config-reference.md +1719 −2985
6 6
7User-level configuration lives in `~/.codex/config.toml`. You can also add project-scoped overrides in `.codex/config.toml` files. Codex loads project-scoped config files only when you trust the project.7User-level configuration lives in `~/.codex/config.toml`. You can also add project-scoped overrides in `.codex/config.toml` files. Codex loads project-scoped config files only when you trust the project.
8 8
99For sandbox and approval keys (`approval_policy`, `sandbox_mode`, and `sandbox_workspace_write.*`), pair this reference with [Sandbox and approvals](https://developers.openai.com/codex/agent-approvals-security#sandbox-and-approvals), [Protected paths in writable roots](https://developers.openai.com/codex/agent-approvals-security#protected-paths-in-writable-roots), and [Network access](https://developers.openai.com/codex/agent-approvals-security#network-access).Project-scoped config can't override machine-local provider, auth,
1010 notification, profile, or telemetry routing keys. Codex ignores
1111| Key | Type / Values | Details |`openai_base_url`, `chatgpt_base_url`, `model_provider`, `model_providers`,
1212| --- | --- | --- |`notify`, `profile`, `profiles`, `experimental_realtime_ws_base_url`, and
1313| `agents.<name>.config_file` | `string (path)` | Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role. |`otel` when they appear in a project-local `.codex/config.toml`; put those in
1414| `agents.<name>.description` | `string` | Role guidance shown to Codex when choosing and spawning that agent type. |user-level config instead.
15| `agents.<name>.nickname_candidates` | `array<string>` | Optional pool of display nicknames for spawned agents in that role. |
16| `agents.job_max_runtime_seconds` | `number` | Default per-worker timeout for `spawn_agents_on_csv` jobs. When unset, the tool falls back to 1800 seconds per worker. |
17| `agents.max_depth` | `number` | Maximum nesting depth allowed for spawned agent threads (root sessions start at depth 0; default: 1). |
18| `agents.max_threads` | `number` | Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset. |
19| `allow_login_shell` | `boolean` | Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells. |
20| `analytics.enabled` | `boolean` | Enable or disable analytics for this machine/profile. When unset, the client default applies. |
21| `approval_policy` | `untrusted | on-request | never | { reject = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool } }` | Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { reject = { ... } }` to auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs. |
22| `approval_policy.reject.mcp_elicitations` | `boolean` | When `true`, MCP elicitation prompts are auto-rejected instead of shown to the user. |
23| `approval_policy.reject.rules` | `boolean` | When `true`, approvals triggered by execpolicy `prompt` rules are auto-rejected. |
24| `approval_policy.reject.sandbox_approval` | `boolean` | When `true`, sandbox escalation approval prompts are auto-rejected. |
25| `apps._default.destructive_enabled` | `boolean` | Default allow/deny for app tools with `destructive_hint = true`. |
26| `apps._default.enabled` | `boolean` | Default app enabled state for all apps unless overridden per app. |
27| `apps._default.open_world_enabled` | `boolean` | Default allow/deny for app tools with `open_world_hint = true`. |
28| `apps.<id>.default_tools_approval_mode` | `auto | prompt | approve` | Default approval behavior for tools in this app unless a per-tool override exists. |
29| `apps.<id>.default_tools_enabled` | `boolean` | Default enabled state for tools in this app unless a per-tool override exists. |
30| `apps.<id>.destructive_enabled` | `boolean` | Allow or block tools in this app that advertise `destructive_hint = true`. |
31| `apps.<id>.enabled` | `boolean` | Enable or disable a specific app/connector by id (default: true). |
32| `apps.<id>.open_world_enabled` | `boolean` | Allow or block tools in this app that advertise `open_world_hint = true`. |
33| `apps.<id>.tools.<tool>.approval_mode` | `auto | prompt | approve` | Per-tool approval behavior override for a single app tool. |
34| `apps.<id>.tools.<tool>.enabled` | `boolean` | Per-tool enabled override for an app tool (for example `repos/list`). |
35| `background_terminal_max_timeout` | `number` | Maximum poll window in milliseconds for empty `write_stdin` polls (background terminal polling). Default: `300000` (5 minutes). Replaces the older `background_terminal_timeout` key. |
36| `chatgpt_base_url` | `string` | Override the base URL used during the ChatGPT login flow. |
37| `check_for_update_on_startup` | `boolean` | Check for Codex updates on startup (set to false only when updates are centrally managed). |
38| `cli_auth_credentials_store` | `file | keyring | auto` | Control where the CLI stores cached credentials (file-based auth.json vs OS keychain). |
39| `commit_attribution` | `string` | Override the commit co-author trailer text. Set an empty string to disable automatic attribution. |
40| `compact_prompt` | `string` | Inline override for the history compaction prompt. |
41| `developer_instructions` | `string` | Additional developer instructions injected into the session (optional). |
42| `disable_paste_burst` | `boolean` | Disable burst-paste detection in the TUI. |
43| `experimental_compact_prompt_file` | `string (path)` | Load the compaction prompt override from a file (experimental). |
44| `experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`. |
45| `features.apps` | `boolean` | Enable ChatGPT Apps/connectors support (experimental). |
46| `features.apps_mcp_gateway` | `boolean` | Route Apps MCP calls through the OpenAI connectors MCP gateway (`https://api.openai.com/v1/connectors/mcp/`) instead of legacy routing (experimental). |
47| `features.artifact` | `boolean` | Enable native artifact tools such as slides and spreadsheets (under development). |
48| `features.child_agents_md` | `boolean` | Append AGENTS.md scope/precedence guidance even when no AGENTS.md is present (experimental). |
49| `features.collaboration_modes` | `boolean` | Legacy toggle for collaboration modes. Plan and default modes are available in current builds without setting this key. |
50| `features.default_mode_request_user_input` | `boolean` | Allow `request_user_input` in default collaboration mode (under development; off by default). |
51| `features.elevated_windows_sandbox` | `boolean` | Legacy toggle for an earlier elevated Windows sandbox rollout. Current builds do not use it. |
52| `features.enable_request_compression` | `boolean` | Compress streaming request bodies with zstd when supported (stable; on by default). |
53| `features.experimental_windows_sandbox` | `boolean` | Legacy toggle for an earlier Windows sandbox rollout. Current builds do not use it. |
54| `features.fast_mode` | `boolean` | Enable Fast mode selection and the `service_tier = "fast"` path (stable; on by default). |
55| `features.image_detail_original` | `boolean` | Allow image outputs with `detail = "original"` on supported models (under development). |
56| `features.image_generation` | `boolean` | Enable the built-in image generation tool (under development). |
57| `features.multi_agent` | `boolean` | Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait`, `close_agent`, and `spawn_agents_on_csv`) (experimental; off by default). |
58| `features.personality` | `boolean` | Enable personality selection controls (stable; on by default). |
59| `features.powershell_utf8` | `boolean` | Force PowerShell UTF-8 output. Enabled by default on Windows and off elsewhere. |
60| `features.prevent_idle_sleep` | `boolean` | Prevent the machine from sleeping while a turn is actively running (experimental; off by default). |
61| `features.remote_models` | `boolean` | Legacy toggle for an older remote-model readiness flow. Current builds do not use it. |
62| `features.request_rule` | `boolean` | Legacy toggle for Smart approvals. Current builds include this behavior by default, so most users can leave this unset. |
63| `features.responses_websockets` | `boolean` | Prefer the Responses API WebSocket transport for supported providers (under development). |
64| `features.responses_websockets_v2` | `boolean` | Enable Responses API WebSocket v2 mode (under development). |
65| `features.runtime_metrics` | `boolean` | Show runtime metrics summary in TUI turn separators (experimental). |
66| `features.search_tool` | `boolean` | Legacy toggle for an older Apps discovery flow. Current builds do not use it. |
67| `features.shell_snapshot` | `boolean` | Snapshot shell environment to speed up repeated commands (stable; on by default). |
68| `features.shell_tool` | `boolean` | Enable the default `shell` tool for running commands (stable; on by default). |
69| `features.skill_env_var_dependency_prompt` | `boolean` | Prompt for missing skill environment-variable dependencies (under development). |
70| `features.skill_mcp_dependency_install` | `boolean` | Allow prompting and installing missing MCP dependencies for skills (stable; on by default). |
71| `features.sqlite` | `boolean` | Enable SQLite-backed state persistence (stable; on by default). |
72| `features.steer` | `boolean` | Legacy toggle from an earlier Enter/Tab steering rollout. Current builds always use the current steering behavior. |
73| `features.undo` | `boolean` | Enable undo support (stable; off by default). |
74| `features.unified_exec` | `boolean` | Use the unified PTY-backed exec tool (stable; enabled by default except on Windows). |
75| `features.use_linux_sandbox_bwrap` | `boolean` | Use the bubblewrap-based Linux sandbox pipeline (experimental; off by default). |
76| `features.web_search` | `boolean` | Deprecated legacy toggle; prefer the top-level `web_search` setting. |
77| `features.web_search_cached` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`. |
78| `features.web_search_request` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`. |
79| `feedback.enabled` | `boolean` | Enable feedback submission via `/feedback` across Codex surfaces (default: true). |
80| `file_opener` | `vscode | vscode-insiders | windsurf | cursor | none` | URI scheme used to open citations from Codex output (default: `vscode`). |
81| `forced_chatgpt_workspace_id` | `string (uuid)` | Limit ChatGPT logins to a specific workspace identifier. |
82| `forced_login_method` | `chatgpt | api` | Restrict Codex to a specific authentication method. |
83| `hide_agent_reasoning` | `boolean` | Suppress reasoning events in both the TUI and `codex exec` output. |
84| `history.max_bytes` | `number` | If set, caps the history file size in bytes by dropping oldest entries. |
85| `history.persistence` | `save-all | none` | Control whether Codex saves session transcripts to history.jsonl. |
86| `instructions` | `string` | Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`. |
87| `log_dir` | `string (path)` | Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`. |
88| `mcp_oauth_callback_port` | `integer` | Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS. |
89| `mcp_oauth_callback_url` | `string` | Optional redirect URI override for MCP OAuth login (for example, a devbox ingress URL). `mcp_oauth_callback_port` still controls the callback listener port. |
90| `mcp_oauth_credentials_store` | `auto | file | keyring` | Preferred store for MCP OAuth credentials. |
91| `mcp_servers.<id>.args` | `array<string>` | Arguments passed to the MCP stdio server command. |
92| `mcp_servers.<id>.bearer_token_env_var` | `string` | Environment variable sourcing the bearer token for an MCP HTTP server. |
93| `mcp_servers.<id>.command` | `string` | Launcher command for an MCP stdio server. |
94| `mcp_servers.<id>.cwd` | `string` | Working directory for the MCP stdio server process. |
95| `mcp_servers.<id>.disabled_tools` | `array<string>` | Deny list applied after `enabled_tools` for the MCP server. |
96| `mcp_servers.<id>.enabled` | `boolean` | Disable an MCP server without removing its configuration. |
97| `mcp_servers.<id>.enabled_tools` | `array<string>` | Allow list of tool names exposed by the MCP server. |
98| `mcp_servers.<id>.env` | `map<string,string>` | Environment variables forwarded to the MCP stdio server. |
99| `mcp_servers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables for an MCP HTTP server. |
100| `mcp_servers.<id>.env_vars` | `array<string>` | Additional environment variables to whitelist for an MCP stdio server. |
101| `mcp_servers.<id>.http_headers` | `map<string,string>` | Static HTTP headers included with each MCP HTTP request. |
102| `mcp_servers.<id>.oauth_resource` | `string` | Optional RFC 8707 OAuth resource parameter to include during MCP login. |
103| `mcp_servers.<id>.required` | `boolean` | When true, fail startup/resume if this enabled MCP server cannot initialize. |
104| `mcp_servers.<id>.scopes` | `array<string>` | OAuth scopes to request when authenticating to that MCP server. |
105| `mcp_servers.<id>.startup_timeout_ms` | `number` | Alias for `startup_timeout_sec` in milliseconds. |
106| `mcp_servers.<id>.startup_timeout_sec` | `number` | Override the default 10s startup timeout for an MCP server. |
107| `mcp_servers.<id>.tool_timeout_sec` | `number` | Override the default 60s per-tool timeout for an MCP server. |
108| `mcp_servers.<id>.url` | `string` | Endpoint for an MCP streamable HTTP server. |
109| `model` | `string` | Model to use (e.g., `gpt-5-codex`). |
110| `model_auto_compact_token_limit` | `number` | Token threshold that triggers automatic history compaction (unset uses model defaults). |
111| `model_catalog_json` | `string (path)` | Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile. |
112| `model_context_window` | `number` | Context window tokens available to the active model. |
113| `model_instructions_file` | `string (path)` | Replacement for built-in instructions instead of `AGENTS.md`. |
114| `model_provider` | `string` | Provider id from `model_providers` (default: `openai`). |
115| `model_providers.<id>.base_url` | `string` | API base URL for the model provider. |
116| `model_providers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables when present. |
117| `model_providers.<id>.env_key` | `string` | Environment variable supplying the provider API key. |
118| `model_providers.<id>.env_key_instructions` | `string` | Optional setup guidance for the provider API key. |
119| `model_providers.<id>.experimental_bearer_token` | `string` | Direct bearer token for the provider (discouraged; use `env_key`). |
120| `model_providers.<id>.http_headers` | `map<string,string>` | Static HTTP headers added to provider requests. |
121| `model_providers.<id>.name` | `string` | Display name for a custom model provider. |
122| `model_providers.<id>.query_params` | `map<string,string>` | Extra query parameters appended to provider requests. |
123| `model_providers.<id>.request_max_retries` | `number` | Retry count for HTTP requests to the provider (default: 4). |
124| `model_providers.<id>.requires_openai_auth` | `boolean` | The provider uses OpenAI authentication (defaults to false). |
125| `model_providers.<id>.stream_idle_timeout_ms` | `number` | Idle timeout for SSE streams in milliseconds (default: 300000). |
126| `model_providers.<id>.stream_max_retries` | `number` | Retry count for SSE streaming interruptions (default: 5). |
127| `model_providers.<id>.supports_websockets` | `boolean` | Whether that provider supports the Responses API WebSocket transport. |
128| `model_providers.<id>.wire_api` | `responses` | Protocol used by the provider. `responses` is the only supported value, and it is the default when omitted. |
129| `model_reasoning_effort` | `minimal | low | medium | high | xhigh` | Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent). |
130| `model_reasoning_summary` | `auto | concise | detailed | none` | Select reasoning summary detail or disable summaries entirely. |
131| `model_supports_reasoning_summaries` | `boolean` | Force Codex to send or not send reasoning metadata. |
132| `model_verbosity` | `low | medium | high` | Optional GPT-5 Responses API verbosity override; when unset, the selected model/preset default is used. |
133| `notice.hide_full_access_warning` | `boolean` | Track acknowledgement of the full access warning prompt. |
134| `notice.hide_gpt-5.1-codex-max_migration_prompt` | `boolean` | Track acknowledgement of the gpt-5.1-codex-max migration prompt. |
135| `notice.hide_gpt5_1_migration_prompt` | `boolean` | Track acknowledgement of the GPT-5.1 migration prompt. |
136| `notice.hide_rate_limit_model_nudge` | `boolean` | Track opt-out of the rate limit model switch reminder. |
137| `notice.hide_world_writable_warning` | `boolean` | Track acknowledgement of the Windows world-writable directories warning. |
138| `notice.model_migrations` | `map<string,string>` | Track acknowledged model migrations as old->new mappings. |
139| `notify` | `array<string>` | Command invoked for notifications; receives a JSON payload from Codex. |
140| `oss_provider` | `lmstudio | ollama` | Default local provider used when running with `--oss` (defaults to prompting if unset). |
141| `otel.environment` | `string` | Environment tag applied to emitted OpenTelemetry events (default: `dev`). |
142| `otel.exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry exporter and provide any endpoint metadata. |
143| `otel.exporter.<id>.endpoint` | `string` | Exporter endpoint for OTEL logs. |
144| `otel.exporter.<id>.headers` | `map<string,string>` | Static headers included with OTEL exporter requests. |
145| `otel.exporter.<id>.protocol` | `binary | json` | Protocol used by the OTLP/HTTP exporter. |
146| `otel.exporter.<id>.tls.ca-certificate` | `string` | CA certificate path for OTEL exporter TLS. |
147| `otel.exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL exporter TLS. |
148| `otel.exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL exporter TLS. |
149| `otel.log_user_prompt` | `boolean` | Opt in to exporting raw user prompts with OpenTelemetry logs. |
150| `otel.metrics_exporter` | `none | statsig | otlp-http | otlp-grpc` | Select the OpenTelemetry metrics exporter (defaults to `statsig`). |
151| `otel.trace_exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry trace exporter and provide any endpoint metadata. |
152| `otel.trace_exporter.<id>.endpoint` | `string` | Trace exporter endpoint for OTEL logs. |
153| `otel.trace_exporter.<id>.headers` | `map<string,string>` | Static headers included with OTEL trace exporter requests. |
154| `otel.trace_exporter.<id>.protocol` | `binary | json` | Protocol used by the OTLP/HTTP trace exporter. |
155| `otel.trace_exporter.<id>.tls.ca-certificate` | `string` | CA certificate path for OTEL trace exporter TLS. |
156| `otel.trace_exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL trace exporter TLS. |
157| `otel.trace_exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL trace exporter TLS. |
158| `permissions.network.admin_url` | `string` | Admin endpoint for the managed network proxy. |
159| `permissions.network.allow_local_binding` | `boolean` | Permit local bind/listen operations through the managed proxy. |
160| `permissions.network.allow_unix_sockets` | `array<string>` | Allowlist of Unix socket paths permitted through the managed proxy. |
161| `permissions.network.allow_upstream_proxy` | `boolean` | Allow the managed proxy to chain to another upstream proxy. |
162| `permissions.network.allowed_domains` | `array<string>` | Allowlist of domains permitted through the managed proxy. |
163| `permissions.network.dangerously_allow_all_unix_sockets` | `boolean` | Allow the proxy to use arbitrary Unix sockets instead of the default restricted set. |
164| `permissions.network.dangerously_allow_non_loopback_admin` | `boolean` | Permit non-loopback bind addresses for the managed proxy admin listener. |
165| `permissions.network.dangerously_allow_non_loopback_proxy` | `boolean` | Permit non-loopback bind addresses for the managed proxy listener. |
166| `permissions.network.denied_domains` | `array<string>` | Denylist of domains blocked by the managed proxy. |
167| `permissions.network.enable_socks5` | `boolean` | Expose a SOCKS5 listener from the managed network proxy. |
168| `permissions.network.enable_socks5_udp` | `boolean` | Allow UDP over the SOCKS5 listener when enabled. |
169| `permissions.network.enabled` | `boolean` | Enable the managed network proxy configuration for subprocesses. |
170| `permissions.network.mode` | `limited | full` | Network proxy mode used for subprocess traffic. |
171| `permissions.network.proxy_url` | `string` | HTTP proxy endpoint used by the managed network proxy. |
172| `permissions.network.socks_url` | `string` | SOCKS5 proxy endpoint used by the managed network proxy. |
173| `personality` | `none | friendly | pragmatic` | Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`. |
174| `plan_mode_reasoning_effort` | `none | minimal | low | medium | high | xhigh` | Plan-mode-specific reasoning override. When unset, Plan mode uses its built-in preset default. |
175| `profile` | `string` | Default profile applied at startup (equivalent to `--profile`). |
176| `profiles.<name>.*` | `various` | Profile-scoped overrides for any of the supported configuration keys. |
177| `profiles.<name>.analytics.enabled` | `boolean` | Profile-scoped analytics enablement override. |
178| `profiles.<name>.experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec`. |
179| `profiles.<name>.model_catalog_json` | `string (path)` | Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile). |
180| `profiles.<name>.model_instructions_file` | `string (path)` | Profile-scoped replacement for the built-in instruction file. |
181| `profiles.<name>.oss_provider` | `lmstudio | ollama` | Profile-scoped OSS provider for `--oss` sessions. |
182| `profiles.<name>.personality` | `none | friendly | pragmatic` | Profile-scoped communication style override for supported models. |
183| `profiles.<name>.plan_mode_reasoning_effort` | `none | minimal | low | medium | high | xhigh` | Profile-scoped Plan-mode reasoning override. |
184| `profiles.<name>.service_tier` | `flex | fast` | Profile-scoped service tier preference for new turns. |
185| `profiles.<name>.tools_view_image` | `boolean` | Enable or disable the `view_image` tool in that profile. |
186| `profiles.<name>.web_search` | `disabled | cached | live` | Profile-scoped web search mode override (default: `"cached"`). |
187| `profiles.<name>.windows.sandbox` | `unelevated | elevated` | Profile-scoped Windows sandbox mode override. |
188| `project_doc_fallback_filenames` | `array<string>` | Additional filenames to try when `AGENTS.md` is missing. |
189| `project_doc_max_bytes` | `number` | Maximum bytes read from `AGENTS.md` when building project instructions. |
190| `project_root_markers` | `array<string>` | List of project root marker filenames; used when searching parent directories for the project root. |
191| `projects.<path>.trust_level` | `string` | Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers. |
192| `review_model` | `string` | Optional model override used by `/review` (defaults to the current session model). |
193| `sandbox_mode` | `read-only | workspace-write | danger-full-access` | Sandbox policy for filesystem and network access during command execution. |
194| `sandbox_workspace_write.exclude_slash_tmp` | `boolean` | Exclude `/tmp` from writable roots in workspace-write mode. |
195| `sandbox_workspace_write.exclude_tmpdir_env_var` | `boolean` | Exclude `$TMPDIR` from writable roots in workspace-write mode. |
196| `sandbox_workspace_write.network_access` | `boolean` | Allow outbound network access inside the workspace-write sandbox. |
197| `sandbox_workspace_write.writable_roots` | `array<string>` | Additional writable roots when `sandbox_mode = "workspace-write"`. |
198| `service_tier` | `flex | fast` | Preferred service tier for new turns. `fast` is honored only when the `features.fast_mode` gate is enabled. |
199| `shell_environment_policy.exclude` | `array<string>` | Glob patterns for removing environment variables after the defaults. |
200| `shell_environment_policy.experimental_use_profile` | `boolean` | Use the user shell profile when spawning subprocesses. |
201| `shell_environment_policy.ignore_default_excludes` | `boolean` | Keep variables containing KEY/SECRET/TOKEN before other filters run. |
202| `shell_environment_policy.include_only` | `array<string>` | Whitelist of patterns; when set only matching variables are kept. |
203| `shell_environment_policy.inherit` | `all | core | none` | Baseline environment inheritance when spawning subprocesses. |
204| `shell_environment_policy.set` | `map<string,string>` | Explicit environment overrides injected into every subprocess. |
205| `show_raw_agent_reasoning` | `boolean` | Surface raw reasoning content when the active model emits it. |
206| `skills.config` | `array<object>` | Per-skill enablement overrides stored in config.toml. |
207| `skills.config.<index>.enabled` | `boolean` | Enable or disable the referenced skill. |
208| `skills.config.<index>.path` | `string (path)` | Path to a skill folder containing `SKILL.md`. |
209| `sqlite_home` | `string (path)` | Directory where Codex stores the SQLite-backed state DB used by agent jobs and other resumable runtime state. |
210| `suppress_unstable_features_warning` | `boolean` | Suppress the warning that appears when under-development feature flags are enabled. |
211| `tool_output_token_limit` | `number` | Token budget for storing individual tool/function outputs in history. |
212| `tools.view_image` | `boolean` | Enable the local-image attachment tool `view_image`. |
213| `tools.web_search` | `boolean` | Deprecated legacy toggle for web search; prefer the top-level `web_search` setting. |
214| `tui` | `table` | TUI-specific options such as enabling inline desktop notifications. |
215| `tui.alternate_screen` | `auto | always | never` | Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback). |
216| `tui.animations` | `boolean` | Enable terminal animations (welcome screen, shimmer, spinner) (default: true). |
217| `tui.model_availability_nux.<model>` | `integer` | Internal startup-tooltip state keyed by model slug. |
218| `tui.notification_method` | `auto | osc9 | bel` | Notification method for unfocused terminal notifications (default: auto). |
219| `tui.notifications` | `boolean | array<string>` | Enable TUI notifications; optionally restrict to specific event types. |
220| `tui.show_tooltips` | `boolean` | Show onboarding tooltips in the TUI welcome screen (default: true). |
221| `tui.status_line` | `array<string> | null` | Ordered list of TUI footer status-line item identifiers. `null` disables the status line. |
222| `tui.theme` | `string` | Syntax-highlighting theme override (kebab-case theme name). |
223| `web_search` | `disabled | cached | live` | Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool. |
224| `windows_wsl_setup_acknowledged` | `boolean` | Track Windows onboarding acknowledgement (Windows only). |
225| `windows.sandbox` | `unelevated | elevated` | Windows-only native sandbox mode when running Codex natively on Windows. |
226
227Key
228
229`agents.<name>.config_file`
230
231Type / Values
232
233`string (path)`
234
235Details
236
237Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role.
238
239Key
240
241`agents.<name>.description`
242
243Type / Values
244
245`string`
246
247Details
248
249Role guidance shown to Codex when choosing and spawning that agent type.
250
251Key
252
253`agents.<name>.nickname_candidates`
254
255Type / Values
256
257`array<string>`
258
259Details
260
261Optional pool of display nicknames for spawned agents in that role.
262
263Key
264
265`agents.job_max_runtime_seconds`
266
267Type / Values
268
269`number`
270
271Details
272
273Default per-worker timeout for `spawn_agents_on_csv` jobs. When unset, the tool falls back to 1800 seconds per worker.
274
275Key
276
277`agents.max_depth`
278
279Type / Values
280
281`number`
282
283Details
284
285Maximum nesting depth allowed for spawned agent threads (root sessions start at depth 0; default: 1).
286
287Key
288
289`agents.max_threads`
290
291Type / Values
292
293`number`
294
295Details
296
297Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset.
298
299Key
300
301`allow_login_shell`
302
303Type / Values
304
305`boolean`
306
307Details
308
309Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells.
310
311Key
312
313`analytics.enabled`
314
315Type / Values
316
317`boolean`
318
319Details
320
321Enable or disable analytics for this machine/profile. When unset, the client default applies.
322
323Key
324
325`approval_policy`
326
327Type / Values
328
329`untrusted | on-request | never | { reject = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool } }`
330
331Details
332
333Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { reject = { ... } }` to auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs.
334
335Key
336
337`approval_policy.reject.mcp_elicitations`
338
339Type / Values
340
341`boolean`
342
343Details
344
345When `true`, MCP elicitation prompts are auto-rejected instead of shown to the user.
346
347Key
348
349`approval_policy.reject.rules`
350
351Type / Values
352
353`boolean`
354
355Details
356
357When `true`, approvals triggered by execpolicy `prompt` rules are auto-rejected.
358
359Key
360
361`approval_policy.reject.sandbox_approval`
362
363Type / Values
364
365`boolean`
366
367Details
368
369When `true`, sandbox escalation approval prompts are auto-rejected.
370
371Key
372
373`apps._default.destructive_enabled`
374
375Type / Values
376
377`boolean`
378
379Details
380
381Default allow/deny for app tools with `destructive_hint = true`.
382
383Key
384
385`apps._default.enabled`
386
387Type / Values
388
389`boolean`
390
391Details
392
393Default app enabled state for all apps unless overridden per app.
394
395Key
396
397`apps._default.open_world_enabled`
398
399Type / Values
400
401`boolean`
402
403Details
404
405Default allow/deny for app tools with `open_world_hint = true`.
406
407Key
408
409`apps.<id>.default_tools_approval_mode`
410
411Type / Values
412
413`auto | prompt | approve`
414
415Details
416
417Default approval behavior for tools in this app unless a per-tool override exists.
418
419Key
420
421`apps.<id>.default_tools_enabled`
422
423Type / Values
424
425`boolean`
426
427Details
428
429Default enabled state for tools in this app unless a per-tool override exists.
430
431Key
432
433`apps.<id>.destructive_enabled`
434
435Type / Values
436
437`boolean`
438
439Details
440
441Allow or block tools in this app that advertise `destructive_hint = true`.
442
443Key
444
445`apps.<id>.enabled`
446
447Type / Values
448
449`boolean`
450
451Details
452
453Enable or disable a specific app/connector by id (default: true).
454
455Key
456
457`apps.<id>.open_world_enabled`
458
459Type / Values
460
461`boolean`
462
463Details
464
465Allow or block tools in this app that advertise `open_world_hint = true`.
466
467Key
468
469`apps.<id>.tools.<tool>.approval_mode`
470
471Type / Values
472
473`auto | prompt | approve`
474
475Details
476
477Per-tool approval behavior override for a single app tool.
478
479Key
480
481`apps.<id>.tools.<tool>.enabled`
482
483Type / Values
484
485`boolean`
486
487Details
488
489Per-tool enabled override for an app tool (for example `repos/list`).
490
491Key
492
493`background_terminal_max_timeout`
494
495Type / Values
496
497`number`
498
499Details
500
501Maximum poll window in milliseconds for empty `write_stdin` polls (background terminal polling). Default: `300000` (5 minutes). Replaces the older `background_terminal_timeout` key.
502
503Key
504
505`chatgpt_base_url`
506
507Type / Values
508
509`string`
510
511Details
512
513Override the base URL used during the ChatGPT login flow.
514
515Key
516
517`check_for_update_on_startup`
518
519Type / Values
520
521`boolean`
522
523Details
524
525Check for Codex updates on startup (set to false only when updates are centrally managed).
526
527Key
528
529`cli_auth_credentials_store`
530
531Type / Values
532
533`file | keyring | auto`
534
535Details
536
537Control where the CLI stores cached credentials (file-based auth.json vs OS keychain).
538
539Key
540
541`commit_attribution`
542
543Type / Values
544
545`string`
546
547Details
548
549Override the commit co-author trailer text. Set an empty string to disable automatic attribution.
550
551Key
552
553`compact_prompt`
554
555Type / Values
556
557`string`
558
559Details
560
561Inline override for the history compaction prompt.
562
563Key
564
565`developer_instructions`
566
567Type / Values
568
569`string`
570
571Details
572
573Additional developer instructions injected into the session (optional).
574
575Key
576
577`disable_paste_burst`
578
579Type / Values
580
581`boolean`
582
583Details
584
585Disable burst-paste detection in the TUI.
586
587Key
588
589`experimental_compact_prompt_file`
590
591Type / Values
592
593`string (path)`
594
595Details
596
597Load the compaction prompt override from a file (experimental).
598
599Key
600
601`experimental_use_unified_exec_tool`
602
603Type / Values
604
605`boolean`
606
607Details
608
609Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`.
610
611Key
612
613`features.apps`
614
615Type / Values
616
617`boolean`
618
619Details
620
621Enable ChatGPT Apps/connectors support (experimental).
622
623Key
624
625`features.apps_mcp_gateway`
626
627Type / Values
628
629`boolean`
630
631Details
632
633Route Apps MCP calls through the OpenAI connectors MCP gateway (`https://api.openai.com/v1/connectors/mcp/`) instead of legacy routing (experimental).
634
635Key
636
637`features.artifact`
638
639Type / Values
640
641`boolean`
642
643Details
644
645Enable native artifact tools such as slides and spreadsheets (under development).
646
647Key
648
649`features.child_agents_md`
650
651Type / Values
652
653`boolean`
654
655Details
656
657Append AGENTS.md scope/precedence guidance even when no AGENTS.md is present (experimental).
658
659Key
660
661`features.collaboration_modes`
662
663Type / Values
664
665`boolean`
666
667Details
668
669Legacy toggle for collaboration modes. Plan and default modes are available in current builds without setting this key.
670
671Key
672
673`features.default_mode_request_user_input`
674
675Type / Values
676
677`boolean`
678
679Details
680
681Allow `request_user_input` in default collaboration mode (under development; off by default).
682
683Key
684
685`features.elevated_windows_sandbox`
686
687Type / Values
688
689`boolean`
690
691Details
692
693Legacy toggle for an earlier elevated Windows sandbox rollout. Current builds do not use it.
694
695Key
696
697`features.enable_request_compression`
698
699Type / Values
700
701`boolean`
702
703Details
704
705Compress streaming request bodies with zstd when supported (stable; on by default).
706
707Key
708
709`features.experimental_windows_sandbox`
710
711Type / Values
712
713`boolean`
714
715Details
716
717Legacy toggle for an earlier Windows sandbox rollout. Current builds do not use it.
718
719Key
720
721`features.fast_mode`
722
723Type / Values
724
725`boolean`
726
727Details
728
729Enable Fast mode selection and the `service_tier = "fast"` path (stable; on by default).
730
731Key
732
733`features.image_detail_original`
734
735Type / Values
736
737`boolean`
738
739Details
740
741Allow image outputs with `detail = "original"` on supported models (under development).
742
743Key
744
745`features.image_generation`
746
747Type / Values
748
749`boolean`
750
751Details
752
753Enable the built-in image generation tool (under development).
754
755Key
756
757`features.multi_agent`
758
759Type / Values
760
761`boolean`
762
763Details
764
765Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait`, `close_agent`, and `spawn_agents_on_csv`) (experimental; off by default).
766
767Key
768
769`features.personality`
770
771Type / Values
772
773`boolean`
774
775Details
776
777Enable personality selection controls (stable; on by default).
778
779Key
780
781`features.powershell_utf8`
782
783Type / Values
784
785`boolean`
786
787Details
788
789Force PowerShell UTF-8 output. Enabled by default on Windows and off elsewhere.
790
791Key
792
793`features.prevent_idle_sleep`
794
795Type / Values
796
797`boolean`
798
799Details
800
801Prevent the machine from sleeping while a turn is actively running (experimental; off by default).
802
803Key
804
805`features.remote_models`
806
807Type / Values
808
809`boolean`
810
811Details
812
813Legacy toggle for an older remote-model readiness flow. Current builds do not use it.
814
815Key
816
817`features.request_rule`
818
819Type / Values
820
821`boolean`
822
823Details
824
825Legacy toggle for Smart approvals. Current builds include this behavior by default, so most users can leave this unset.
826
827Key
828
829`features.responses_websockets`
830
831Type / Values
832
833`boolean`
834
835Details
836
837Prefer the Responses API WebSocket transport for supported providers (under development).
838
839Key
840
841`features.responses_websockets_v2`
842
843Type / Values
844
845`boolean`
846
847Details
848
849Enable Responses API WebSocket v2 mode (under development).
850
851Key
852
853`features.runtime_metrics`
854
855Type / Values
856
857`boolean`
858
859Details
860
861Show runtime metrics summary in TUI turn separators (experimental).
862
863Key
864
865`features.search_tool`
866
867Type / Values
868
869`boolean`
870
871Details
872
873Legacy toggle for an older Apps discovery flow. Current builds do not use it.
874
875Key
876
877`features.shell_snapshot`
878
879Type / Values
880
881`boolean`
882
883Details
884
885Snapshot shell environment to speed up repeated commands (stable; on by default).
886
887Key
888
889`features.shell_tool`
890
891Type / Values
892
893`boolean`
894
895Details
896
897Enable the default `shell` tool for running commands (stable; on by default).
898
899Key
900
901`features.skill_env_var_dependency_prompt`
902
903Type / Values
904
905`boolean`
906
907Details
908
909Prompt for missing skill environment-variable dependencies (under development).
910
911Key
912
913`features.skill_mcp_dependency_install`
914
915Type / Values
916
917`boolean`
918
919Details
920
921Allow prompting and installing missing MCP dependencies for skills (stable; on by default).
922
923Key
924
925`features.sqlite`
926
927Type / Values
928
929`boolean`
930
931Details
932
933Enable SQLite-backed state persistence (stable; on by default).
934
935Key
936
937`features.steer`
938
939Type / Values
940
941`boolean`
942
943Details
944
945Legacy toggle from an earlier Enter/Tab steering rollout. Current builds always use the current steering behavior.
946
947Key
948
949`features.undo`
950
951Type / Values
952
953`boolean`
954
955Details
956
957Enable undo support (stable; off by default).
958
959Key
960
961`features.unified_exec`
962
963Type / Values
964
965`boolean`
966
967Details
968
969Use the unified PTY-backed exec tool (stable; enabled by default except on Windows).
970
971Key
972
973`features.use_linux_sandbox_bwrap`
974
975Type / Values
976
977`boolean`
978
979Details
980
981Use the bubblewrap-based Linux sandbox pipeline (experimental; off by default).
982
983Key
984
985`features.web_search`
986
987Type / Values
988
989`boolean`
990
991Details
992
993Deprecated legacy toggle; prefer the top-level `web_search` setting.
994
995Key
996
997`features.web_search_cached`
998
999Type / Values
1000
1001`boolean`
1002
1003Details
1004
1005Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`.
1006
1007Key
1008
1009`features.web_search_request`
1010
1011Type / Values
1012
1013`boolean`
1014
1015Details
1016
1017Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`.
1018
1019Key
1020
1021`feedback.enabled`
1022
1023Type / Values
1024
1025`boolean`
1026
1027Details
1028
1029Enable feedback submission via `/feedback` across Codex surfaces (default: true).
1030
1031Key
1032
1033`file_opener`
1034
1035Type / Values
1036
1037`vscode | vscode-insiders | windsurf | cursor | none`
1038
1039Details
1040
1041URI scheme used to open citations from Codex output (default: `vscode`).
1042
1043Key
1044
1045`forced_chatgpt_workspace_id`
1046
1047Type / Values
1048
1049`string (uuid)`
1050
1051Details
1052
1053Limit ChatGPT logins to a specific workspace identifier.
1054
1055Key
1056
1057`forced_login_method`
1058
1059Type / Values
1060
1061`chatgpt | api`
1062
1063Details
1064
1065Restrict Codex to a specific authentication method.
1066
1067Key
1068
1069`hide_agent_reasoning`
1070
1071Type / Values
1072
1073`boolean`
1074
1075Details
1076
1077Suppress reasoning events in both the TUI and `codex exec` output.
1078
1079Key
1080
1081`history.max_bytes`
1082
1083Type / Values
1084
1085`number`
1086
1087Details
1088
1089If set, caps the history file size in bytes by dropping oldest entries.
1090
1091Key
1092
1093`history.persistence`
1094
1095Type / Values
1096
1097`save-all | none`
1098
1099Details
1100
1101Control whether Codex saves session transcripts to history.jsonl.
1102
1103Key
1104
1105`instructions`
1106
1107Type / Values
1108
1109`string`
1110
1111Details
1112
1113Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`.
1114
1115Key
1116
1117`log_dir`
1118
1119Type / Values
1120
1121`string (path)`
1122
1123Details
1124
1125Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`.
1126
1127Key
1128
1129`mcp_oauth_callback_port`
1130
1131Type / Values
1132
1133`integer`
1134
1135Details
1136
1137Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS.
1138
1139Key
1140
1141`mcp_oauth_callback_url`
1142
1143Type / Values
1144
1145`string`
1146
1147Details
1148
1149Optional redirect URI override for MCP OAuth login (for example, a devbox ingress URL). `mcp_oauth_callback_port` still controls the callback listener port.
1150
1151Key
1152
1153`mcp_oauth_credentials_store`
1154
1155Type / Values
1156
1157`auto | file | keyring`
1158
1159Details
1160
1161Preferred store for MCP OAuth credentials.
1162
1163Key
1164
1165`mcp_servers.<id>.args`
1166
1167Type / Values
1168
1169`array<string>`
1170
1171Details
1172
1173Arguments passed to the MCP stdio server command.
1174
1175Key
1176
1177`mcp_servers.<id>.bearer_token_env_var`
1178
1179Type / Values
1180
1181`string`
1182
1183Details
1184
1185Environment variable sourcing the bearer token for an MCP HTTP server.
1186
1187Key
1188
1189`mcp_servers.<id>.command`
1190
1191Type / Values
1192
1193`string`
1194
1195Details
1196
1197Launcher command for an MCP stdio server.
1198
1199Key
1200
1201`mcp_servers.<id>.cwd`
1202
1203Type / Values
1204
1205`string`
1206
1207Details
1208
1209Working directory for the MCP stdio server process.
1210
1211Key
1212
1213`mcp_servers.<id>.disabled_tools`
1214
1215Type / Values
1216
1217`array<string>`
1218
1219Details
1220
1221Deny list applied after `enabled_tools` for the MCP server.
1222
1223Key
1224
1225`mcp_servers.<id>.enabled`
1226
1227Type / Values
1228
1229`boolean`
1230
1231Details
1232
1233Disable an MCP server without removing its configuration.
1234
1235Key
1236
1237`mcp_servers.<id>.enabled_tools`
1238
1239Type / Values
1240
1241`array<string>`
1242
1243Details
1244
1245Allow list of tool names exposed by the MCP server.
1246
1247Key
1248
1249`mcp_servers.<id>.env`
1250
1251Type / Values
1252
1253`map<string,string>`
1254
1255Details
1256
1257Environment variables forwarded to the MCP stdio server.
1258
1259Key
1260
1261`mcp_servers.<id>.env_http_headers`
1262
1263Type / Values
1264
1265`map<string,string>`
1266
1267Details
1268
1269HTTP headers populated from environment variables for an MCP HTTP server.
1270
1271Key
1272
1273`mcp_servers.<id>.env_vars`
1274
1275Type / Values
1276
1277`array<string>`
1278
1279Details
1280
1281Additional environment variables to whitelist for an MCP stdio server.
1282
1283Key
1284
1285`mcp_servers.<id>.http_headers`
1286
1287Type / Values
1288
1289`map<string,string>`
1290
1291Details
1292
1293Static HTTP headers included with each MCP HTTP request.
1294
1295Key
1296
1297`mcp_servers.<id>.oauth_resource`
1298
1299Type / Values
1300
1301`string`
1302
1303Details
1304
1305Optional RFC 8707 OAuth resource parameter to include during MCP login.
1306
1307Key
1308
1309`mcp_servers.<id>.required`
1310
1311Type / Values
1312
1313`boolean`
1314
1315Details
1316
1317When true, fail startup/resume if this enabled MCP server cannot initialize.
1318
1319Key
1320
1321`mcp_servers.<id>.scopes`
1322
1323Type / Values
1324
1325`array<string>`
1326
1327Details
1328
1329OAuth scopes to request when authenticating to that MCP server.
1330
1331Key
1332
1333`mcp_servers.<id>.startup_timeout_ms`
1334
1335Type / Values
1336
1337`number`
1338
1339Details
1340
1341Alias for `startup_timeout_sec` in milliseconds.
1342
1343Key
1344
1345`mcp_servers.<id>.startup_timeout_sec`
1346
1347Type / Values
1348
1349`number`
1350
1351Details
1352
1353Override the default 10s startup timeout for an MCP server.
1354
1355Key
1356
1357`mcp_servers.<id>.tool_timeout_sec`
1358
1359Type / Values
1360
1361`number`
1362
1363Details
1364
1365Override the default 60s per-tool timeout for an MCP server.
1366
1367Key
1368
1369`mcp_servers.<id>.url`
1370
1371Type / Values
1372
1373`string`
1374
1375Details
1376
1377Endpoint for an MCP streamable HTTP server.
1378
1379Key
1380
1381`model`
1382
1383Type / Values
1384
1385`string`
1386
1387Details
1388
1389Model to use (e.g., `gpt-5-codex`).
1390
1391Key
1392
1393`model_auto_compact_token_limit`
1394
1395Type / Values
1396
1397`number`
1398
1399Details
1400
1401Token threshold that triggers automatic history compaction (unset uses model defaults).
1402
1403Key
1404
1405`model_catalog_json`
1406
1407Type / Values
1408
1409`string (path)`
1410
1411Details
1412
1413Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile.
1414
1415Key
1416
1417`model_context_window`
1418
1419Type / Values
1420
1421`number`
1422
1423Details
1424
1425Context window tokens available to the active model.
1426
1427Key
1428
1429`model_instructions_file`
1430
1431Type / Values
1432
1433`string (path)`
1434
1435Details
1436
1437Replacement for built-in instructions instead of `AGENTS.md`.
1438
1439Key
1440
1441`model_provider`
1442
1443Type / Values
1444
1445`string`
1446
1447Details
1448
1449Provider id from `model_providers` (default: `openai`).
1450
1451Key
1452
1453`model_providers.<id>.base_url`
1454
1455Type / Values
1456
1457`string`
1458
1459Details
1460
1461API base URL for the model provider.
1462
1463Key
1464
1465`model_providers.<id>.env_http_headers`
1466
1467Type / Values
1468
1469`map<string,string>`
1470
1471Details
1472
1473HTTP headers populated from environment variables when present.
1474
1475Key
1476
1477`model_providers.<id>.env_key`
1478
1479Type / Values
1480
1481`string`
1482
1483Details
1484
1485Environment variable supplying the provider API key.
1486
1487Key
1488
1489`model_providers.<id>.env_key_instructions`
1490
1491Type / Values
1492
1493`string`
1494
1495Details
1496
1497Optional setup guidance for the provider API key.
1498
1499Key
1500
1501`model_providers.<id>.experimental_bearer_token`
1502
1503Type / Values
1504
1505`string`
1506
1507Details
1508
1509Direct bearer token for the provider (discouraged; use `env_key`).
1510
1511Key
1512
1513`model_providers.<id>.http_headers`
1514
1515Type / Values
1516
1517`map<string,string>`
1518
1519Details
1520
1521Static HTTP headers added to provider requests.
1522
1523Key
1524
1525`model_providers.<id>.name`
1526
1527Type / Values
1528
1529`string`
1530
1531Details
1532
1533Display name for a custom model provider.
1534
1535Key
1536
1537`model_providers.<id>.query_params`
1538
1539Type / Values
1540
1541`map<string,string>`
1542
1543Details
1544
1545Extra query parameters appended to provider requests.
1546
1547Key
1548
1549`model_providers.<id>.request_max_retries`
1550
1551Type / Values
1552
1553`number`
1554
1555Details
1556
1557Retry count for HTTP requests to the provider (default: 4).
1558
1559Key
1560
1561`model_providers.<id>.requires_openai_auth`
1562
1563Type / Values
1564
1565`boolean`
1566
1567Details
1568
1569The provider uses OpenAI authentication (defaults to false).
1570
1571Key
1572
1573`model_providers.<id>.stream_idle_timeout_ms`
1574
1575Type / Values
1576
1577`number`
1578
1579Details
1580
1581Idle timeout for SSE streams in milliseconds (default: 300000).
1582
1583Key
1584
1585`model_providers.<id>.stream_max_retries`
1586
1587Type / Values
1588
1589`number`
1590
1591Details
1592
1593Retry count for SSE streaming interruptions (default: 5).
1594
1595Key
1596
1597`model_providers.<id>.supports_websockets`
1598
1599Type / Values
1600
1601`boolean`
1602
1603Details
1604
1605Whether that provider supports the Responses API WebSocket transport.
1606
1607Key
1608
1609`model_providers.<id>.wire_api`
1610
1611Type / Values
1612
1613`responses`
1614
1615Details
1616
1617Protocol used by the provider. `responses` is the only supported value, and it is the default when omitted.
1618
1619Key
1620
1621`model_reasoning_effort`
1622
1623Type / Values
1624
1625`minimal | low | medium | high | xhigh`
1626
1627Details
1628
1629Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent).
1630
1631Key
1632
1633`model_reasoning_summary`
1634
1635Type / Values
1636
1637`auto | concise | detailed | none`
1638
1639Details
1640
1641Select reasoning summary detail or disable summaries entirely.
1642
1643Key
1644
1645`model_supports_reasoning_summaries`
1646
1647Type / Values
1648
1649`boolean`
1650
1651Details
1652
1653Force Codex to send or not send reasoning metadata.
1654
1655Key
1656
1657`model_verbosity`
1658
1659Type / Values
1660
1661`low | medium | high`
1662
1663Details
1664
1665Optional GPT-5 Responses API verbosity override; when unset, the selected model/preset default is used.
1666
1667Key
1668
1669`notice.hide_full_access_warning`
1670
1671Type / Values
1672
1673`boolean`
1674
1675Details
1676
1677Track acknowledgement of the full access warning prompt.
1678
1679Key
1680
1681`notice.hide_gpt-5.1-codex-max_migration_prompt`
1682
1683Type / Values
1684
1685`boolean`
1686
1687Details
1688
1689Track acknowledgement of the gpt-5.1-codex-max migration prompt.
1690
1691Key
1692
1693`notice.hide_gpt5_1_migration_prompt`
1694
1695Type / Values
1696
1697`boolean`
1698
1699Details
1700
1701Track acknowledgement of the GPT-5.1 migration prompt.
1702
1703Key
1704
1705`notice.hide_rate_limit_model_nudge`
1706
1707Type / Values
1708
1709`boolean`
1710
1711Details
1712
1713Track opt-out of the rate limit model switch reminder.
1714
1715Key
1716
1717`notice.hide_world_writable_warning`
1718
1719Type / Values
1720
1721`boolean`
1722
1723Details
1724
1725Track acknowledgement of the Windows world-writable directories warning.
1726
1727Key
1728
1729`notice.model_migrations`
1730
1731Type / Values
1732
1733`map<string,string>`
1734
1735Details
1736
1737Track acknowledged model migrations as old->new mappings.
1738
1739Key
1740
1741`notify`
1742
1743Type / Values
1744
1745`array<string>`
1746
1747Details
1748
1749Command invoked for notifications; receives a JSON payload from Codex.
1750
1751Key
1752
1753`oss_provider`
1754
1755Type / Values
1756
1757`lmstudio | ollama`
1758
1759Details
1760
1761Default local provider used when running with `--oss` (defaults to prompting if unset).
1762
1763Key
1764
1765`otel.environment`
1766
1767Type / Values
1768
1769`string`
1770
1771Details
1772
1773Environment tag applied to emitted OpenTelemetry events (default: `dev`).
1774
1775Key
1776
1777`otel.exporter`
1778
1779Type / Values
1780
1781`none | otlp-http | otlp-grpc`
1782
1783Details
1784
1785Select the OpenTelemetry exporter and provide any endpoint metadata.
1786
1787Key
1788
1789`otel.exporter.<id>.endpoint`
1790
1791Type / Values
1792
1793`string`
1794
1795Details
1796
1797Exporter endpoint for OTEL logs.
1798
1799Key
1800
1801`otel.exporter.<id>.headers`
1802
1803Type / Values
1804
1805`map<string,string>`
1806
1807Details
1808
1809Static headers included with OTEL exporter requests.
1810
1811Key
1812
1813`otel.exporter.<id>.protocol`
1814
1815Type / Values
1816
1817`binary | json`
1818
1819Details
1820
1821Protocol used by the OTLP/HTTP exporter.
1822
1823Key
1824
1825`otel.exporter.<id>.tls.ca-certificate`
1826
1827Type / Values
1828
1829`string`
1830
1831Details
1832
1833CA certificate path for OTEL exporter TLS.
1834
1835Key
1836
1837`otel.exporter.<id>.tls.client-certificate`
1838
1839Type / Values
1840
1841`string`
1842
1843Details
1844
1845Client certificate path for OTEL exporter TLS.
1846
1847Key
1848
1849`otel.exporter.<id>.tls.client-private-key`
1850
1851Type / Values
1852
1853`string`
1854
1855Details
1856
1857Client private key path for OTEL exporter TLS.
1858
1859Key
1860
1861`otel.log_user_prompt`
1862
1863Type / Values
1864
1865`boolean`
1866
1867Details
1868
1869Opt in to exporting raw user prompts with OpenTelemetry logs.
1870
1871Key
1872
1873`otel.metrics_exporter`
1874
1875Type / Values
1876
1877`none | statsig | otlp-http | otlp-grpc`
1878
1879Details
1880
1881Select the OpenTelemetry metrics exporter (defaults to `statsig`).
1882
1883Key
1884
1885`otel.trace_exporter`
1886
1887Type / Values
1888
1889`none | otlp-http | otlp-grpc`
1890
1891Details
1892
1893Select the OpenTelemetry trace exporter and provide any endpoint metadata.
1894
1895Key
1896
1897`otel.trace_exporter.<id>.endpoint`
1898
1899Type / Values
1900
1901`string`
1902
1903Details
1904
1905Trace exporter endpoint for OTEL logs.
1906
1907Key
1908
1909`otel.trace_exporter.<id>.headers`
1910
1911Type / Values
1912
1913`map<string,string>`
1914
1915Details
1916
1917Static headers included with OTEL trace exporter requests.
1918
1919Key
1920
1921`otel.trace_exporter.<id>.protocol`
1922
1923Type / Values
1924
1925`binary | json`
1926
1927Details
1928
1929Protocol used by the OTLP/HTTP trace exporter.
1930
1931Key
1932
1933`otel.trace_exporter.<id>.tls.ca-certificate`
1934
1935Type / Values
1936
1937`string`
1938
1939Details
1940
1941CA certificate path for OTEL trace exporter TLS.
1942
1943Key
1944
1945`otel.trace_exporter.<id>.tls.client-certificate`
1946
1947Type / Values
1948
1949`string`
1950
1951Details
1952
1953Client certificate path for OTEL trace exporter TLS.
1954
1955Key
1956
1957`otel.trace_exporter.<id>.tls.client-private-key`
1958
1959Type / Values
1960
1961`string`
1962
1963Details
1964
1965Client private key path for OTEL trace exporter TLS.
1966
1967Key
1968
1969`permissions.network.admin_url`
1970
1971Type / Values
1972
1973`string`
1974
1975Details
1976
1977Admin endpoint for the managed network proxy.
1978
1979Key
1980
1981`permissions.network.allow_local_binding`
1982
1983Type / Values
1984
1985`boolean`
1986
1987Details
1988
1989Permit local bind/listen operations through the managed proxy.
1990
1991Key
1992
1993`permissions.network.allow_unix_sockets`
1994
1995Type / Values
1996
1997`array<string>`
1998
1999Details
2000
2001Allowlist of Unix socket paths permitted through the managed proxy.
2002
2003Key
2004
2005`permissions.network.allow_upstream_proxy`
2006
2007Type / Values
2008
2009`boolean`
2010
2011Details
2012
2013Allow the managed proxy to chain to another upstream proxy.
2014
2015Key
2016
2017`permissions.network.allowed_domains`
2018
2019Type / Values
2020
2021`array<string>`
2022
2023Details
2024
2025Allowlist of domains permitted through the managed proxy.
2026
2027Key
2028
2029`permissions.network.dangerously_allow_all_unix_sockets`
2030
2031Type / Values
2032
2033`boolean`
2034
2035Details
2036
2037Allow the proxy to use arbitrary Unix sockets instead of the default restricted set.
2038
2039Key
2040
2041`permissions.network.dangerously_allow_non_loopback_admin`
2042
2043Type / Values
2044
2045`boolean`
2046
2047Details
2048
2049Permit non-loopback bind addresses for the managed proxy admin listener.
2050
2051Key
2052
2053`permissions.network.dangerously_allow_non_loopback_proxy`
2054
2055Type / Values
2056
2057`boolean`
2058
2059Details
2060
2061Permit non-loopback bind addresses for the managed proxy listener.
2062
2063Key
2064
2065`permissions.network.denied_domains`
2066
2067Type / Values
2068
2069`array<string>`
2070
2071Details
2072
2073Denylist of domains blocked by the managed proxy.
2074
2075Key
2076
2077`permissions.network.enable_socks5`
2078
2079Type / Values
2080
2081`boolean`
2082
2083Details
2084
2085Expose a SOCKS5 listener from the managed network proxy.
2086
2087Key
2088
2089`permissions.network.enable_socks5_udp`
2090
2091Type / Values
2092
2093`boolean`
2094
2095Details
2096
2097Allow UDP over the SOCKS5 listener when enabled.
2098
2099Key
2100
2101`permissions.network.enabled`
2102
2103Type / Values
2104
2105`boolean`
2106
2107Details
2108
2109Enable the managed network proxy configuration for subprocesses.
2110
2111Key
2112
2113`permissions.network.mode`
2114
2115Type / Values
2116
2117`limited | full`
2118
2119Details
2120
2121Network proxy mode used for subprocess traffic.
2122
2123Key
2124
2125`permissions.network.proxy_url`
2126
2127Type / Values
2128
2129`string`
2130
2131Details
2132
2133HTTP proxy endpoint used by the managed network proxy.
2134
2135Key
2136
2137`permissions.network.socks_url`
2138
2139Type / Values
2140
2141`string`
2142
2143Details
2144
2145SOCKS5 proxy endpoint used by the managed network proxy.
2146
2147Key
2148
2149`personality`
2150
2151Type / Values
2152
2153`none | friendly | pragmatic`
2154
2155Details
2156
2157Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`.
2158
2159Key
2160
2161`plan_mode_reasoning_effort`
2162
2163Type / Values
2164
2165`none | minimal | low | medium | high | xhigh`
2166
2167Details
2168
2169Plan-mode-specific reasoning override. When unset, Plan mode uses its built-in preset default.
2170
2171Key
2172
2173`profile`
2174
2175Type / Values
2176
2177`string`
2178
2179Details
2180
2181Default profile applied at startup (equivalent to `--profile`).
2182
2183Key
2184
2185`profiles.<name>.*`
2186
2187Type / Values
2188
2189`various`
2190
2191Details
2192
2193Profile-scoped overrides for any of the supported configuration keys.
2194
2195Key
2196
2197`profiles.<name>.analytics.enabled`
2198
2199Type / Values
2200
2201`boolean`
2202
2203Details
2204
2205Profile-scoped analytics enablement override.
2206
2207Key
2208
2209`profiles.<name>.experimental_use_unified_exec_tool`
2210
2211Type / Values
2212
2213`boolean`
2214
2215Details
2216
2217Legacy name for enabling unified exec; prefer `[features].unified_exec`.
2218
2219Key
2220
2221`profiles.<name>.model_catalog_json`
2222
2223Type / Values
2224
2225`string (path)`
2226
2227Details
2228
2229Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile).
2230
2231Key
2232
2233`profiles.<name>.model_instructions_file`
2234
2235Type / Values
2236
2237`string (path)`
2238
2239Details
2240
2241Profile-scoped replacement for the built-in instruction file.
2242
2243Key
2244
2245`profiles.<name>.oss_provider`
2246
2247Type / Values
2248
2249`lmstudio | ollama`
2250
2251Details
2252
2253Profile-scoped OSS provider for `--oss` sessions.
2254
2255Key
2256
2257`profiles.<name>.personality`
2258
2259Type / Values
2260
2261`none | friendly | pragmatic`
2262
2263Details
2264
2265Profile-scoped communication style override for supported models.
2266
2267Key
2268
2269`profiles.<name>.plan_mode_reasoning_effort`
2270
2271Type / Values
2272
2273`none | minimal | low | medium | high | xhigh`
2274
2275Details
2276
2277Profile-scoped Plan-mode reasoning override.
2278
2279Key
2280
2281`profiles.<name>.service_tier`
2282
2283Type / Values
2284
2285`flex | fast`
2286
2287Details
2288
2289Profile-scoped service tier preference for new turns.
2290
2291Key
2292
2293`profiles.<name>.tools_view_image`
2294
2295Type / Values
2296
2297`boolean`
2298
2299Details
2300
2301Enable or disable the `view_image` tool in that profile.
2302
2303Key
2304
2305`profiles.<name>.web_search`
2306
2307Type / Values
2308
2309`disabled | cached | live`
2310
2311Details
2312
2313Profile-scoped web search mode override (default: `"cached"`).
2314
2315Key
2316
2317`profiles.<name>.windows.sandbox`
2318
2319Type / Values
2320
2321`unelevated | elevated`
2322
2323Details
2324
2325Profile-scoped Windows sandbox mode override.
2326
2327Key
2328
2329`project_doc_fallback_filenames`
2330
2331Type / Values
2332
2333`array<string>`
2334
2335Details
2336
2337Additional filenames to try when `AGENTS.md` is missing.
2338
2339Key
2340
2341`project_doc_max_bytes`
2342
2343Type / Values
2344
2345`number`
2346
2347Details
2348
2349Maximum bytes read from `AGENTS.md` when building project instructions.
2350
2351Key
2352
2353`project_root_markers`
2354
2355Type / Values
2356
2357`array<string>`
2358
2359Details
2360
2361List of project root marker filenames; used when searching parent directories for the project root.
2362
2363Key
2364
2365`projects.<path>.trust_level`
2366
2367Type / Values
2368
2369`string`
2370
2371Details
2372
2373Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers.
2374
2375Key
2376
2377`review_model`
2378
2379Type / Values
2380
2381`string`
2382
2383Details
2384
2385Optional model override used by `/review` (defaults to the current session model).
2386
2387Key
2388
2389`sandbox_mode`
2390
2391Type / Values
2392
2393`read-only | workspace-write | danger-full-access`
2394
2395Details
2396
2397Sandbox policy for filesystem and network access during command execution.
2398
2399Key
2400
2401`sandbox_workspace_write.exclude_slash_tmp`
2402
2403Type / Values
2404
2405`boolean`
2406
2407Details
2408
2409Exclude `/tmp` from writable roots in workspace-write mode.
2410
2411Key
2412
2413`sandbox_workspace_write.exclude_tmpdir_env_var`
2414
2415Type / Values
2416
2417`boolean`
2418
2419Details
2420
2421Exclude `$TMPDIR` from writable roots in workspace-write mode.
2422
2423Key
2424
2425`sandbox_workspace_write.network_access`
2426
2427Type / Values
2428
2429`boolean`
2430
2431Details
2432
2433Allow outbound network access inside the workspace-write sandbox.
2434
2435Key
2436
2437`sandbox_workspace_write.writable_roots`
2438
2439Type / Values
2440
2441`array<string>`
2442
2443Details
2444
2445Additional writable roots when `sandbox_mode = "workspace-write"`.
2446
2447Key
2448
2449`service_tier`
2450
2451Type / Values
2452
2453`flex | fast`
2454
2455Details
2456
2457Preferred service tier for new turns. `fast` is honored only when the `features.fast_mode` gate is enabled.
2458
2459Key
2460
2461`shell_environment_policy.exclude`
2462
2463Type / Values
2464 15
246516`array<string>`For sandbox and approval keys (`approval_policy`, `sandbox_mode`, and `sandbox_workspace_write.*`), pair this reference with [Sandbox and approvals](https://developers.openai.com/codex/agent-approvals-security#sandbox-and-approvals), [Protected paths in writable roots](https://developers.openai.com/codex/agent-approvals-security#protected-paths-in-writable-roots), and [Network access](https://developers.openai.com/codex/agent-approvals-security#network-access).
2466
2467Details
2468
2469Glob patterns for removing environment variables after the defaults.
2470
2471Key
2472
2473`shell_environment_policy.experimental_use_profile`
2474
2475Type / Values
2476
2477`boolean`
2478
2479Details
2480
2481Use the user shell profile when spawning subprocesses.
2482
2483Key
2484
2485`shell_environment_policy.ignore_default_excludes`
2486
2487Type / Values
2488
2489`boolean`
2490
2491Details
2492
2493Keep variables containing KEY/SECRET/TOKEN before other filters run.
2494
2495Key
2496
2497`shell_environment_policy.include_only`
2498
2499Type / Values
2500
2501`array<string>`
2502
2503Details
2504
2505Whitelist of patterns; when set only matching variables are kept.
2506
2507Key
2508
2509`shell_environment_policy.inherit`
2510
2511Type / Values
2512
2513`all | core | none`
2514
2515Details
2516
2517Baseline environment inheritance when spawning subprocesses.
2518
2519Key
2520
2521`shell_environment_policy.set`
2522
2523Type / Values
2524
2525`map<string,string>`
2526
2527Details
2528
2529Explicit environment overrides injected into every subprocess.
2530
2531Key
2532
2533`show_raw_agent_reasoning`
2534
2535Type / Values
2536
2537`boolean`
2538
2539Details
2540
2541Surface raw reasoning content when the active model emits it.
2542
2543Key
2544
2545`skills.config`
2546
2547Type / Values
2548
2549`array<object>`
2550
2551Details
2552
2553Per-skill enablement overrides stored in config.toml.
2554
2555Key
2556
2557`skills.config.<index>.enabled`
2558
2559Type / Values
2560
2561`boolean`
2562
2563Details
2564
2565Enable or disable the referenced skill.
2566
2567Key
2568
2569`skills.config.<index>.path`
2570
2571Type / Values
2572
2573`string (path)`
2574
2575Details
2576
2577Path to a skill folder containing `SKILL.md`.
2578
2579Key
2580
2581`sqlite_home`
2582
2583Type / Values
2584
2585`string (path)`
2586
2587Details
2588
2589Directory where Codex stores the SQLite-backed state DB used by agent jobs and other resumable runtime state.
2590
2591Key
2592
2593`suppress_unstable_features_warning`
2594
2595Type / Values
2596
2597`boolean`
2598
2599Details
2600
2601Suppress the warning that appears when under-development feature flags are enabled.
2602
2603Key
2604
2605`tool_output_token_limit`
2606
2607Type / Values
2608
2609`number`
2610
2611Details
2612
2613Token budget for storing individual tool/function outputs in history.
2614
2615Key
2616
2617`tools.view_image`
2618
2619Type / Values
2620
2621`boolean`
2622
2623Details
2624
2625Enable the local-image attachment tool `view_image`.
2626
2627Key
2628
2629`tools.web_search`
2630
2631Type / Values
2632
2633`boolean`
2634
2635Details
2636
2637Deprecated legacy toggle for web search; prefer the top-level `web_search` setting.
2638
2639Key
2640
2641`tui`
2642
2643Type / Values
2644
2645`table`
2646
2647Details
2648
2649TUI-specific options such as enabling inline desktop notifications.
2650
2651Key
2652
2653`tui.alternate_screen`
2654
2655Type / Values
2656
2657`auto | always | never`
2658
2659Details
2660
2661Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback).
2662
2663Key
2664
2665`tui.animations`
2666
2667Type / Values
2668
2669`boolean`
2670
2671Details
2672
2673Enable terminal animations (welcome screen, shimmer, spinner) (default: true).
2674
2675Key
2676
2677`tui.model_availability_nux.<model>`
2678
2679Type / Values
2680
2681`integer`
2682
2683Details
2684
2685Internal startup-tooltip state keyed by model slug.
2686
2687Key
2688
2689`tui.notification_method`
2690
2691Type / Values
2692
2693`auto | osc9 | bel`
2694
2695Details
2696
2697Notification method for unfocused terminal notifications (default: auto).
2698
2699Key
2700
2701`tui.notifications`
2702
2703Type / Values
2704
2705`boolean | array<string>`
2706
2707Details
2708
2709Enable TUI notifications; optionally restrict to specific event types.
2710
2711Key
2712
2713`tui.show_tooltips`
2714
2715Type / Values
2716
2717`boolean`
2718
2719Details
2720
2721Show onboarding tooltips in the TUI welcome screen (default: true).
2722
2723Key
2724
2725`tui.status_line`
2726
2727Type / Values
2728
2729`array<string> | null`
2730
2731Details
2732
2733Ordered list of TUI footer status-line item identifiers. `null` disables the status line.
2734
2735Key
2736
2737`tui.theme`
2738
2739Type / Values
2740
2741`string`
2742
2743Details
2744
2745Syntax-highlighting theme override (kebab-case theme name).
2746
2747Key
2748
2749`web_search`
2750
2751Type / Values
2752
2753`disabled | cached | live`
2754
2755Details
2756
2757Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool.
2758
2759Key
2760
2761`windows_wsl_setup_acknowledged`
2762
2763Type / Values
2764
2765`boolean`
2766
2767Details
2768
2769Track Windows onboarding acknowledgement (Windows only).
2770
2771Key
2772
2773`windows.sandbox`
2774
2775Type / Values
2776
2777`unelevated | elevated`
2778
2779Details
2780
2781Windows-only native sandbox mode when running Codex natively on Windows.
2782 17
278318Expand to view all<ConfigTable
19 options={[
20 {
21 key: "model",
22 type: "string",
23 description: "Model to use (e.g., `gpt-5.5`).",
24 },
25 {
26 key: "review_model",
27 type: "string",
28 description:
29 "Optional model override used by `/review` (defaults to the current session model).",
30 },
31 {
32 key: "model_provider",
33 type: "string",
34 description: "Provider id from `model_providers` (default: `openai`).",
35 },
36 {
37 key: "openai_base_url",
38 type: "string",
39 description:
40 "Base URL override for the built-in `openai` model provider.",
41 },
42 {
43 key: "model_context_window",
44 type: "number",
45 description: "Context window tokens available to the active model.",
46 },
47 {
48 key: "model_auto_compact_token_limit",
49 type: "number",
50 description:
51 "Token threshold that triggers automatic history compaction (unset uses model defaults).",
52 },
53 {
54 key: "model_catalog_json",
55 type: "string (path)",
56 description:
57 "Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile.",
58 },
59 {
60 key: "oss_provider",
61 type: "lmstudio | ollama",
62 description:
63 "Default local provider used when running with `--oss` (defaults to prompting if unset).",
64 },
65 {
66 key: "approval_policy",
67 type: "untrusted | on-request | never | { granular = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool, request_permissions = bool, skill_approval = bool } }",
68 description:
69 "Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { granular = { ... } }` to allow or auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs.",
70 },
71 {
72 key: "approval_policy.granular.sandbox_approval",
73 type: "boolean",
74 description:
75 "When `true`, sandbox escalation approval prompts are allowed to surface.",
76 },
77 {
78 key: "approval_policy.granular.rules",
79 type: "boolean",
80 description:
81 "When `true`, approvals triggered by execpolicy `prompt` rules are allowed to surface.",
82 },
83 {
84 key: "approval_policy.granular.mcp_elicitations",
85 type: "boolean",
86 description:
87 "When `true`, MCP elicitation prompts are allowed to surface instead of being auto-rejected.",
88 },
89 {
90 key: "approval_policy.granular.request_permissions",
91 type: "boolean",
92 description:
93 "When `true`, prompts from the `request_permissions` tool are allowed to surface.",
94 },
95 {
96 key: "approval_policy.granular.skill_approval",
97 type: "boolean",
98 description:
99 "When `true`, skill-script approval prompts are allowed to surface.",
100 },
101 {
102 key: "approvals_reviewer",
103 type: "user | auto_review",
104 description:
105 "Who reviews eligible approval prompts under `on-request` or granular approval policies. Defaults to `user`; `auto_review` uses the reviewer subagent. This setting doesn't change sandboxing or review actions already allowed inside the sandbox.",
106 },
107 {
108 key: "auto_review.policy",
109 type: "string",
110 description:
111 "Local Markdown policy instructions for automatic review. Managed `guardian_policy_config` takes precedence. Blank values are ignored.",
112 },
113 {
114 key: "allow_login_shell",
115 type: "boolean",
116 description:
117 "Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells.",
118 },
119 {
120 key: "sandbox_mode",
121 type: "read-only | workspace-write | danger-full-access",
122 description:
123 "Sandbox policy for filesystem and network access during command execution.",
124 },
125 {
126 key: "sandbox_workspace_write.writable_roots",
127 type: "array<string>",
128 description:
129 'Additional writable roots when `sandbox_mode = "workspace-write"`.',
130 },
131 {
132 key: "sandbox_workspace_write.network_access",
133 type: "boolean",
134 description:
135 "Allow outbound network access inside the workspace-write sandbox.",
136 },
137 {
138 key: "sandbox_workspace_write.exclude_tmpdir_env_var",
139 type: "boolean",
140 description:
141 "Exclude `$TMPDIR` from writable roots in workspace-write mode.",
142 },
143 {
144 key: "sandbox_workspace_write.exclude_slash_tmp",
145 type: "boolean",
146 description:
147 "Exclude `/tmp` from writable roots in workspace-write mode.",
148 },
149 {
150 key: "windows.sandbox",
151 type: "unelevated | elevated",
152 description:
153 "Windows-only native sandbox mode when running Codex natively on Windows.",
154 },
155 {
156 key: "windows.sandbox_private_desktop",
157 type: "boolean",
158 description:
159 "Run the final sandboxed child process on a private desktop by default on native Windows. Set `false` only for compatibility with the older `Winsta0\\\\Default` behavior.",
160 },
161 {
162 key: "notify",
163 type: "array<string>",
164 description:
165 "Command invoked for notifications; receives a JSON payload from Codex.",
166 },
167 {
168 key: "check_for_update_on_startup",
169 type: "boolean",
170 description:
171 "Check for Codex updates on startup (set to false only when updates are centrally managed).",
172 },
173 {
174 key: "feedback.enabled",
175 type: "boolean",
176 description:
177 "Enable feedback submission via `/feedback` across Codex surfaces (default: true).",
178 },
179 {
180 key: "analytics.enabled",
181 type: "boolean",
182 description:
183 "Enable or disable analytics for this machine/profile. When unset, the client default applies.",
184 },
185 {
186 key: "instructions",
187 type: "string",
188 description:
189 "Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`.",
190 },
191 {
192 key: "developer_instructions",
193 type: "string",
194 description:
195 "Additional developer instructions injected into the session (optional).",
196 },
197 {
198 key: "log_dir",
199 type: "string (path)",
200 description:
201 "Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`.",
202 },
203 {
204 key: "sqlite_home",
205 type: "string (path)",
206 description:
207 "Directory where Codex stores the SQLite-backed state DB used by agent jobs and other resumable runtime state.",
208 },
209 {
210 key: "compact_prompt",
211 type: "string",
212 description: "Inline override for the history compaction prompt.",
213 },
214 {
215 key: "commit_attribution",
216 type: "string",
217 description:
218 'Commit co-author trailer used when `[features].codex_git_commit` is enabled. Defaults to `Codex <noreply@openai.com>`; set `""` to disable.',
219 },
220 {
221 key: "model_instructions_file",
222 type: "string (path)",
223 description:
224 "Replacement for built-in instructions instead of `AGENTS.md`.",
225 },
226 {
227 key: "personality",
228 type: "none | friendly | pragmatic",
229 description:
230 "Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`.",
231 },
232 {
233 key: "service_tier",
234 type: "string",
235 description:
236 "Preferred service tier for new turns. Built-in values include `flex` and `fast`; legacy `fast` config maps to the request value `priority`, and catalog-provided tier IDs can also be stored.",
237 },
238 {
239 key: "experimental_compact_prompt_file",
240 type: "string (path)",
241 description:
242 "Load the compaction prompt override from a file (experimental).",
243 },
244 {
245 key: "skills.config",
246 type: "array<object>",
247 description: "Per-skill enablement overrides stored in config.toml.",
248 },
249 {
250 key: "skills.config.<index>.path",
251 type: "string (path)",
252 description: "Path to a skill folder containing `SKILL.md`.",
253 },
254 {
255 key: "skills.config.<index>.enabled",
256 type: "boolean",
257 description: "Enable or disable the referenced skill.",
258 },
259 {
260 key: "apps.<id>.enabled",
261 type: "boolean",
262 description:
263 "Enable or disable a specific app/connector by id (default: true).",
264 },
265 {
266 key: "apps._default.enabled",
267 type: "boolean",
268 description:
269 "Default app enabled state for all apps unless overridden per app.",
270 },
271 {
272 key: "apps._default.destructive_enabled",
273 type: "boolean",
274 description:
275 "Default allow/deny for app tools with `destructive_hint = true`.",
276 },
277 {
278 key: "apps._default.open_world_enabled",
279 type: "boolean",
280 description:
281 "Default allow/deny for app tools with `open_world_hint = true`.",
282 },
283 {
284 key: "apps.<id>.destructive_enabled",
285 type: "boolean",
286 description:
287 "Allow or block tools in this app that advertise `destructive_hint = true`.",
288 },
289 {
290 key: "apps.<id>.open_world_enabled",
291 type: "boolean",
292 description:
293 "Allow or block tools in this app that advertise `open_world_hint = true`.",
294 },
295 {
296 key: "apps.<id>.default_tools_enabled",
297 type: "boolean",
298 description:
299 "Default enabled state for tools in this app unless a per-tool override exists.",
300 },
301 {
302 key: "apps.<id>.default_tools_approval_mode",
303 type: "auto | prompt | approve",
304 description:
305 "Default approval behavior for tools in this app unless a per-tool override exists.",
306 },
307 {
308 key: "apps.<id>.tools.<tool>.enabled",
309 type: "boolean",
310 description:
311 "Per-tool enabled override for an app tool (for example `repos/list`).",
312 },
313 {
314 key: "apps.<id>.tools.<tool>.approval_mode",
315 type: "auto | prompt | approve",
316 description: "Per-tool approval behavior override for a single app tool.",
317 },
318 {
319 key: "tool_suggest.discoverables",
320 type: "array<table>",
321 description:
322 'Allow tool suggestions for additional discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`.',
323 },
324 {
325 key: "tool_suggest.disabled_tools",
326 type: "array<table>",
327 description:
328 'Disable suggestions for specific discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`.',
329 },
330 {
331 key: "features.apps",
332 type: "boolean",
333 description: "Enable ChatGPT Apps/connectors support (experimental).",
334 },
335 {
336 key: "features.hooks",
337 type: "boolean",
338 description:
339 "Enable lifecycle hooks loaded from `hooks.json` or inline `[hooks]` config. `features.codex_hooks` is a deprecated alias.",
340 },
341 {
342 key: "features.codex_git_commit",
343 type: "boolean",
344 description:
345 "Enable Codex-generated git commits. When enabled, Codex uses `commit_attribution` to append a `Co-authored-by:` trailer to generated commit messages.",
346 },
347 {
348 key: "hooks",
349 type: "table",
350 description:
351 "Lifecycle hooks configured inline in `config.toml`. Uses the same event schema as `hooks.json`; see the Hooks guide for examples and supported events.",
352 },
353 {
354 key: "features.plugin_hooks",
355 type: "boolean",
356 description:
357 "Opt into lifecycle hooks bundled with enabled plugins. Off by default in this release; set to `true` to opt in.",
358 },
359 {
360 key: "features.memories",
361 type: "boolean",
362 description: "Enable [Memories](https://developers.openai.com/codex/memories) (off by default).",
363 },
364 {
365 key: "mcp_servers.<id>.command",
366 type: "string",
367 description: "Launcher command for an MCP stdio server.",
368 },
369 {
370 key: "mcp_servers.<id>.args",
371 type: "array<string>",
372 description: "Arguments passed to the MCP stdio server command.",
373 },
374 {
375 key: "mcp_servers.<id>.env",
376 type: "map<string,string>",
377 description: "Environment variables forwarded to the MCP stdio server.",
378 },
379 {
380 key: "mcp_servers.<id>.env_vars",
381 type: 'array<string | { name = string, source = "local" | "remote" }>',
382 description:
383 'Additional environment variables to whitelist for an MCP stdio server. String entries default to `source = "local"`; use `source = "remote"` only with executor-backed remote stdio.',
384 },
385 {
386 key: "mcp_servers.<id>.cwd",
387 type: "string",
388 description: "Working directory for the MCP stdio server process.",
389 },
390 {
391 key: "mcp_servers.<id>.url",
392 type: "string",
393 description: "Endpoint for an MCP streamable HTTP server.",
394 },
395 {
396 key: "mcp_servers.<id>.bearer_token_env_var",
397 type: "string",
398 description:
399 "Environment variable sourcing the bearer token for an MCP HTTP server.",
400 },
401 {
402 key: "mcp_servers.<id>.http_headers",
403 type: "map<string,string>",
404 description: "Static HTTP headers included with each MCP HTTP request.",
405 },
406 {
407 key: "mcp_servers.<id>.env_http_headers",
408 type: "map<string,string>",
409 description:
410 "HTTP headers populated from environment variables for an MCP HTTP server.",
411 },
412 {
413 key: "mcp_servers.<id>.enabled",
414 type: "boolean",
415 description: "Disable an MCP server without removing its configuration.",
416 },
417 {
418 key: "mcp_servers.<id>.required",
419 type: "boolean",
420 description:
421 "When true, fail startup/resume if this enabled MCP server cannot initialize.",
422 },
423 {
424 key: "mcp_servers.<id>.startup_timeout_sec",
425 type: "number",
426 description:
427 "Override the default 10s startup timeout for an MCP server.",
428 },
429 {
430 key: "mcp_servers.<id>.startup_timeout_ms",
431 type: "number",
432 description: "Alias for `startup_timeout_sec` in milliseconds.",
433 },
434 {
435 key: "mcp_servers.<id>.tool_timeout_sec",
436 type: "number",
437 description:
438 "Override the default 60s per-tool timeout for an MCP server.",
439 },
440 {
441 key: "mcp_servers.<id>.enabled_tools",
442 type: "array<string>",
443 description: "Allow list of tool names exposed by the MCP server.",
444 },
445 {
446 key: "mcp_servers.<id>.disabled_tools",
447 type: "array<string>",
448 description:
449 "Deny list applied after `enabled_tools` for the MCP server.",
450 },
451 {
452 key: "mcp_servers.<id>.default_tools_approval_mode",
453 type: "auto | prompt | approve",
454 description:
455 "Default approval behavior for MCP tools on this server unless a per-tool override exists.",
456 },
457 {
458 key: "mcp_servers.<id>.tools.<tool>.approval_mode",
459 type: "auto | prompt | approve",
460 description:
461 "Per-tool approval behavior override for one MCP tool on this server.",
462 },
463 {
464 key: "mcp_servers.<id>.scopes",
465 type: "array<string>",
466 description:
467 "OAuth scopes to request when authenticating to that MCP server.",
468 },
469 {
470 key: "mcp_servers.<id>.oauth_resource",
471 type: "string",
472 description:
473 "Optional RFC 8707 OAuth resource parameter to include during MCP login.",
474 },
475 {
476 key: "mcp_servers.<id>.experimental_environment",
477 type: "local | remote",
478 description:
479 "Experimental placement for an MCP server. `remote` starts stdio servers through a remote executor environment; streamable HTTP remote placement is not implemented.",
480 },
481 {
482 key: "agents.max_threads",
483 type: "number",
484 description:
485 "Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset.",
486 },
487 {
488 key: "agents.max_depth",
489 type: "number",
490 description:
491 "Maximum nesting depth allowed for spawned agent threads (root sessions start at depth 0; default: 1).",
492 },
493 {
494 key: "agents.job_max_runtime_seconds",
495 type: "number",
496 description:
497 "Default per-worker timeout for `spawn_agents_on_csv` jobs. When unset, the tool falls back to 1800 seconds per worker.",
498 },
499 {
500 key: "agents.<name>.description",
501 type: "string",
502 description:
503 "Role guidance shown to Codex when choosing and spawning that agent type.",
504 },
505 {
506 key: "agents.<name>.config_file",
507 type: "string (path)",
508 description:
509 "Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role.",
510 },
511 {
512 key: "agents.<name>.nickname_candidates",
513 type: "array<string>",
514 description:
515 "Optional pool of display nicknames for spawned agents in that role.",
516 },
517 {
518 key: "memories.generate_memories",
519 type: "boolean",
520 description:
521 "When `false`, newly created threads are not stored as memory-generation inputs. Defaults to `true`.",
522 },
523 {
524 key: "memories.use_memories",
525 type: "boolean",
526 description:
527 "When `false`, Codex skips injecting existing memories into future sessions. Defaults to `true`.",
528 },
529 {
530 key: "memories.disable_on_external_context",
531 type: "boolean",
532 description:
533 "When `true`, threads that use external context such as MCP tool calls, web search, or tool search are kept out of memory generation. Defaults to `false`. Legacy alias: `memories.no_memories_if_mcp_or_web_search`.",
534 },
535 {
536 key: "memories.max_raw_memories_for_consolidation",
537 type: "number",
538 description:
539 "Maximum recent raw memories retained for global consolidation. Defaults to `256` and is capped at `4096`.",
540 },
541 {
542 key: "memories.max_unused_days",
543 type: "number",
544 description:
545 "Maximum days since a memory was last used before it becomes ineligible for consolidation. Defaults to `30` and is clamped to `0`-`365`.",
546 },
547 {
548 key: "memories.max_rollout_age_days",
549 type: "number",
550 description:
551 "Maximum age of threads considered for memory generation. Defaults to `30` and is clamped to `0`-`90`.",
552 },
553 {
554 key: "memories.max_rollouts_per_startup",
555 type: "number",
556 description:
557 "Maximum rollout candidates processed per startup pass. Defaults to `16` and is capped at `128`.",
558 },
559 {
560 key: "memories.min_rollout_idle_hours",
561 type: "number",
562 description:
563 "Minimum idle time before a thread is considered for memory generation. Defaults to `6` and is clamped to `1`-`48`.",
564 },
565 {
566 key: "memories.min_rate_limit_remaining_percent",
567 type: "number",
568 description:
569 "Minimum remaining percentage required in Codex rate-limit windows before memory generation starts. Defaults to `25` and is clamped to `0`-`100`.",
570 },
571 {
572 key: "memories.extract_model",
573 type: "string",
574 description: "Optional model override for per-thread memory extraction.",
575 },
576 {
577 key: "memories.consolidation_model",
578 type: "string",
579 description: "Optional model override for global memory consolidation.",
580 },
581 {
582 key: "features.unified_exec",
583 type: "boolean",
584 description:
585 "Use the unified PTY-backed exec tool (stable; enabled by default except on Windows).",
586 },
587 {
588 key: "features.shell_snapshot",
589 type: "boolean",
590 description:
591 "Snapshot shell environment to speed up repeated commands (stable; on by default).",
592 },
593 {
594 key: "features.undo",
595 type: "boolean",
596 description: "Enable undo support (stable; off by default).",
597 },
598 {
599 key: "features.multi_agent",
600 type: "boolean",
601 description:
602 "Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait_agent`, and `close_agent`) (stable; on by default).",
603 },
604 {
605 key: "features.personality",
606 type: "boolean",
607 description:
608 "Enable personality selection controls (stable; on by default).",
609 },
610 {
611 key: "features.network_proxy",
612 type: "boolean | table",
613 description:
614 "Enable sandboxed networking. Use a table form when setting network policy options such as `domains` (experimental; off by default).",
615 },
616 {
617 key: "features.network_proxy.enabled",
618 type: "boolean",
619 description: "Enable sandboxed networking. Defaults to `false`.",
620 },
621 {
622 key: "features.network_proxy.domains",
623 type: "map<string, allow | deny>",
624 description:
625 "Domain policy for sandboxed networking. Unset by default, which means no external destinations are allowed until you add `allow` rules. Supports exact hosts, `*.example.com` for subdomains only, `**.example.com` for apex plus subdomains, and global `*` allow rules; prefer scoped rules because `*` broadly opens public outbound access. Add `deny` rules for blocked destinations; `deny` wins on conflicts.",
626 },
627 {
628 key: "features.network_proxy.unix_sockets",
629 type: "map<string, allow | none>",
630 description:
631 "Unix socket policy for sandboxed networking. Unset by default; add `allow` entries for permitted sockets.",
632 },
633 {
634 key: "features.network_proxy.allow_local_binding",
635 type: "boolean",
636 description:
637 "Allow broader local/private-network access. Defaults to `false`; exact local IP literal or `localhost` allow rules can still permit specific local targets.",
638 },
639 {
640 key: "features.network_proxy.enable_socks5",
641 type: "boolean",
642 description: "Expose SOCKS5 support. Defaults to `true`.",
643 },
644 {
645 key: "features.network_proxy.enable_socks5_udp",
646 type: "boolean",
647 description: "Allow UDP over SOCKS5. Defaults to `true`.",
648 },
649 {
650 key: "features.network_proxy.allow_upstream_proxy",
651 type: "boolean",
652 description:
653 "Allow chaining through an upstream proxy from the environment. Defaults to `true`.",
654 },
655 {
656 key: "features.network_proxy.dangerously_allow_non_loopback_proxy",
657 type: "boolean",
658 description:
659 "Permit non-loopback listener addresses. Defaults to `false`; enabling it can expose proxy listeners beyond localhost.",
660 },
661 {
662 key: "features.network_proxy.dangerously_allow_all_unix_sockets",
663 type: "boolean",
664 description:
665 "Permit arbitrary Unix socket destinations instead of allowlist-only access. Defaults to `false`; use only in tightly controlled environments.",
666 },
667 {
668 key: "features.network_proxy.proxy_url",
669 type: "string",
670 description:
671 'HTTP listener URL for sandboxed networking. Defaults to `"http://127.0.0.1:3128"`.',
672 },
673 {
674 key: "features.network_proxy.socks_url",
675 type: "string",
676 description:
677 'SOCKS5 listener URL. Defaults to `"http://127.0.0.1:8081"`.',
678 },
679 {
680 key: "features.web_search",
681 type: "boolean",
682 description:
683 "Deprecated legacy toggle; prefer the top-level `web_search` setting.",
684 },
685 {
686 key: "features.web_search_cached",
687 type: "boolean",
688 description:
689 'Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`.',
690 },
691 {
692 key: "features.web_search_request",
693 type: "boolean",
694 description:
695 'Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`.',
696 },
697 {
698 key: "features.shell_tool",
699 type: "boolean",
700 description:
701 "Enable the default `shell` tool for running commands (stable; on by default).",
702 },
703 {
704 key: "features.enable_request_compression",
705 type: "boolean",
706 description:
707 "Compress streaming request bodies with zstd when supported (stable; on by default).",
708 },
709 {
710 key: "features.skill_mcp_dependency_install",
711 type: "boolean",
712 description:
713 "Allow prompting and installing missing MCP dependencies for skills (stable; on by default).",
714 },
715 {
716 key: "features.fast_mode",
717 type: "boolean",
718 description:
719 "Enable model-catalog service tier selection in the TUI, including Fast-tier commands when the active model advertises them (stable; on by default).",
720 },
721 {
722 key: "features.prevent_idle_sleep",
723 type: "boolean",
724 description:
725 "Prevent the machine from sleeping while a turn is actively running (experimental; off by default).",
726 },
727 {
728 key: "suppress_unstable_features_warning",
729 type: "boolean",
730 description:
731 "Suppress the warning that appears when under-development feature flags are enabled.",
732 },
733 {
734 key: "model_providers.<id>",
735 type: "table",
736 description:
737 "Custom provider definition. Built-in provider IDs (`openai`, `ollama`, and `lmstudio`) are reserved and cannot be overridden.",
738 },
739 {
740 key: "model_providers.<id>.name",
741 type: "string",
742 description: "Display name for a custom model provider.",
743 },
744 {
745 key: "model_providers.<id>.base_url",
746 type: "string",
747 description: "API base URL for the model provider.",
748 },
749 {
750 key: "model_providers.<id>.env_key",
751 type: "string",
752 description: "Environment variable supplying the provider API key.",
753 },
754 {
755 key: "model_providers.<id>.env_key_instructions",
756 type: "string",
757 description: "Optional setup guidance for the provider API key.",
758 },
759 {
760 key: "model_providers.<id>.experimental_bearer_token",
761 type: "string",
762 description:
763 "Direct bearer token for the provider (discouraged; use `env_key`).",
764 },
765 {
766 key: "model_providers.<id>.requires_openai_auth",
767 type: "boolean",
768 description:
769 "The provider uses OpenAI authentication (defaults to false).",
770 },
771 {
772 key: "model_providers.<id>.wire_api",
773 type: "responses",
774 description:
775 "Protocol used by the provider. `responses` is the only supported value, and it is the default when omitted.",
776 },
777 {
778 key: "model_providers.<id>.query_params",
779 type: "map<string,string>",
780 description: "Extra query parameters appended to provider requests.",
781 },
782 {
783 key: "model_providers.<id>.http_headers",
784 type: "map<string,string>",
785 description: "Static HTTP headers added to provider requests.",
786 },
787 {
788 key: "model_providers.<id>.env_http_headers",
789 type: "map<string,string>",
790 description:
791 "HTTP headers populated from environment variables when present.",
792 },
793 {
794 key: "model_providers.<id>.request_max_retries",
795 type: "number",
796 description:
797 "Retry count for HTTP requests to the provider (default: 4).",
798 },
799 {
800 key: "model_providers.<id>.stream_max_retries",
801 type: "number",
802 description: "Retry count for SSE streaming interruptions (default: 5).",
803 },
804 {
805 key: "model_providers.<id>.stream_idle_timeout_ms",
806 type: "number",
807 description:
808 "Idle timeout for SSE streams in milliseconds (default: 300000).",
809 },
810 {
811 key: "model_providers.<id>.supports_websockets",
812 type: "boolean",
813 description:
814 "Whether that provider supports the Responses API WebSocket transport.",
815 },
816 {
817 key: "model_providers.<id>.auth",
818 type: "table",
819 description:
820 "Command-backed bearer token configuration for a custom provider. Do not combine with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`.",
821 },
822 {
823 key: "model_providers.<id>.auth.command",
824 type: "string",
825 description:
826 "Command to run when Codex needs a bearer token. The command must print the token to stdout.",
827 },
828 {
829 key: "model_providers.<id>.auth.args",
830 type: "array<string>",
831 description: "Arguments passed to the token command.",
832 },
833 {
834 key: "model_providers.<id>.auth.timeout_ms",
835 type: "number",
836 description:
837 "Maximum token command runtime in milliseconds (default: 5000).",
838 },
839 {
840 key: "model_providers.<id>.auth.refresh_interval_ms",
841 type: "number",
842 description:
843 "How often Codex proactively refreshes the token in milliseconds (default: 300000). Set to `0` to refresh only after an authentication retry.",
844 },
845 {
846 key: "model_providers.<id>.auth.cwd",
847 type: "string (path)",
848 description: "Working directory for the token command.",
849 },
850 {
851 key: "model_providers.amazon-bedrock.aws.profile",
852 type: "string",
853 description:
854 "AWS profile name used by the built-in `amazon-bedrock` provider.",
855 },
856 {
857 key: "model_providers.amazon-bedrock.aws.region",
858 type: "string",
859 description: "AWS region used by the built-in `amazon-bedrock` provider.",
860 },
861 {
862 key: "model_reasoning_effort",
863 type: "minimal | low | medium | high | xhigh",
864 description:
865 "Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent).",
866 },
867 {
868 key: "plan_mode_reasoning_effort",
869 type: "none | minimal | low | medium | high | xhigh",
870 description:
871 "Plan-mode-specific reasoning override. When unset, Plan mode uses its built-in preset default.",
872 },
873 {
874 key: "model_reasoning_summary",
875 type: "auto | concise | detailed | none",
876 description:
877 "Select reasoning summary detail or disable summaries entirely.",
878 },
879 {
880 key: "model_verbosity",
881 type: "low | medium | high",
882 description:
883 "Optional GPT-5 Responses API verbosity override; when unset, the selected model/preset default is used.",
884 },
885 {
886 key: "model_supports_reasoning_summaries",
887 type: "boolean",
888 description: "Force Codex to send or not send reasoning metadata.",
889 },
890 {
891 key: "shell_environment_policy.inherit",
892 type: "all | core | none",
893 description:
894 "Baseline environment inheritance when spawning subprocesses.",
895 },
896 {
897 key: "shell_environment_policy.ignore_default_excludes",
898 type: "boolean",
899 description:
900 "Keep variables containing KEY/SECRET/TOKEN before other filters run.",
901 },
902 {
903 key: "shell_environment_policy.exclude",
904 type: "array<string>",
905 description:
906 "Glob patterns for removing environment variables after the defaults.",
907 },
908 {
909 key: "shell_environment_policy.include_only",
910 type: "array<string>",
911 description:
912 "Whitelist of patterns; when set only matching variables are kept.",
913 },
914 {
915 key: "shell_environment_policy.set",
916 type: "map<string,string>",
917 description:
918 "Explicit environment overrides injected into every subprocess.",
919 },
920 {
921 key: "shell_environment_policy.experimental_use_profile",
922 type: "boolean",
923 description: "Use the user shell profile when spawning subprocesses.",
924 },
925 {
926 key: "project_root_markers",
927 type: "array<string>",
928 description:
929 "List of project root marker filenames; used when searching parent directories for the project root.",
930 },
931 {
932 key: "project_doc_max_bytes",
933 type: "number",
934 description:
935 "Maximum bytes read from `AGENTS.md` when building project instructions.",
936 },
937 {
938 key: "project_doc_fallback_filenames",
939 type: "array<string>",
940 description: "Additional filenames to try when `AGENTS.md` is missing.",
941 },
942 {
943 key: "profile",
944 type: "string",
945 description:
946 "Default profile applied at startup (equivalent to `--profile`).",
947 },
948 {
949 key: "profiles.<name>.*",
950 type: "various",
951 description:
952 "Profile-scoped overrides for any of the supported configuration keys.",
953 },
954 {
955 key: "profiles.<name>.service_tier",
956 type: "string",
957 description: "Profile-scoped service tier preference for new turns.",
958 },
959 {
960 key: "profiles.<name>.plan_mode_reasoning_effort",
961 type: "none | minimal | low | medium | high | xhigh",
962 description: "Profile-scoped Plan-mode reasoning override.",
963 },
964 {
965 key: "profiles.<name>.web_search",
966 type: "disabled | cached | live",
967 description:
968 'Profile-scoped web search mode override (default: `"cached"`).',
969 },
970 {
971 key: "profiles.<name>.personality",
972 type: "none | friendly | pragmatic",
973 description:
974 "Profile-scoped communication style override for supported models.",
975 },
976 {
977 key: "profiles.<name>.model_catalog_json",
978 type: "string (path)",
979 description:
980 "Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile).",
981 },
982 {
983 key: "profiles.<name>.model_instructions_file",
984 type: "string (path)",
985 description:
986 "Profile-scoped replacement for the built-in instruction file.",
987 },
988 {
989 key: "profiles.<name>.experimental_use_unified_exec_tool",
990 type: "boolean",
991 description:
992 "Legacy name for enabling unified exec; prefer `[features].unified_exec`.",
993 },
994 {
995 key: "profiles.<name>.oss_provider",
996 type: "lmstudio | ollama",
997 description: "Profile-scoped OSS provider for `--oss` sessions.",
998 },
999 {
1000 key: "profiles.<name>.tools_view_image",
1001 type: "boolean",
1002 description: "Enable or disable the `view_image` tool in that profile.",
1003 },
1004 {
1005 key: "profiles.<name>.analytics.enabled",
1006 type: "boolean",
1007 description: "Profile-scoped analytics enablement override.",
1008 },
1009 {
1010 key: "profiles.<name>.windows.sandbox",
1011 type: "unelevated | elevated",
1012 description: "Profile-scoped Windows sandbox mode override.",
1013 },
1014 {
1015 key: "history.persistence",
1016 type: "save-all | none",
1017 description:
1018 "Control whether Codex saves session transcripts to history.jsonl.",
1019 },
1020 {
1021 key: "tool_output_token_limit",
1022 type: "number",
1023 description:
1024 "Token budget for storing individual tool/function outputs in history.",
1025 },
1026 {
1027 key: "background_terminal_max_timeout",
1028 type: "number",
1029 description:
1030 "Maximum poll window in milliseconds for empty `write_stdin` polls (background terminal polling). Default: `300000` (5 minutes). Replaces the older `background_terminal_timeout` key.",
1031 },
1032 {
1033 key: "history.max_bytes",
1034 type: "number",
1035 description:
1036 "If set, caps the history file size in bytes by dropping oldest entries.",
1037 },
1038 {
1039 key: "file_opener",
1040 type: "vscode | vscode-insiders | windsurf | cursor | none",
1041 description:
1042 "URI scheme used to open citations from Codex output (default: `vscode`).",
1043 },
1044 {
1045 key: "otel.environment",
1046 type: "string",
1047 description:
1048 "Environment tag applied to emitted OpenTelemetry events (default: `dev`).",
1049 },
1050 {
1051 key: "otel.exporter",
1052 type: "none | otlp-http | otlp-grpc",
1053 description:
1054 "Select the OpenTelemetry exporter and provide any endpoint metadata.",
1055 },
1056 {
1057 key: "otel.trace_exporter",
1058 type: "none | otlp-http | otlp-grpc",
1059 description:
1060 "Select the OpenTelemetry trace exporter and provide any endpoint metadata.",
1061 },
1062 {
1063 key: "otel.metrics_exporter",
1064 type: "none | statsig | otlp-http | otlp-grpc",
1065 description:
1066 "Select the OpenTelemetry metrics exporter (defaults to `statsig`).",
1067 },
1068 {
1069 key: "otel.log_user_prompt",
1070 type: "boolean",
1071 description:
1072 "Opt in to exporting raw user prompts with OpenTelemetry logs.",
1073 },
1074 {
1075 key: "otel.exporter.<id>.endpoint",
1076 type: "string",
1077 description: "Exporter endpoint for OTEL logs.",
1078 },
1079 {
1080 key: "otel.exporter.<id>.protocol",
1081 type: "binary | json",
1082 description: "Protocol used by the OTLP/HTTP exporter.",
1083 },
1084 {
1085 key: "otel.exporter.<id>.headers",
1086 type: "map<string,string>",
1087 description: "Static headers included with OTEL exporter requests.",
1088 },
1089 {
1090 key: "otel.trace_exporter.<id>.endpoint",
1091 type: "string",
1092 description: "Trace exporter endpoint for OTEL logs.",
1093 },
1094 {
1095 key: "otel.trace_exporter.<id>.protocol",
1096 type: "binary | json",
1097 description: "Protocol used by the OTLP/HTTP trace exporter.",
1098 },
1099 {
1100 key: "otel.trace_exporter.<id>.headers",
1101 type: "map<string,string>",
1102 description: "Static headers included with OTEL trace exporter requests.",
1103 },
1104 {
1105 key: "otel.exporter.<id>.tls.ca-certificate",
1106 type: "string",
1107 description: "CA certificate path for OTEL exporter TLS.",
1108 },
1109 {
1110 key: "otel.exporter.<id>.tls.client-certificate",
1111 type: "string",
1112 description: "Client certificate path for OTEL exporter TLS.",
1113 },
1114 {
1115 key: "otel.exporter.<id>.tls.client-private-key",
1116 type: "string",
1117 description: "Client private key path for OTEL exporter TLS.",
1118 },
1119 {
1120 key: "otel.trace_exporter.<id>.tls.ca-certificate",
1121 type: "string",
1122 description: "CA certificate path for OTEL trace exporter TLS.",
1123 },
1124 {
1125 key: "otel.trace_exporter.<id>.tls.client-certificate",
1126 type: "string",
1127 description: "Client certificate path for OTEL trace exporter TLS.",
1128 },
1129 {
1130 key: "otel.trace_exporter.<id>.tls.client-private-key",
1131 type: "string",
1132 description: "Client private key path for OTEL trace exporter TLS.",
1133 },
1134 {
1135 key: "tui",
1136 type: "table",
1137 description:
1138 "TUI-specific options such as enabling inline desktop notifications.",
1139 },
1140 {
1141 key: "tui.notifications",
1142 type: "boolean | array<string>",
1143 description:
1144 "Enable TUI notifications; optionally restrict to specific event types.",
1145 },
1146 {
1147 key: "tui.notification_method",
1148 type: "auto | osc9 | bel",
1149 description:
1150 "Notification method for terminal notifications (default: auto).",
1151 },
1152 {
1153 key: "tui.notification_condition",
1154 type: "unfocused | always",
1155 description:
1156 "Control whether TUI notifications fire only when the terminal is unfocused or regardless of focus. Defaults to `unfocused`.",
1157 },
1158 {
1159 key: "tui.animations",
1160 type: "boolean",
1161 description:
1162 "Enable terminal animations (welcome screen, shimmer, spinner) (default: true).",
1163 },
1164 {
1165 key: "tui.alternate_screen",
1166 type: "auto | always | never",
1167 description:
1168 "Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback).",
1169 },
1170 {
1171 key: "tui.vim_mode_default",
1172 type: "boolean",
1173 description:
1174 "Start the composer in Vim normal mode instead of insert mode (default: false). You can still toggle it per session with `/vim`.",
1175 },
1176 {
1177 key: "tui.raw_output_mode",
1178 type: "boolean",
1179 description:
1180 "Start the TUI in raw scrollback mode for copy-friendly terminal selection (default: false). You can toggle it with `/raw` or the default `alt-r` key binding.",
1181 },
1182 {
1183 key: "tui.show_tooltips",
1184 type: "boolean",
1185 description:
1186 "Show onboarding tooltips in the TUI welcome screen (default: true).",
1187 },
1188 {
1189 key: "tui.status_line",
1190 type: "array<string> | null",
1191 description:
1192 "Ordered list of TUI footer status-line item identifiers. `null` disables the status line.",
1193 },
1194 {
1195 key: "tui.terminal_title",
1196 type: "array<string> | null",
1197 description:
1198 'Ordered list of terminal window/tab title item identifiers. Defaults to `["spinner", "project"]`; `null` disables title updates.',
1199 },
1200 {
1201 key: "tui.theme",
1202 type: "string",
1203 description:
1204 "Syntax-highlighting theme override (kebab-case theme name).",
1205 },
1206 {
1207 key: "tui.keymap.<context>.<action>",
1208 type: "string | array<string>",
1209 description:
1210 "Keyboard shortcut binding for a TUI action. Supported contexts include `global`, `chat`, `composer`, `editor`, `pager`, `list`, and `approval`; context-specific bindings override `tui.keymap.global`.",
1211 },
1212 {
1213 key: "tui.keymap.<context>.<action> = []",
1214 type: "empty array",
1215 description:
1216 "Unbind the action in that keymap context. Key names use normalized strings such as `ctrl-a`, `shift-enter`, `page-down`, or `minus`.",
1217 },
1218 {
1219 key: "plugins.<plugin>.mcp_servers.<server>.enabled",
1220 type: "boolean",
1221 description:
1222 "Enable or disable an MCP server bundled by an installed plugin without changing the plugin manifest.",
1223 },
1224 {
1225 key: "plugins.<plugin>.mcp_servers.<server>.default_tools_approval_mode",
1226 type: "auto | prompt | approve",
1227 description:
1228 "Default approval behavior for tools on a plugin-provided MCP server.",
1229 },
1230 {
1231 key: "plugins.<plugin>.mcp_servers.<server>.enabled_tools",
1232 type: "array<string>",
1233 description:
1234 "Allow list of tools exposed from a plugin-provided MCP server.",
1235 },
1236 {
1237 key: "plugins.<plugin>.mcp_servers.<server>.disabled_tools",
1238 type: "array<string>",
1239 description:
1240 "Deny list applied after `enabled_tools` for a plugin-provided MCP server.",
1241 },
1242 {
1243 key: "plugins.<plugin>.mcp_servers.<server>.tools.<tool>.approval_mode",
1244 type: "auto | prompt | approve",
1245 description:
1246 "Per-tool approval behavior override for a plugin-provided MCP tool.",
1247 },
1248 {
1249 key: "tui.model_availability_nux.<model>",
1250 type: "integer",
1251 description: "Internal startup-tooltip state keyed by model slug.",
1252 },
1253 {
1254 key: "hide_agent_reasoning",
1255 type: "boolean",
1256 description:
1257 "Suppress reasoning events in both the TUI and `codex exec` output.",
1258 },
1259 {
1260 key: "show_raw_agent_reasoning",
1261 type: "boolean",
1262 description:
1263 "Surface raw reasoning content when the active model emits it.",
1264 },
1265 {
1266 key: "disable_paste_burst",
1267 type: "boolean",
1268 description: "Disable burst-paste detection in the TUI.",
1269 },
1270 {
1271 key: "windows_wsl_setup_acknowledged",
1272 type: "boolean",
1273 description: "Track Windows onboarding acknowledgement (Windows only).",
1274 },
1275 {
1276 key: "chatgpt_base_url",
1277 type: "string",
1278 description: "Override the base URL used during the ChatGPT login flow.",
1279 },
1280 {
1281 key: "cli_auth_credentials_store",
1282 type: "file | keyring | auto",
1283 description:
1284 "Control where the CLI stores cached credentials (file-based auth.json vs OS keychain).",
1285 },
1286 {
1287 key: "mcp_oauth_credentials_store",
1288 type: "auto | file | keyring",
1289 description: "Preferred store for MCP OAuth credentials.",
1290 },
1291 {
1292 key: "mcp_oauth_callback_port",
1293 type: "integer",
1294 description:
1295 "Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS.",
1296 },
1297 {
1298 key: "mcp_oauth_callback_url",
1299 type: "string",
1300 description:
1301 "Optional redirect URI override for MCP OAuth login (for example, a devbox ingress URL). `mcp_oauth_callback_port` still controls the callback listener port.",
1302 },
1303 {
1304 key: "experimental_use_unified_exec_tool",
1305 type: "boolean",
1306 description:
1307 "Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`.",
1308 },
1309 {
1310 key: "tools.web_search",
1311 type: 'boolean | { context_size = "low|medium|high", allowed_domains = [string], location = { country, region, city, timezone } }',
1312 description:
1313 "Optional web search tool configuration. The legacy boolean form is still accepted, but the object form lets you set search context size, allowed domains, and approximate user location.",
1314 },
1315 {
1316 key: "tools.view_image",
1317 type: "boolean",
1318 description: "Enable the local-image attachment tool `view_image`.",
1319 },
1320 {
1321 key: "web_search",
1322 type: "disabled | cached | live",
1323 description:
1324 'Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool.',
1325 },
1326 {
1327 key: "default_permissions",
1328 type: "string",
1329 description:
1330 "Name of the default permissions profile to apply to sandboxed tool calls. Built-ins are `:read-only`, `:workspace`, and `:danger-no-sandbox`; custom profile names require matching `[permissions.<name>]` tables.",
1331 },
1332 {
1333 key: "permissions.<name>.filesystem",
1334 type: "table",
1335 description:
1336 "Named filesystem permission profile. Each key is an absolute path or special token such as `:minimal` or `:project_roots`.",
1337 },
1338 {
1339 key: "permissions.<name>.filesystem.glob_scan_max_depth",
1340 type: "number",
1341 description:
1342 "Maximum depth for expanding deny-read glob patterns on platforms that snapshot matches before sandbox startup. Must be at least `1` when set.",
1343 },
1344 {
1345 key: "permissions.<name>.filesystem.<path-or-glob>",
1346 type: '"read" | "write" | "none" | table',
1347 description:
1348 'Grant direct access for a path, glob pattern, or special token, or scope nested entries under that root. Use `"none"` to deny reads for matching paths.',
1349 },
1350 {
1351 key: 'permissions.<name>.filesystem.":project_roots".<subpath-or-glob>',
1352 type: '"read" | "write" | "none"',
1353 description:
1354 'Scoped filesystem access relative to the detected project roots. Use `"."` for the root itself; glob subpaths such as `"**/*.env"` can deny reads with `"none"`.',
1355 },
1356 {
1357 key: "permissions.<name>.network.enabled",
1358 type: "boolean",
1359 description: "Enable network access for this named permissions profile.",
1360 },
1361 {
1362 key: "permissions.<name>.network.proxy_url",
1363 type: "string",
1364 description:
1365 "HTTP listener URL used when this permissions profile enables sandboxed networking.",
1366 },
1367 {
1368 key: "permissions.<name>.network.enable_socks5",
1369 type: "boolean",
1370 description:
1371 "Expose SOCKS5 support when this permissions profile enables sandboxed networking.",
1372 },
1373 {
1374 key: "permissions.<name>.network.socks_url",
1375 type: "string",
1376 description: "SOCKS5 proxy endpoint used by this permissions profile.",
1377 },
1378 {
1379 key: "permissions.<name>.network.enable_socks5_udp",
1380 type: "boolean",
1381 description: "Allow UDP over the SOCKS5 listener when enabled.",
1382 },
1383 {
1384 key: "permissions.<name>.network.allow_upstream_proxy",
1385 type: "boolean",
1386 description:
1387 "Allow sandboxed networking to chain through another upstream proxy.",
1388 },
1389 {
1390 key: "permissions.<name>.network.dangerously_allow_non_loopback_proxy",
1391 type: "boolean",
1392 description:
1393 "Permit non-loopback bind addresses for sandboxed networking listeners. Enabling it can expose listeners beyond localhost.",
1394 },
1395 {
1396 key: "permissions.<name>.network.dangerously_allow_all_unix_sockets",
1397 type: "boolean",
1398 description:
1399 "Allow arbitrary Unix socket destinations instead of the default restricted set. Use only in tightly controlled environments.",
1400 },
1401 {
1402 key: "permissions.<name>.network.domains",
1403 type: "map<string, allow | deny>",
1404 description:
1405 "Domain rules for sandboxed networking. Supports exact hosts, `*.example.com` for subdomains only, `**.example.com` for apex plus subdomains, and global `*` allow rules. `deny` wins on conflicts.",
1406 },
1407 {
1408 key: "permissions.<name>.network.unix_sockets",
1409 type: "map<string, allow | none>",
1410 description:
1411 "Unix socket rules for sandboxed networking. Use socket paths as keys, with `allow` or `none` values.",
1412 },
1413 {
1414 key: "permissions.<name>.network.allow_local_binding",
1415 type: "boolean",
1416 description:
1417 "Permit broader local/private-network access through sandboxed networking. Exact local IP literal or `localhost` allow rules can still permit specific local targets when this stays `false`.",
1418 },
1419 {
1420 key: "projects.<path>.trust_level",
1421 type: "string",
1422 description:
1423 'Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers, including project-local config, hooks, and rules.',
1424 },
1425 {
1426 key: "notice.hide_full_access_warning",
1427 type: "boolean",
1428 description: "Track acknowledgement of the full access warning prompt.",
1429 },
1430 {
1431 key: "notice.hide_world_writable_warning",
1432 type: "boolean",
1433 description:
1434 "Track acknowledgement of the Windows world-writable directories warning.",
1435 },
1436 {
1437 key: "notice.hide_rate_limit_model_nudge",
1438 type: "boolean",
1439 description: "Track opt-out of the rate limit model switch reminder.",
1440 },
1441 {
1442 key: "notice.hide_gpt5_1_migration_prompt",
1443 type: "boolean",
1444 description: "Track acknowledgement of the GPT-5.1 migration prompt.",
1445 },
1446 {
1447 key: "notice.hide_gpt-5.1-codex-max_migration_prompt",
1448 type: "boolean",
1449 description:
1450 "Track acknowledgement of the gpt-5.1-codex-max migration prompt.",
1451 },
1452 {
1453 key: "notice.model_migrations",
1454 type: "map<string,string>",
1455 description: "Track acknowledged model migrations as old->new mappings.",
1456 },
1457 {
1458 key: "forced_login_method",
1459 type: "chatgpt | api",
1460 description: "Restrict Codex to a specific authentication method.",
1461 },
1462 {
1463 key: "forced_chatgpt_workspace_id",
1464 type: "string (uuid)",
1465 description: "Limit ChatGPT logins to a specific workspace identifier.",
1466 },
1467 ]}
1468 client:load
1469/>
2784 1470
2785You can find the latest JSON schema for `config.toml` [here](https://developers.openai.com/codex/config-schema.json).1471You can find the latest JSON schema for `config.toml` [here](https://developers.openai.com/codex/config-schema.json).
2786 1472
2802Use `[features]` in `requirements.toml` to pin feature flags by the same1488Use `[features]` in `requirements.toml` to pin feature flags by the same
2803canonical keys that `config.toml` uses. Omitted keys remain unconstrained.1489canonical keys that `config.toml` uses. Omitted keys remain unconstrained.
2804 1490
28051491| Key | Type / Values | Details |<ConfigTable
28061492| --- | --- | --- | options={[
28071493| `allowed_approval_policies` | `array<string>` | Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `reject`). | {
28081494| `allowed_sandbox_modes` | `array<string>` | Allowed values for `sandbox_mode`. | key: "allowed_approval_policies",
28091495| `allowed_web_search_modes` | `array<string>` | Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`. | type: "array<string>",
28101496| `features` | `table` | Pinned feature values keyed by the canonical names from `config.toml`'s `[features]` table. | description:
28111497| `features.<name>` | `boolean` | Require a specific canonical feature key to stay enabled or disabled. | "Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `granular`).",
28121498| `mcp_servers` | `table` | Allowlist of MCP servers that may be enabled. Both the server name (`<id>`) and its identity must match for the MCP server to be enabled. Any configured MCP server not in the allowlist (or with a mismatched identity) is disabled. | },
28131499| `mcp_servers.<id>.identity` | `table` | Identity rule for a single MCP server. Set either `command` (stdio) or `url` (streamable HTTP). | {
28141500| `mcp_servers.<id>.identity.command` | `string` | Allow an MCP stdio server when its `mcp_servers.<id>.command` matches this command. | key: "allowed_approvals_reviewers",
28151501| `mcp_servers.<id>.identity.url` | `string` | Allow an MCP streamable HTTP server when its `mcp_servers.<id>.url` matches this URL. | type: "array<string>",
28161502| `rules` | `table` | Admin-enforced command rules merged with `.rules` files. Requirements rules must be restrictive. | description:
28171503| `rules.prefix_rules` | `array<table>` | List of enforced prefix rules. Each rule must include `pattern` and `decision`. | "Allowed values for `approvals_reviewer`, such as `user` and `auto_review`.",
28181504| `rules.prefix_rules[].decision` | `prompt | forbidden` | Required. Requirements rules can only prompt or forbid (not allow). | },
28191505| `rules.prefix_rules[].justification` | `string` | Optional non-empty rationale surfaced in approval prompts or rejection messages. | {
28201506| `rules.prefix_rules[].pattern` | `array<table>` | Command prefix expressed as pattern tokens. Each token sets either `token` or `any_of`. | key: "guardian_policy_config",
28211507| `rules.prefix_rules[].pattern[].any_of` | `array<string>` | A list of allowed alternative tokens at this position. | type: "string",
28221508| `rules.prefix_rules[].pattern[].token` | `string` | A single literal token at this position. | description:
28231509 "Managed Markdown policy instructions for automatic review. This takes precedence over local `[auto_review].policy`. Blank values are ignored.",
28241510Key },
28251511 {
28261512`allowed_approval_policies` key: "allowed_sandbox_modes",
28271513 type: "array<string>",
28281514Type / Values description: "Allowed values for `sandbox_mode`.",
28291515 },
28301516`array<string>` {
28311517 key: "remote_sandbox_config",
28321518Details type: "array<table>",
28331519 description:
28341520Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `reject`). "Host-specific sandbox requirements. The first entry whose `hostname_patterns` match the resolved host name overrides top-level `allowed_sandbox_modes` for that requirements source. Host-specific entries currently override sandbox modes only.",
28351521 },
28361522Key {
28371523 key: "remote_sandbox_config[].hostname_patterns",
28381524`allowed_sandbox_modes` type: "array<string>",
28391525 description:
28401526Type / Values "Case-insensitive host name patterns. Supports `*` for any sequence of characters and `?` for one character.",
28411527 },
28421528`array<string>` {
28431529 key: "remote_sandbox_config[].allowed_sandbox_modes",
28441530Details type: "array<string>",
28451531 description:
28461532Allowed values for `sandbox_mode`. "Allowed sandbox modes to apply when this host-specific entry matches.",
28471533 },
28481534Key {
28491535 key: "allowed_web_search_modes",
28501536`allowed_web_search_modes` type: "array<string>",
28511537 description:
28521538Type / Values "Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`.",
28531539 },
28541540`array<string>` {
28551541 key: "features",
28561542Details type: "table",
28571543 description:
28581544Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`. "Pinned feature values keyed by the canonical names from `config.toml`'s `[features]` table.",
28591545 },
28601546Key {
28611547 key: "features.<name>",
28621548`features` type: "boolean",
28631549 description:
28641550Type / Values "Require a specific canonical feature key to stay enabled or disabled.",
28651551 },
28661552`table` {
28671553 key: "features.in_app_browser",
28681554Details type: "boolean",
28691555 description:
28701556Pinned feature values keyed by the canonical names from `config.toml`'s `[features]` table. "Set to `false` in `requirements.toml` to disable the in-app browser pane.",
28711557 },
28721558Key {
28731559 key: "features.browser_use",
28741560`features.<name>` type: "boolean",
28751561 description:
28761562Type / Values "Set to `false` in `requirements.toml` to disable Browser Use and Browser Agent availability.",
28771563 },
28781564`boolean` {
28791565 key: "features.computer_use",
28801566Details type: "boolean",
28811567 description:
28821568Require a specific canonical feature key to stay enabled or disabled. "Set to `false` in `requirements.toml` to disable Computer Use availability and related install or enablement flows.",
28831569 },
28841570Key {
28851571 key: "experimental_network",
28861572`mcp_servers` type: "table",
28871573 description:
28881574Type / Values "Network access requirements enforced from `requirements.toml`. These constraints are separate from `features.network_proxy` and can configure sandboxed networking without the user feature flag.",
28891575 },
28901576`table` {
28911577 key: "experimental_network.enabled",
28921578Details type: "boolean",
28931579 description:
28941580Allowlist of MCP servers that may be enabled. Both the server name (`<id>`) and its identity must match for the MCP server to be enabled. Any configured MCP server not in the allowlist (or with a mismatched identity) is disabled. "Enable sandboxed networking requirements. This does not grant network access when the active sandbox keeps command networking off.",
28951581 },
28961582Key {
28971583 key: "experimental_network.http_port",
28981584`mcp_servers.<id>.identity` type: "integer",
28991585 description:
29001586Type / Values "Loopback HTTP listener port to use for `[experimental_network]` requirements.",
29011587 },
29021588`table` {
29031589 key: "experimental_network.socks_port",
29041590Details type: "integer",
29051591 description:
29061592Identity rule for a single MCP server. Set either `command` (stdio) or `url` (streamable HTTP). "Loopback SOCKS5 listener port to use for `[experimental_network]` requirements.",
29071593 },
29081594Key {
29091595 key: "experimental_network.allow_upstream_proxy",
29101596`mcp_servers.<id>.identity.command` type: "boolean",
29111597 description:
29121598Type / Values "Allow sandboxed networking to chain through an upstream proxy from the environment.",
29131599 },
29141600`string` {
29151601 key: "experimental_network.dangerously_allow_non_loopback_proxy",
29161602Details type: "boolean",
29171603 description:
29181604Allow an MCP stdio server when its `mcp_servers.<id>.command` matches this command. "Permit non-loopback listener addresses for `[experimental_network]` requirements. Enabling it can expose listeners beyond localhost.",
29191605 },
29201606Key {
29211607 key: "experimental_network.dangerously_allow_all_unix_sockets",
29221608`mcp_servers.<id>.identity.url` type: "boolean",
29231609 description:
29241610Type / Values "Permit arbitrary Unix socket destinations instead of allowlist-only access. Use only in tightly controlled environments.",
29251611 },
29261612`string` {
29271613 key: "experimental_network.domains",
29281614Details type: "map<string, allow | deny>",
29291615 description:
29301616Allow an MCP streamable HTTP server when its `mcp_servers.<id>.url` matches this URL. "Map-shaped administrator domain policy for sandboxed networking. Supports exact hosts, `*.example.com` for subdomains only, `**.example.com` for apex plus subdomains, and global `*` allow rules; prefer scoped rules because `*` broadly opens public outbound access. `deny` wins on conflicts. Do not combine this with `experimental_network.allowed_domains` or `experimental_network.denied_domains`.",
29311617 },
29321618Key {
29331619 key: "experimental_network.allowed_domains",
29341620`rules` type: "array<string>",
29351621 description:
29361622Type / Values "List-shaped administrator allow rules for sandboxed networking. Do not combine this with `experimental_network.domains`.",
29371623 },
29381624`table` {
29391625 key: "experimental_network.denied_domains",
29401626Details type: "array<string>",
29411627 description:
29421628Admin-enforced command rules merged with `.rules` files. Requirements rules must be restrictive. "List-shaped administrator deny rules for sandboxed networking. Do not combine this with `experimental_network.domains`.",
29431629 },
29441630Key {
29451631 key: "experimental_network.managed_allowed_domains_only",
29461632`rules.prefix_rules` type: "boolean",
29471633 description:
29481634Type / Values "When `true`, only administrator-managed allow rules remain effective while sandboxed networking requirements are active; user allowlist additions are ignored. Without managed allow rules, user-added domain allow rules do not remain effective.",
29491635 },
29501636`array<table>` {
29511637 key: "experimental_network.unix_sockets",
29521638Details type: "map<string, allow | none>",
29531639 description:
29541640List of enforced prefix rules. Each rule must include `pattern` and `decision`. "Administrator-managed Unix socket policy for sandboxed networking.",
29551641 },
29561642Key {
29571643 key: "experimental_network.allow_local_binding",
29581644`rules.prefix_rules[].decision` type: "boolean",
29591645 description:
29601646Type / Values "Permit broader local/private-network access for sandboxed networking. Exact local IP literal or `localhost` allow rules can still permit specific local targets when this stays `false`.",
29611647 },
29621648`prompt | forbidden` {
29631649 key: "hooks",
29641650Details type: "table",
29651651 description:
29661652Required. Requirements rules can only prompt or forbid (not allow). "Admin-enforced managed lifecycle hooks. Requires a managed hook directory and uses the same event schema as inline `[hooks]` in `config.toml`.",
29671653 },
29681654Key {
29691655 key: "hooks.managed_dir",
29701656`rules.prefix_rules[].justification` type: "string (absolute path)",
29711657 description:
29721658Type / Values "Directory containing managed hook scripts on macOS and Linux. Codex validates that it is absolute and exists before loading managed hooks.",
29731659 },
29741660`string` {
29751661 key: "hooks.windows_managed_dir",
29761662Details type: "string (absolute path)",
29771663 description:
29781664Optional non-empty rationale surfaced in approval prompts or rejection messages. "Directory containing managed hook scripts on Windows. Codex validates that it is absolute and exists before loading managed hooks.",
29791665 },
29801666Key {
29811667 key: "hooks.<Event>",
29821668`rules.prefix_rules[].pattern` type: "array<table>",
29831669 description:
29841670Type / Values "Matcher groups for a hook event such as `PreToolUse`, `PermissionRequest`, `PostToolUse`, `SessionStart`, `UserPromptSubmit`, or `Stop`.",
29851671 },
29861672`array<table>` {
29871673 key: "hooks.<Event>[].hooks",
29881674Details type: "array<table>",
29891675 description:
29901676Command prefix expressed as pattern tokens. Each token sets either `token` or `any_of`. "Hook handlers for a matcher group. Command hooks are currently supported; prompt and agent hook handlers are parsed but skipped.",
29911677 },
29921678Key {
29931679 key: "permissions.filesystem.deny_read",
29941680`rules.prefix_rules[].pattern[].any_of` type: "array<string>",
29951681 description:
29961682Type / Values "Admin-enforced filesystem read denials. Entries can be paths or glob patterns, and users cannot weaken them with local config.",
29971683 },
29981684`array<string>` {
29991685 key: "mcp_servers",
30001686Details type: "table",
30011687 description:
30021688A list of allowed alternative tokens at this position. "Allowlist of MCP servers that may be enabled. Both the server name (`<id>`) and its identity must match for the MCP server to be enabled. Any configured MCP server not in the allowlist (or with a mismatched identity) is disabled.",
30031689 },
30041690Key {
30051691 key: "mcp_servers.<id>.identity",
30061692`rules.prefix_rules[].pattern[].token` type: "table",
30071693 description:
30081694Type / Values "Identity rule for a single MCP server. Set either `command` (stdio) or `url` (streamable HTTP).",
30091695 },
30101696`string` {
30111697 key: "mcp_servers.<id>.identity.command",
30121698Details type: "string",
30131699 description:
30141700A single literal token at this position. "Allow an MCP stdio server when its `mcp_servers.<id>.command` matches this command.",
30151701 },
30161702Expand to view all {
1703 key: "mcp_servers.<id>.identity.url",
1704 type: "string",
1705 description:
1706 "Allow an MCP streamable HTTP server when its `mcp_servers.<id>.url` matches this URL.",
1707 },
1708 {
1709 key: "rules",
1710 type: "table",
1711 description:
1712 "Admin-enforced command rules merged with `.rules` files. Requirements rules must be restrictive.",
1713 },
1714 {
1715 key: "rules.prefix_rules",
1716 type: "array<table>",
1717 description:
1718 "List of enforced prefix rules. Each rule must include `pattern` and `decision`.",
1719 },
1720 {
1721 key: "rules.prefix_rules[].pattern",
1722 type: "array<table>",
1723 description:
1724 "Command prefix expressed as pattern tokens. Each token sets either `token` or `any_of`.",
1725 },
1726 {
1727 key: "rules.prefix_rules[].pattern[].token",
1728 type: "string",
1729 description: "A single literal token at this position.",
1730 },
1731 {
1732 key: "rules.prefix_rules[].pattern[].any_of",
1733 type: "array<string>",
1734 description: "A list of allowed alternative tokens at this position.",
1735 },
1736 {
1737 key: "rules.prefix_rules[].decision",
1738 type: "prompt | forbidden",
1739 description:
1740 "Required. Requirements rules can only prompt or forbid (not allow).",
1741 },
1742 {
1743 key: "rules.prefix_rules[].justification",
1744 type: "string",
1745 description:
1746 "Optional non-empty rationale surfaced in approval prompts or rejection messages.",
1747 },
1748 ]}
1749 client:load
1750/>