details

405 

406When `true`, skill-script approval prompts are allowed to surface.

407 

408Key

409 

410`approvals_reviewer`

411 

412Type / Values

413 

414`user | auto_review`

415 

416Details

417 

418Who reviews eligible approval prompts under `on-request` or granular approval policies. Defaults to `user`; `auto_review` uses the reviewer subagent. This setting doesn't change sandboxing or review actions already allowed inside the sandbox.

370 419 

371Key420Key

372 421 

490 539 

491Key540Key

492 541 

542`auto_review.policy`

543 

544Type / Values

545 

546`string`

547 

548Details

549 

550Local Markdown policy instructions for automatic review. Managed `guardian_policy_config` takes precedence. Blank values are ignored.

551 

552Key

553 

493`background_terminal_max_timeout`554`background_terminal_max_timeout`

494 555 

495Type / Values556Type / Values

562 623 

563Key624Key

564 625 

626`default_permissions`

627 

628Type / Values

629 

630`string`

631 

632Details

633 

634Name of the default permissions profile to apply to sandboxed tool calls.

635 

636Key

637 

565`developer_instructions`638`developer_instructions`

566 639 

567Type / Values640Type / Values

622 695 

623Key696Key

624 697 

625`features.apps_mcp_gateway`698`features.codex_hooks`

626 699 

627Type / Values700Type / Values

628 701 

630 703 

631Details704Details

632 705 

633Route Apps MCP calls through the OpenAI connectors MCP gateway (`https://api.openai.com/v1/connectors/mcp/`) instead of legacy routing (experimental).706Enable lifecycle hooks loaded from `hooks.json` or inline `[hooks]` config.

634 707 

635Key708Key

636 709 

637`features.artifact`710`features.enable_request_compression`

638 711 

639Type / Values712Type / Values

640 713 

642 715 

643Details716Details

644 717 

645Enable native artifact tools such as slides and spreadsheets (under development).718Compress streaming request bodies with zstd when supported (stable; on by default).

646 719 

647Key720Key

648 721 

649`features.child_agents_md`722`features.fast_mode`

650 723 

651Type / Values724Type / Values

652 725 

654 727 

655Details728Details

656 729 

657Append AGENTS.md scope/precedence guidance even when no AGENTS.md is present (experimental).730Enable Fast mode selection and the `service_tier = "fast"` path (stable; on by default).

658 731 

659Key732Key

660 733 

661`features.collaboration_modes`734`features.memories`

662 735 

663Type / Values736Type / Values

664 737 

666 739 

667Details740Details

668 741 

669Legacy toggle for collaboration modes. Plan and default modes are available in current builds without setting this key.742Enable [Memories](https://developers.openai.com/codex/memories) (off by default).

670 743 

671Key744Key

672 745 

673`features.default_mode_request_user_input`746`features.multi_agent`

674 747 

675Type / Values748Type / Values

676 749 

678 751 

679Details752Details

680 753 

681Allow `request_user_input` in default collaboration mode (under development; off by default).754Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait_agent`, and `close_agent`) (stable; on by default).

682 755 

683Key756Key

684 757 

685`features.elevated_windows_sandbox`758`features.personality`

686 759 

687Type / Values760Type / Values

688 761 

690 763 

691Details764Details

692 765 

693Legacy toggle for an earlier elevated Windows sandbox rollout. Current builds do not use it.766Enable personality selection controls (stable; on by default).

694 767 

695Key768Key

696 769 

697`features.enable_request_compression`770`features.prevent_idle_sleep`

698 771 

699Type / Values772Type / Values

700 773 

702 775 

703Details776Details

704 777 

705Compress streaming request bodies with zstd when supported (stable; on by default).778Prevent the machine from sleeping while a turn is actively running (experimental; off by default).

706 779 

707Key780Key

708 781 

709`features.experimental_windows_sandbox`782`features.shell_snapshot`

710 783 

711Type / Values784Type / Values

712 785 

714 787 

715Details788Details

716 789 

717Legacy toggle for an earlier Windows sandbox rollout. Current builds do not use it.790Snapshot shell environment to speed up repeated commands (stable; on by default).

718 791 

719Key792Key

720 793 

721`features.fast_mode`794`features.shell_tool`

722 795 

723Type / Values796Type / Values

724 797 

726 799 

727Details800Details

728 801 

729Enable Fast mode selection and the `service_tier = "fast"` path (stable; on by default).802Enable the default `shell` tool for running commands (stable; on by default).

730 803 

731Key804Key

732 805 

733`features.image_detail_original`806`features.skill_mcp_dependency_install`

734 807 

735Type / Values808Type / Values

736 809 

738 811 

739Details812Details

740 813 

741Allow image outputs with `detail = "original"` on supported models (under development).814Allow prompting and installing missing MCP dependencies for skills (stable; on by default).

742 815 

743Key816Key

744 817 

745`features.image_generation`818`features.undo`

746 819 

747Type / Values820Type / Values

748 821 

750 823 

751Details824Details

752 825 

753Enable the built-in image generation tool (under development).826Enable undo support (stable; off by default).

754 827 

755Key828Key

756 829 

757`features.multi_agent`830`features.unified_exec`

758 831 

759Type / Values832Type / Values

760 833 

762 835 

763Details836Details

764 837 

765Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait`, `close_agent`, and `spawn_agents_on_csv`) (experimental; off by default).838Use the unified PTY-backed exec tool (stable; enabled by default except on Windows).

766 839 

767Key840Key

768 841 

769`features.personality`842`features.web_search`

770 843 

771Type / Values844Type / Values

772 845 

774 847 

775Details848Details

776 849 

777Enable personality selection controls (stable; on by default).850Deprecated legacy toggle; prefer the top-level `web_search` setting.

778 851 

779Key852Key

780 853 

781`features.powershell_utf8`854`features.web_search_cached`

782 855 

783Type / Values856Type / Values

784 857 

786 859 

787Details860Details

788 861 

789Force PowerShell UTF-8 output. Enabled by default on Windows and off elsewhere.862Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`.

790 863 

791Key864Key

792 865 

793`features.prevent_idle_sleep`866`features.web_search_request`

794 867 

795Type / Values868Type / Values

796 869 

798 871 

799Details872Details

800 873 

801Prevent the machine from sleeping while a turn is actively running (experimental; off by default).874Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`.

802 875 

803Key876Key

804 877 

805`features.remote_models`878`feedback.enabled`

806 879 

807Type / Values880Type / Values

808 881 

810 883 

811Details884Details

812 885 

813Legacy toggle for an older remote-model readiness flow. Current builds do not use it.886Enable feedback submission via `/feedback` across Codex surfaces (default: true).

814 887 

815Key888Key

816 889 

817`features.request_rule`890`file_opener`

818 891 

819Type / Values892Type / Values

820 893 

821`boolean`894`vscode | vscode-insiders | windsurf | cursor | none`

822 895 

823Details896Details

824 897 

825Legacy toggle for Smart approvals. Current builds include this behavior by default, so most users can leave this unset.898URI scheme used to open citations from Codex output (default: `vscode`).

826 899 

827Key900Key

828 901 

829`features.responses_websockets`902`forced_chatgpt_workspace_id`

830 903 

831Type / Values904Type / Values

832 905 

833`boolean`906`string (uuid)`

834 907 

835Details908Details

836 909 

837Prefer the Responses API WebSocket transport for supported providers (under development).910Limit ChatGPT logins to a specific workspace identifier.

838 911 

839Key912Key

840 913 

841`features.responses_websockets_v2`914`forced_login_method`

842 915 

843Type / Values916Type / Values

844 917 

845`boolean`918`chatgpt | api`

846 919 

847Details920Details

848 921 

849Enable Responses API WebSocket v2 mode (under development).922Restrict Codex to a specific authentication method.

850 923 

851Key924Key

852 925 

853`features.runtime_metrics`926`hide_agent_reasoning`

854 927 

855Type / Values928Type / Values

856 929 

858 931 

859Details932Details

860 933 

861Show runtime metrics summary in TUI turn separators (experimental).934Suppress reasoning events in both the TUI and `codex exec` output.

862 935 

863Key936Key

864 937 

865`features.search_tool`938`history.max_bytes`

866 939 

867Type / Values940Type / Values

868 941 

869`boolean`942`number`

870 943 

871Details944Details

872 945 

873Legacy toggle for an older Apps discovery flow. Current builds do not use it.946If set, caps the history file size in bytes by dropping oldest entries.

874 947 

875Key948Key

876 949 

877`features.shell_snapshot`950`history.persistence`

878 951 

879Type / Values952Type / Values

880 953 

881`boolean`954`save-all | none`

882 955 

883Details956Details

884 957 

885Snapshot shell environment to speed up repeated commands (stable; on by default).958Control whether Codex saves session transcripts to history.jsonl.

886 959 

887Key960Key

888 961 

889`features.shell_tool`962`hooks`

890 963 

891Type / Values964Type / Values

892 965 

893`boolean`966`table`

894 967 

895Details968Details

896 969 

897Enable the default `shell` tool for running commands (stable; on by default).970Lifecycle hooks configured inline in `config.toml`. Uses the same event schema as `hooks.json`; see the Hooks guide for examples and supported events.

898 971 

899Key972Key

900 973 

901`features.skill_env_var_dependency_prompt`974`instructions`

902 975 

903Type / Values976Type / Values

904 977 

905`boolean`978`string`

906 979 

907Details980Details

908 981 

909Prompt for missing skill environment-variable dependencies (under development).982Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`.

910 983 

911Key984Key

912 985 

913`features.skill_mcp_dependency_install`986`log_dir`

914 987 

915Type / Values988Type / Values

916 989 

917`boolean`990`string (path)`

918 991 

919Details992Details

920 993 

921Allow prompting and installing missing MCP dependencies for skills (stable; on by default).994Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`.

922 995 

923Key996Key

924 997 

925`features.sqlite`998`mcp_oauth_callback_port`

926 999 

927Type / Values1000Type / Values

928 1001 

929`boolean`1002`integer`

930 1003 

931Details1004Details

932 1005 

933Enable SQLite-backed state persistence (stable; on by default).1006Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS.

934 1007 

935Key1008Key

936 1009 

937`features.steer`1010`mcp_oauth_callback_url`

938 1011 

939Type / Values1012Type / Values

940 1013 

941`boolean`1014`string`

942 1015 

943Details1016Details

944 1017 

945Legacy toggle from an earlier Enter/Tab steering rollout. Current builds always use the current steering behavior.1018Optional redirect URI override for MCP OAuth login (for example, a devbox ingress URL). `mcp_oauth_callback_port` still controls the callback listener port.

946 1019 

947Key1020Key

948 1021 

949`features.undo`1022`mcp_oauth_credentials_store`

950 1023 

951Type / Values1024Type / Values

952 1025 

953`boolean`1026`auto | file | keyring`

954 1027 

955Details1028Details

956 1029 

957Enable undo support (stable; off by default).1030Preferred store for MCP OAuth credentials.

958 1031 

959Key1032Key

960 1033 

961`features.unified_exec`1034`mcp_servers.<id>.args`

962 1035 

963Type / Values1036Type / Values

964 1037 

965`boolean`1038`array<string>`

966 1039 

967Details1040Details

968 1041 

969Use the unified PTY-backed exec tool (stable; enabled by default except on Windows).1042Arguments passed to the MCP stdio server command.

970 1043 

971Key1044Key

972 1045 

973`features.use_linux_sandbox_bwrap`1046`mcp_servers.<id>.bearer_token_env_var`

974 1047 

975Type / Values1048Type / Values

976 1049 

977`boolean`1050`string`

978 1051 

979Details1052Details

980 1053 

981Use the bubblewrap-based Linux sandbox pipeline (experimental; off by default).1054Environment variable sourcing the bearer token for an MCP HTTP server.

982 1055 

983Key1056Key

984 1057 

985`features.web_search`1058`mcp_servers.<id>.command`

986 1059 

987Type / Values1060Type / Values

988 1061 

989`boolean`1062`string`

990 1063 

991Details1064Details

992 1065 

993Deprecated legacy toggle; prefer the top-level `web_search` setting.1066Launcher command for an MCP stdio server.

994 1067 

995Key1068Key

996 1069 

997`features.web_search_cached`1070`mcp_servers.<id>.cwd`

998 1071 

999Type / Values1072Type / Values

1000 1073 

1001`boolean`1074`string`

1002 1075 

1003Details1076Details

1004 1077 

1005Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`.1078Working directory for the MCP stdio server process.

1006 1079 

1007Key1080Key

1008 1081 

1009`features.web_search_request`1082`mcp_servers.<id>.disabled_tools`

1010 1083 

1011Type / Values1084Type / Values

1012 1085 

1013`boolean`1086`array<string>`

1014 1087 

1015Details1088Details

1016 1089 

1017Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`.1090Deny list applied after `enabled_tools` for the MCP server.

1018 1091 

1019Key1092Key

1020 1093 

1021`feedback.enabled`1094`mcp_servers.<id>.enabled`

1022 1095 

1023Type / Values1096Type / Values

1024 1097 

1026 1099 

1027Details1100Details

1028 1101 

1029Enable feedback submission via `/feedback` across Codex surfaces (default: true).1102Disable an MCP server without removing its configuration.

1030 1103 

1031Key1104Key

1032 1105 

1033`file_opener`1106`mcp_servers.<id>.enabled_tools`

1034 1107 

1035Type / Values1108Type / Values

1036 1109 

1037`vscode | vscode-insiders | windsurf | cursor | none`1110`array<string>`

1038 1111 

1039Details1112Details

1040 1113 

1041URI scheme used to open citations from Codex output (default: `vscode`).1114Allow list of tool names exposed by the MCP server.

1042 1115 

1043Key1116Key

1044 1117 

1045`forced_chatgpt_workspace_id`1118`mcp_servers.<id>.env`

1046 1119 

1047Type / Values1120Type / Values

1048 1121 

1049`string (uuid)`1122`map<string,string>`

1050 1123 

1051Details1124Details

1052 1125 

1053Limit ChatGPT logins to a specific workspace identifier.1126Environment variables forwarded to the MCP stdio server.

1054 1127 

1055Key1128Key

1056 1129 

1057`forced_login_method`1130`mcp_servers.<id>.env_http_headers`

1058 1131 

1059Type / Values1132Type / Values

1060 1133 

1061`chatgpt | api`1134`map<string,string>`

1062 1135 

1063Details1136Details

1064 1137 

1065Restrict Codex to a specific authentication method.1138HTTP headers populated from environment variables for an MCP HTTP server.

1066 1139 

1067Key1140Key

1068 1141 

1069`hide_agent_reasoning`1142`mcp_servers.<id>.env_vars`

1070 1143 

1071Type / Values1144Type / Values

1072 1145 

1073`boolean`1146`array<string | { name = string, source = "local" | "remote" }>`

1074 1147 

1075Details1148Details

1076 1149 

1077Suppress reasoning events in both the TUI and `codex exec` output.1150Additional environment variables to whitelist for an MCP stdio server. String entries default to `source = "local"`; use `source = "remote"` only with executor-backed remote stdio.

1078 1151 

1079Key1152Key

1080 1153 

1081`history.max_bytes`1154`mcp_servers.<id>.experimental_environment`

1082 1155 

1083Type / Values1156Type / Values

1084 1157 

1085`number`1158`local | remote`

1086 1159 

1087Details1160Details

1088 1161 

1089If set, caps the history file size in bytes by dropping oldest entries.1162Experimental placement for an MCP server. `remote` starts stdio servers through a remote executor environment; streamable HTTP remote placement is not implemented.

1090 1163 

1091Key1164Key

1092 1165 

1093`history.persistence`1166`mcp_servers.<id>.http_headers`

1094 1167 

1095Type / Values1168Type / Values

1096 1169 

1097`save-all | none`1170`map<string,string>`

1098 1171 

1099Details1172Details

1100 1173 

1101Control whether Codex saves session transcripts to history.jsonl.1174Static HTTP headers included with each MCP HTTP request.

1102 1175 

1103Key1176Key

1104 1177 

1105`instructions`1178`mcp_servers.<id>.oauth_resource`

1106 1179 

1107Type / Values1180Type / Values

1108 1181 

1110 1183 

1111Details1184Details

1112 1185 

1113Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`.1186Optional RFC 8707 OAuth resource parameter to include during MCP login.

1114 1187 

1115Key1188Key

1116 1189 

1117`log_dir`1190`mcp_servers.<id>.required`

1118 1191 

1119Type / Values1192Type / Values

1120 1193 

1121`string (path)`1194`boolean`

1122 1195 

1123Details1196Details

1124 1197 

1125Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`.1198When true, fail startup/resume if this enabled MCP server cannot initialize.

1126 1199 

1127Key1200Key

1128 1201 

1129`mcp_oauth_callback_port`1202`mcp_servers.<id>.scopes`

1130 1203 

1131Type / Values1204Type / Values

1132 1205 

1133`integer`1206`array<string>`

1134 1207 

1135Details1208Details

1136 1209 

1137Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS.1210OAuth scopes to request when authenticating to that MCP server.

1138 1211 

1139Key1212Key

1140 1213 

1141`mcp_oauth_callback_url`1214`mcp_servers.<id>.startup_timeout_ms`

1142 1215 

1143Type / Values1216Type / Values

1144 1217 

1145`string`1218`number`

1146 1219 

1147Details1220Details

1148 1221 

1149Optional redirect URI override for MCP OAuth login (for example, a devbox ingress URL). `mcp_oauth_callback_port` still controls the callback listener port.1222Alias for `startup_timeout_sec` in milliseconds.

1150 1223 

1151Key1224Key

1152 1225 

1153`mcp_oauth_credentials_store`1226`mcp_servers.<id>.startup_timeout_sec`

1154 1227 

1155Type / Values1228Type / Values

1156 1229 

1157`auto | file | keyring`1230`number`

1158 1231 

1159Details1232Details

1160 1233 

1161Preferred store for MCP OAuth credentials.1234Override the default 10s startup timeout for an MCP server.

1162 1235 

1163Key1236Key

1164 1237 

1165`mcp_servers.<id>.args`1238`mcp_servers.<id>.tool_timeout_sec`

1166 1239 

1167Type / Values1240Type / Values

1168 1241 

1169`array<string>`1242`number`

1170 1243 

1171Details1244Details

1172 1245 

1173Arguments passed to the MCP stdio server command.1246Override the default 60s per-tool timeout for an MCP server.

1174 1247 

1175Key1248Key

1176 1249 

1177`mcp_servers.<id>.bearer_token_env_var`1250`mcp_servers.<id>.url`

1178 1251 

1179Type / Values1252Type / Values

1180 1253 

1182 1255 

1183Details1256Details

1184 1257 

1185Environment variable sourcing the bearer token for an MCP HTTP server.1258Endpoint for an MCP streamable HTTP server.

1186 1259 

1187Key1260Key

1188 1261 

1189`mcp_servers.<id>.command`1262`memories.consolidation_model`

1190 1263 

1191Type / Values1264Type / Values

1192 1265 

1194 1267 

1195Details1268Details

1196 1269 

1197Launcher command for an MCP stdio server.1270Optional model override for global memory consolidation.

1198 1271 

1199Key1272Key

1200 1273 

1201`mcp_servers.<id>.cwd`1274`memories.disable_on_external_context`

1202 1275 

1203Type / Values1276Type / Values

1204 1277 

1205`string`1278`boolean`

1206 1279 

1207Details1280Details

1208 1281 

1209Working directory for the MCP stdio server process.1282When `true`, threads that use external context such as MCP tool calls, web search, or tool search are kept out of memory generation. Defaults to `false`. Legacy alias: `memories.no_memories_if_mcp_or_web_search`.

1210 1283 

1211Key1284Key

1212 1285 

1213`mcp_servers.<id>.disabled_tools`1286`memories.extract_model`

1214 1287 

1215Type / Values1288Type / Values

1216 1289 

1217`array<string>`1290`string`

1218 1291 

1219Details1292Details

1220 1293 

1221Deny list applied after `enabled_tools` for the MCP server.1294Optional model override for per-thread memory extraction.

1222 1295 

1223Key1296Key

1224 1297 

1225`mcp_servers.<id>.enabled`1298`memories.generate_memories`

1226 1299 

1227Type / Values1300Type / Values

1228 1301 

1230 1303 

1231Details1304Details

1232 1305 

1233Disable an MCP server without removing its configuration.1306When `false`, newly created threads are not stored as memory-generation inputs. Defaults to `true`.

1234 1307 

1235Key1308Key

1236 1309 

1237`mcp_servers.<id>.enabled_tools`1310`memories.max_raw_memories_for_consolidation`

1238 1311 

1239Type / Values1312Type / Values

1240 1313 

1241`array<string>`1314`number`

1242 1315 

1243Details1316Details

1244 1317 

1245Allow list of tool names exposed by the MCP server.1318Maximum recent raw memories retained for global consolidation. Defaults to `256` and is capped at `4096`.

1246 1319 

1247Key1320Key

1248 1321 

1249`mcp_servers.<id>.env`1322`memories.max_rollout_age_days`

1250 1323 

1251Type / Values1324Type / Values

1252 1325 

1253`map<string,string>`1326`number`

1254 1327 

1255Details1328Details

1256 1329 

1257Environment variables forwarded to the MCP stdio server.1330Maximum age of threads considered for memory generation. Defaults to `30` and is clamped to `0`-`90`.

1258 1331 

1259Key1332Key

1260 1333 

1261`mcp_servers.<id>.env_http_headers`1334`memories.max_rollouts_per_startup`

1262 1335 

1263Type / Values1336Type / Values

1264 1337 

1265`map<string,string>`1338`number`

1266 1339 

1267Details1340Details

1268 1341 

1269HTTP headers populated from environment variables for an MCP HTTP server.1342Maximum rollout candidates processed per startup pass. Defaults to `16` and is capped at `128`.

1270 1343 

1271Key1344Key

1272 1345 

1273`mcp_servers.<id>.env_vars`1346`memories.max_unused_days`

1274 1347 

1275Type / Values1348Type / Values

1276 1349 

1277`array<string>`1350`number`

1278 1351 

1279Details1352Details

1280 1353 

1281Additional environment variables to whitelist for an MCP stdio server.1354Maximum days since a memory was last used before it becomes ineligible for consolidation. Defaults to `30` and is clamped to `0`-`365`.

1282 1355 

1283Key1356Key

1284 1357 

1285`mcp_servers.<id>.http_headers`1358`memories.min_rate_limit_remaining_percent`

1286 1359 

1287Type / Values1360Type / Values

1288 1361 

1289`map<string,string>`1362`number`

1290 1363 

1291Details1364Details

1292 1365 

1293Static HTTP headers included with each MCP HTTP request.1366Minimum remaining percentage required in Codex rate-limit windows before memory generation starts. Defaults to `25` and is clamped to `0`-`100`.

1294 1367 

1295Key1368Key

1296 1369 

1297`mcp_servers.<id>.oauth_resource`1370`memories.min_rollout_idle_hours`

1298 1371 

1299Type / Values1372Type / Values

1300 1373 

1301`string`1374`number`

1302 1375 

1303Details1376Details

1304 1377 

1305Optional RFC 8707 OAuth resource parameter to include during MCP login.1378Minimum idle time before a thread is considered for memory generation. Defaults to `6` and is clamped to `1`-`48`.

1306 1379 

1307Key1380Key

1308 1381 

1309`mcp_servers.<id>.required`1382`memories.use_memories`

1310 1383 

1311Type / Values1384Type / Values

1312 1385 

1314 1387 

1315Details1388Details

1316 1389 

1317When true, fail startup/resume if this enabled MCP server cannot initialize.1390When `false`, Codex skips injecting existing memories into future sessions. Defaults to `true`.

1318 1391 

1319Key1392Key

1320 1393 

1321`mcp_servers.<id>.scopes`1394`model`

1322 1395 

1323Type / Values1396Type / Values

1324 1397 

1325`array<string>`1398`string`

1326 1399 

1327Details1400Details

1328 1401 

1329OAuth scopes to request when authenticating to that MCP server.1402Model to use (e.g., `gpt-5.5`).

1403 

1404Key

1405 

1406`model_auto_compact_token_limit`

1407 

1408Type / Values

1409 

1410`number`

1411 

1412Details

1413 

1414Token threshold that triggers automatic history compaction (unset uses model defaults).

1415 

1416Key

1417 

1418`model_catalog_json`

1419 

1420Type / Values

1421 

1422`string (path)`

1423 

1424Details

1425 

1426Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile.

1330 1427 

1331Key1428Key

1332 1429 

1333`mcp_servers.<id>.startup_timeout_ms`1430`model_context_window`

1334 1431 

1335Type / Values1432Type / Values

1336 1433 

1338 1435 

1339Details1436Details

1340 1437 

1341Alias for `startup_timeout_sec` in milliseconds.1438Context window tokens available to the active model.

1342 1439 

1343Key1440Key

1344 1441 

1345`mcp_servers.<id>.startup_timeout_sec`1442`model_instructions_file`

1346 1443 

1347Type / Values1444Type / Values

1348 1445 

1349`number`1446`string (path)`

1350 1447 

1351Details1448Details

1352 1449 

1353Override the default 10s startup timeout for an MCP server.1450Replacement for built-in instructions instead of `AGENTS.md`.

1354 1451 

1355Key1452Key

1356 1453 

1357`mcp_servers.<id>.tool_timeout_sec`1454`model_provider`

1358 1455 

1359Type / Values1456Type / Values

1360 1457 

1361`number`1458`string`

1362 1459 

1363Details1460Details

1364 1461 

1365Override the default 60s per-tool timeout for an MCP server.1462Provider id from `model_providers` (default: `openai`).

1366 1463 

1367Key1464Key

1368 1465 

1369`mcp_servers.<id>.url`1466`model_providers.<id>`

1370 1467 

1371Type / Values1468Type / Values

1372 1469 

1373`string`1470`table`

1374 1471 

1375Details1472Details

1376 1473 

1377Endpoint for an MCP streamable HTTP server.1474Custom provider definition. Built-in provider IDs (`openai`, `ollama`, and `lmstudio`) are reserved and cannot be overridden.

1378 1475 

1379Key1476Key

1380 1477 

1381`model`1478`model_providers.<id>.auth`

1382 1479 

1383Type / Values1480Type / Values

1384 1481 

1385`string`1482`table`

1386 1483 

1387Details1484Details

1388 1485 

1389Model to use (e.g., `gpt-5-codex`).1486Command-backed bearer token configuration for a custom provider. Do not combine with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`.

1390 1487 

1391Key1488Key

1392 1489 

1393`model_auto_compact_token_limit`1490`model_providers.<id>.auth.args`

1394 1491 

1395Type / Values1492Type / Values

1396 1493 

1397`number`1494`array<string>`

1398 1495 

1399Details1496Details

1400 1497 

1401Token threshold that triggers automatic history compaction (unset uses model defaults).1498Arguments passed to the token command.

1402 1499 

1403Key1500Key

1404 1501 

1405`model_catalog_json`1502`model_providers.<id>.auth.command`

1406 1503 

1407Type / Values1504Type / Values

1408 1505 

1409`string (path)`1506`string`

1410 1507 

1411Details1508Details

1412 1509 

1413Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile.1510Command to run when Codex needs a bearer token. The command must print the token to stdout.

1414 1511 

1415Key1512Key

1416 1513 

1417`model_context_window`1514`model_providers.<id>.auth.cwd`

1418 1515 

1419Type / Values1516Type / Values

1420 1517 

1421`number`1518`string (path)`

1422 1519 

1423Details1520Details

1424 1521 

1425Context window tokens available to the active model.1522Working directory for the token command.

1426 1523 

1427Key1524Key

1428 1525 

1429`model_instructions_file`1526`model_providers.<id>.auth.refresh_interval_ms`

1430 1527 

1431Type / Values1528Type / Values

1432 1529 

1433`string (path)`1530`number`

1434 1531 

1435Details1532Details

1436 1533 

1437Replacement for built-in instructions instead of `AGENTS.md`.1534How often Codex proactively refreshes the token in milliseconds (default: 300000). Set to `0` to refresh only after an authentication retry.

1438 1535 

1439Key1536Key

1440 1537 

1441`model_provider`1538`model_providers.<id>.auth.timeout_ms`

1442 1539 

1443Type / Values1540Type / Values

1444 1541 

1445`string`1542`number`

1446 1543 

1447Details1544Details

1448 1545 

1449Provider id from `model_providers` (default: `openai`).1546Maximum token command runtime in milliseconds (default: 5000).

1450 1547 

1451Key1548Key

1452 1549 

1750 1847 

1751Key1848Key

1752 1849 

1850`openai_base_url`

1851 

1852Type / Values

1853 

1854`string`

1855 

1856Details

1857 

1858Base URL override for the built-in `openai` model provider.

1859 

1860Key

1861 

1753`oss_provider`1862`oss_provider`

1754 1863 

1755Type / Values1864Type / Values

1966 2075 

1967Key2076Key

1968 2077 

1969`permissions.network.admin_url`2078`permissions.<name>.filesystem`

1970 2079 

1971Type / Values2080Type / Values

1972 2081 

1973`string`2082`table`

1974 2083 

1975Details2084Details

1976 2085 

1977Admin endpoint for the managed network proxy.2086Named filesystem permission profile. Each key is an absolute path or special token such as `:minimal` or `:project_roots`.

1978 2087 

1979Key2088Key

1980 2089 

1981`permissions.network.allow_local_binding`2090`permissions.<name>.filesystem.":project_roots".<subpath-or-glob>`

1982 2091 

1983Type / Values2092Type / Values

1984 2093 

1985`boolean`2094`"read" | "write" | "none"`

1986 2095 

1987Details2096Details

1988 2097 

1989Permit local bind/listen operations through the managed proxy.2098Scoped filesystem access relative to the detected project roots. Use `"."` for the root itself; glob subpaths such as `"**/*.env"` can deny reads with `"none"`.

1990 2099 

1991Key2100Key

1992 2101 

1993`permissions.network.allow_unix_sockets`2102`permissions.<name>.filesystem.<path-or-glob>`

1994 2103 

1995Type / Values2104Type / Values

1996 2105 

1997`array<string>`2106`"read" | "write" | "none" | table`

1998 2107 

1999Details2108Details

2000 2109 

2001Allowlist of Unix socket paths permitted through the managed proxy.2110Grant direct access for a path, glob pattern, or special token, or scope nested entries under that root. Use `"none"` to deny reads for matching paths.

2002 2111 

2003Key2112Key

2004 2113 

2005`permissions.network.allow_upstream_proxy`2114`permissions.<name>.filesystem.glob_scan_max_depth`

2006 2115 

2007Type / Values2116Type / Values

2008 2117 

2009`boolean`2118`number`

2010 2119 

2011Details2120Details

2012 2121 

2013Allow the managed proxy to chain to another upstream proxy.2122Maximum depth for expanding deny-read glob patterns on platforms that snapshot matches before sandbox startup. Must be at least `1` when set.

2014 2123 

2015Key2124Key

2016 2125 

2017`permissions.network.allowed_domains`2126`permissions.<name>.network.allow_local_binding`

2018 2127 

2019Type / Values2128Type / Values

2020 2129 

2021`array<string>`2130`boolean`

2022 2131 

2023Details2132Details

2024 2133 

2025Allowlist of domains permitted through the managed proxy.2134Permit local bind/listen operations through the managed proxy.

2026 2135 

2027Key2136Key

2028 2137 

2029`permissions.network.dangerously_allow_all_unix_sockets`2138`permissions.<name>.network.allow_upstream_proxy`

2030 2139 

2031Type / Values2140Type / Values

2032 2141 

2034 2143 

2035Details2144Details

2036 2145 

2037Allow the proxy to use arbitrary Unix sockets instead of the default restricted set.2146Allow the managed proxy to chain to another upstream proxy.

2038 2147 

2039Key2148Key

2040 2149 

2041`permissions.network.dangerously_allow_non_loopback_admin`2150`permissions.<name>.network.dangerously_allow_all_unix_sockets`

2042 2151 

2043Type / Values2152Type / Values

2044 2153 

2046 2155 

2047Details2156Details

2048 2157 

2049Permit non-loopback bind addresses for the managed proxy admin listener.2158Allow the proxy to use arbitrary Unix sockets instead of the default restricted set.

2050 2159 

2051Key2160Key

2052 2161 

2053`permissions.network.dangerously_allow_non_loopback_proxy`2162`permissions.<name>.network.dangerously_allow_non_loopback_proxy`

2054 2163 

2055Type / Values2164Type / Values

2056 2165 

2062 2171 

2063Key2172Key

2064 2173 

2065`permissions.network.denied_domains`2174`permissions.<name>.network.domains`

2066 2175 

2067Type / Values2176Type / Values

2068 2177 

2069`array<string>`2178`map<string, allow | deny>`

2070 2179 

2071Details2180Details

2072 2181 

2073Denylist of domains blocked by the managed proxy.2182Domain rules for the managed proxy. Use domain names or wildcard patterns as keys, with `allow` or `deny` values.

2074 2183 

2075Key2184Key

2076 2185 

2077`permissions.network.enable_socks5`2186`permissions.<name>.network.enable_socks5`

2078 2187 

2079Type / Values2188Type / Values

2080 2189 

2082 2191 

2083Details2192Details

2084 2193 

2085Expose a SOCKS5 listener from the managed network proxy.2194Expose a SOCKS5 listener when this permissions profile enables the managed network proxy.

2086 2195 

2087Key2196Key

2088 2197 

2089`permissions.network.enable_socks5_udp`2198`permissions.<name>.network.enable_socks5_udp`

2090 2199 

2091Type / Values2200Type / Values

2092 2201 

2098 2207 

2099Key2208Key

2100 2209 

2101`permissions.network.enabled`2210`permissions.<name>.network.enabled`

2102 2211 

2103Type / Values2212Type / Values

2104 2213 

2106 2215 

2107Details2216Details

2108 2217 

2109Enable the managed network proxy configuration for subprocesses.2218Enable network access for this named permissions profile.

2110 2219 

2111Key2220Key

2112 2221 

2113`permissions.network.mode`2222`permissions.<name>.network.mode`

2114 2223 

2115Type / Values2224Type / Values

2116 2225 

2122 2231 

2123Key2232Key

2124 2233 

2125`permissions.network.proxy_url`2234`permissions.<name>.network.proxy_url`

2126 2235 

2127Type / Values2236Type / Values

2128 2237 

2130 2239 

2131Details2240Details

2132 2241 

2133HTTP proxy endpoint used by the managed network proxy.2242HTTP proxy endpoint used when this permissions profile enables the managed network proxy.

2134 2243 

2135Key2244Key

2136 2245 

2137`permissions.network.socks_url`2246`permissions.<name>.network.socks_url`

2138 2247 

2139Type / Values2248Type / Values

2140 2249 

2142 2251 

2143Details2252Details

2144 2253 

2145SOCKS5 proxy endpoint used by the managed network proxy.2254SOCKS5 proxy endpoint used by this permissions profile.

2255 

2256Key

2257 

2258`permissions.<name>.network.unix_sockets`

2259 

2260Type / Values

2261 

2262`map<string, allow | none>`

2263 

2264Details

2265 

2266Unix socket rules for the managed proxy. Use socket paths as keys, with `allow` or `none` values.

2146 2267 

2147Key2268Key

2148 2269 

2370 2491 

2371Details2492Details

2372 2493 

2373Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers.2494Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers, including project-local config, hooks, and rules.

2374 2495 

2375Key2496Key

2376 2497 

2454 2575 

2455Details2576Details

2456 2577 

2457Preferred service tier for new turns. `fast` is honored only when the `features.fast_mode` gate is enabled.2578Preferred service tier for new turns.

2458 2579 

2459Key2580Key

2460 2581 

2614 2735 

2615Key2736Key

2616 2737 

2738`tool_suggest.discoverables`

2739 

2740Type / Values

2741 

2742`array<table>`

2743 

2744Details

2745 

2746Allow tool suggestions for additional discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`.

2747 

2748Key

2749 

2617`tools.view_image`2750`tools.view_image`

2618 2751 

2619Type / Values2752Type / Values

2630 2763 

2631Type / Values2764Type / Values

2632 2765 

2633`boolean`2766`boolean | { context_size = "low|medium|high", allowed_domains = [string], location = { country, region, city, timezone } }`

2634 2767 

2635Details2768Details

2636 2769 

2637Deprecated legacy toggle for web search; prefer the top-level `web_search` setting.2770Optional web search tool configuration. The legacy boolean form is still accepted, but the object form lets you set search context size, allowed domains, and approximate user location.

2638 2771 

2639Key2772Key

2640 2773 

2686 2819 

2687Key2820Key

2688 2821 

2822`tui.notification_condition`

2823 

2824Type / Values

2825 

2826`unfocused | always`

2827 

2828Details

2829 

2830Control whether TUI notifications fire only when the terminal is unfocused or regardless of focus. Defaults to `unfocused`.

2831 

2832Key

2833 

2689`tui.notification_method`2834`tui.notification_method`

2690 2835 

2691Type / Values2836Type / Values

2694 2839 

2695Details2840Details

2696 2841 

2697Notification method for unfocused terminal notifications (default: auto).2842Notification method for terminal notifications (default: auto).

2698 2843 

2699Key2844Key

2700 2845 

2734 2879 

2735Key2880Key

2736 2881 

2882`tui.terminal_title`

2883 

2884Type / Values

2885 

2886`array<string> | null`

2887 

2888Details

2889 

2890Ordered list of terminal window/tab title item identifiers. Defaults to `["spinner", "project"]`; `null` disables title updates.

2891 

2892Key

2893 

2737`tui.theme`2894`tui.theme`

2738 2895 

2739Type / Values2896Type / Values

2780 2937 

2781Windows-only native sandbox mode when running Codex natively on Windows.2938Windows-only native sandbox mode when running Codex natively on Windows.

2782 2939 

2940Key

2941 

2942`windows.sandbox_private_desktop`

2943 

2944Type / Values

2945 

2946`boolean`

2947 

2948Details

2949 

2950Run the final sandboxed child process on a private desktop by default on native Windows. Set `false` only for compatibility with the older `Winsta0\\Default` behavior.

2951 

2783Expand to view all2952Expand to view all

2784 2953 

2785You can find the latest JSON schema for `config.toml` [here](https://developers.openai.com/codex/config-schema.json).2954You can find the latest JSON schema for `config.toml` [here](https://developers.openai.com/codex/config-schema.json).

2804 2973 

2805| Key | Type / Values | Details |2974| Key | Type / Values | Details |

2806| --- | --- | --- |2975| --- | --- | --- |

2807| `allowed_approval_policies` | `array<string>` | Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `reject`). |2976| `allowed_approval_policies` | `array<string>` | Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `granular`). |

2977| `allowed_approvals_reviewers` | `array<string>` | Allowed values for `approvals_reviewer`, such as `user` and `auto_review`. |

2808| `allowed_sandbox_modes` | `array<string>` | Allowed values for `sandbox_mode`. |2978| `allowed_sandbox_modes` | `array<string>` | Allowed values for `sandbox_mode`. |

2809| `allowed_web_search_modes` | `array<string>` | Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`. |2979| `allowed_web_search_modes` | `array<string>` | Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`. |

2810| `features` | `table` | Pinned feature values keyed by the canonical names from `config.toml`'s `[features]` table. |2980| `features` | `table` | Pinned feature values keyed by the canonical names from `config.toml`'s `[features]` table. |

2811| `features.<name>` | `boolean` | Require a specific canonical feature key to stay enabled or disabled. |2981| `features.<name>` | `boolean` | Require a specific canonical feature key to stay enabled or disabled. |

2982| `features.browser_use` | `boolean` | Set to `false` in `requirements.toml` to disable Browser Use and Browser Agent availability. |

2983| `features.computer_use` | `boolean` | Set to `false` in `requirements.toml` to disable Computer Use availability and related install or enablement flows. |

2984| `features.in_app_browser` | `boolean` | Set to `false` in `requirements.toml` to disable the in-app browser pane. |

2985| `guardian_policy_config` | `string` | Managed Markdown policy instructions for automatic review. This takes precedence over local `[auto_review].policy`. Blank values are ignored. |

2986| `hooks` | `table` | Admin-enforced managed lifecycle hooks. Requires a managed hook directory and uses the same event schema as inline `[hooks]` in `config.toml`. |

2987| `hooks.<Event>` | `array<table>` | Matcher groups for a hook event such as `PreToolUse`, `PostToolUse`, `PermissionRequest`, `SessionStart`, `UserPromptSubmit`, or `Stop`. |

2988| `hooks.<Event>[].hooks` | `array<table>` | Hook handlers for a matcher group. Command hooks are currently supported; prompt and agent hook handlers are parsed but skipped. |

2989| `hooks.managed_dir` | `string (absolute path)` | Directory containing managed hook scripts on macOS and Linux. Codex validates that it is absolute and exists before loading managed hooks. |

2990| `hooks.windows_managed_dir` | `string (absolute path)` | Directory containing managed hook scripts on Windows. Codex validates that it is absolute and exists before loading managed hooks. |

2812| `mcp_servers` | `table` | Allowlist of MCP servers that may be enabled. Both the server name (`<id>`) and its identity must match for the MCP server to be enabled. Any configured MCP server not in the allowlist (or with a mismatched identity) is disabled. |2991| `mcp_servers` | `table` | Allowlist of MCP servers that may be enabled. Both the server name (`<id>`) and its identity must match for the MCP server to be enabled. Any configured MCP server not in the allowlist (or with a mismatched identity) is disabled. |

2813| `mcp_servers.<id>.identity` | `table` | Identity rule for a single MCP server. Set either `command` (stdio) or `url` (streamable HTTP). |2992| `mcp_servers.<id>.identity` | `table` | Identity rule for a single MCP server. Set either `command` (stdio) or `url` (streamable HTTP). |

2814| `mcp_servers.<id>.identity.command` | `string` | Allow an MCP stdio server when its `mcp_servers.<id>.command` matches this command. |2993| `mcp_servers.<id>.identity.command` | `string` | Allow an MCP stdio server when its `mcp_servers.<id>.command` matches this command. |

2815| `mcp_servers.<id>.identity.url` | `string` | Allow an MCP streamable HTTP server when its `mcp_servers.<id>.url` matches this URL. |2994| `mcp_servers.<id>.identity.url` | `string` | Allow an MCP streamable HTTP server when its `mcp_servers.<id>.url` matches this URL. |

2995| `permissions.filesystem.deny_read` | `array<string>` | Admin-enforced filesystem read denials. Entries can be paths or glob patterns, and users cannot weaken them with local config. |

2996| `remote_sandbox_config` | `array<table>` | Host-specific sandbox requirements. The first entry whose `hostname_patterns` match the resolved host name overrides top-level `allowed_sandbox_modes` for that requirements source. Host-specific entries currently override sandbox modes only. |

2997| `remote_sandbox_config[].allowed_sandbox_modes` | `array<string>` | Allowed sandbox modes to apply when this host-specific entry matches. |

2998| `remote_sandbox_config[].hostname_patterns` | `array<string>` | Case-insensitive host name patterns. Supports `*` for any sequence of characters and `?` for one character. |

2816| `rules` | `table` | Admin-enforced command rules merged with `.rules` files. Requirements rules must be restrictive. |2999| `rules` | `table` | Admin-enforced command rules merged with `.rules` files. Requirements rules must be restrictive. |

2817| `rules.prefix_rules` | `array<table>` | List of enforced prefix rules. Each rule must include `pattern` and `decision`. |3000| `rules.prefix_rules` | `array<table>` | List of enforced prefix rules. Each rule must include `pattern` and `decision`. |

2818| `rules.prefix_rules[].decision` | `prompt | forbidden` | Required. Requirements rules can only prompt or forbid (not allow). |3001| `rules.prefix_rules[].decision` | `prompt | forbidden` | Required. Requirements rules can only prompt or forbid (not allow). |

2831 3014 

2832Details3015Details

2833 3016 

2834Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `reject`).3017Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `granular`).

3018 

3019Key

3020 

3021`allowed_approvals_reviewers`

3022 

3023Type / Values

3024 

3025`array<string>`

3026 

3027Details

3028 

3029Allowed values for `approvals_reviewer`, such as `user` and `auto_review`.

2835 3030 

2836Key3031Key

2837 3032 

2883 3078 

2884Key3079Key

2885 3080 

3081`features.browser_use`

3082 

3083Type / Values

3084 

3085`boolean`

3086 

3087Details

3088 

3089Set to `false` in `requirements.toml` to disable Browser Use and Browser Agent availability.

3090 

3091Key

3092 

3093`features.computer_use`

3094 

3095Type / Values

3096 

3097`boolean`

3098 

3099Details

3100 

3101Set to `false` in `requirements.toml` to disable Computer Use availability and related install or enablement flows.

3102 

3103Key

3104 

3105`features.in_app_browser`

3106 

3107Type / Values

3108 

3109`boolean`

3110 

3111Details

3112 

3113Set to `false` in `requirements.toml` to disable the in-app browser pane.

3114 

3115Key

3116 

3117`guardian_policy_config`

3118 

3119Type / Values

3120 

3121`string`

3122 

3123Details

3124 

3125Managed Markdown policy instructions for automatic review. This takes precedence over local `[auto_review].policy`. Blank values are ignored.

3126 

3127Key

3128 

3129`hooks`

3130 

3131Type / Values

3132 

3133`table`

3134 

3135Details

3136 

3137Admin-enforced managed lifecycle hooks. Requires a managed hook directory and uses the same event schema as inline `[hooks]` in `config.toml`.

3138 

3139Key

3140 

3141`hooks.<Event>`

3142 

3143Type / Values

3144 

3145`array<table>`

3146 

3147Details

3148 

3149Matcher groups for a hook event such as `PreToolUse`, `PostToolUse`, `PermissionRequest`, `SessionStart`, `UserPromptSubmit`, or `Stop`.

3150 

3151Key

3152 

3153`hooks.<Event>[].hooks`

3154 

3155Type / Values

3156 

3157`array<table>`

3158 

3159Details

3160 

3161Hook handlers for a matcher group. Command hooks are currently supported; prompt and agent hook handlers are parsed but skipped.

3162 

3163Key

3164 

3165`hooks.managed_dir`

3166 

3167Type / Values

3168 

3169`string (absolute path)`

3170 

3171Details

3172 

3173Directory containing managed hook scripts on macOS and Linux. Codex validates that it is absolute and exists before loading managed hooks.

3174 

3175Key

3176 

3177`hooks.windows_managed_dir`

3178 

3179Type / Values

3180 

3181`string (absolute path)`

3182 

3183Details

3184 

3185Directory containing managed hook scripts on Windows. Codex validates that it is absolute and exists before loading managed hooks.

3186 

3187Key

3188 

2886`mcp_servers`3189`mcp_servers`

2887 3190 

2888Type / Values3191Type / Values

2931 3234 

2932Key3235Key

2933 3236 

3237`permissions.filesystem.deny_read`

3238 

3239Type / Values

3240 

3241`array<string>`

3242 

3243Details

3244 

3245Admin-enforced filesystem read denials. Entries can be paths or glob patterns, and users cannot weaken them with local config.

3246 

3247Key

3248 

3249`remote_sandbox_config`

3250 

3251Type / Values

3252 

3253`array<table>`

3254 

3255Details

3256 

3257Host-specific sandbox requirements. The first entry whose `hostname_patterns` match the resolved host name overrides top-level `allowed_sandbox_modes` for that requirements source. Host-specific entries currently override sandbox modes only.

3258 

3259Key

3260 

3261`remote_sandbox_config[].allowed_sandbox_modes`

3262 

3263Type / Values

3264 

3265`array<string>`

3266 

3267Details

3268 

3269Allowed sandbox modes to apply when this host-specific entry matches.

3270 

3271Key

3272 

3273`remote_sandbox_config[].hostname_patterns`

3274 

3275Type / Values

3276 

3277`array<string>`

3278 

3279Details

3280 

3281Case-insensitive host name patterns. Supports `*` for any sequence of characters and `?` for one character.

3282 

3283Key

3284 

2934`rules`3285`rules`

2935 3286 

2936Type / Values3287Type / Values