config-reference diff

config-reference.md +1503 −2972

Details

8 8

9For sandbox and approval keys (`approval_policy`, `sandbox_mode`, and `sandbox_workspace_write.*`), pair this reference with [Sandbox and approvals](https://developers.openai.com/codex/agent-approvals-security#sandbox-and-approvals), [Protected paths in writable roots](https://developers.openai.com/codex/agent-approvals-security#protected-paths-in-writable-roots), and [Network access](https://developers.openai.com/codex/agent-approvals-security#network-access).9For sandbox and approval keys (`approval_policy`, `sandbox_mode`, and `sandbox_workspace_write.*`), pair this reference with [Sandbox and approvals](https://developers.openai.com/codex/agent-approvals-security#sandbox-and-approvals), [Protected paths in writable roots](https://developers.openai.com/codex/agent-approvals-security#protected-paths-in-writable-roots), and [Network access](https://developers.openai.com/codex/agent-approvals-security#network-access).

10 10

~~11| Key | Type / Values | Details |~~11<ConfigTable

~~12| --- | --- | --- |~~12 options={[

~~13| `agents.<name>.config_file` | `string (path)` | Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role. |~~13 {

~~14| `agents.<name>.description` | `string` | Role guidance shown to Codex when choosing and spawning that agent type. |~~14 key: "model",

~~15| `agents.<name>.nickname_candidates` | `array<string>` | Optional pool of display nicknames for spawned agents in that role. |~~15 type: "string",

~~16| `agents.job_max_runtime_seconds` | `number` | Default per-worker timeout for `spawn_agents_on_csv` jobs. When unset, the tool falls back to 1800 seconds per worker. |~~16 description: "Model to use (e.g., `gpt-5.5`).",

~~17| `agents.max_depth` | `number` | Maximum nesting depth allowed for spawned agent threads (root sessions start at depth 0; default: 1). |~~17 },

~~18| `agents.max_threads` | `number` | Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset. |~~18 {

19| `allow_login_shell` | `boolean` | Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells. |19 key: "review_model",

~~20| `analytics.enabled` | `boolean` | Enable or disable analytics for this machine/profile. When unset, the client default applies. |~~20 type: "string",

21| `approval_policy` | `untrusted | on-request | never | { reject = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool } }` | Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { reject = { ... } }` to auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs. |21 description:

~~22| `approval_policy.reject.mcp_elicitations` | `boolean` | When `true`, MCP elicitation prompts are auto-rejected instead of shown to the user. |~~22 "Optional model override used by `/review` (defaults to the current session model).",

~~23| `approval_policy.reject.rules` | `boolean` | When `true`, approvals triggered by execpolicy `prompt` rules are auto-rejected. |~~23 },

~~24| `approval_policy.reject.sandbox_approval` | `boolean` | When `true`, sandbox escalation approval prompts are auto-rejected. |~~24 {

~~25| `apps._default.destructive_enabled` | `boolean` | Default allow/deny for app tools with `destructive_hint = true`. |~~25 key: "model_provider",

~~26| `apps._default.enabled` | `boolean` | Default app enabled state for all apps unless overridden per app. |~~26 type: "string",

~~27| `apps._default.open_world_enabled` | `boolean` | Default allow/deny for app tools with `open_world_hint = true`. |~~27 description: "Provider id from `model_providers` (default: `openai`).",

~~28| `apps.<id>.default_tools_approval_mode` | `auto | prompt | approve` | Default approval behavior for tools in this app unless a per-tool override exists. |~~28 },

~~29| `apps.<id>.default_tools_enabled` | `boolean` | Default enabled state for tools in this app unless a per-tool override exists. |~~29 {

~~30| `apps.<id>.destructive_enabled` | `boolean` | Allow or block tools in this app that advertise `destructive_hint = true`. |~~30 key: "openai_base_url",

~~31| `apps.<id>.enabled` | `boolean` | Enable or disable a specific app/connector by id (default: true). |~~31 type: "string",

~~32| `apps.<id>.open_world_enabled` | `boolean` | Allow or block tools in this app that advertise `open_world_hint = true`. |~~32 description:

~~34| `apps.<id>.tools.<tool>.enabled` | `boolean` | Per-tool enabled override for an app tool (for example `repos/list`). |~~34 },

35| `background_terminal_max_timeout` | `number` | Maximum poll window in milliseconds for empty `write_stdin` polls (background terminal polling). Default: `300000` (5 minutes). Replaces the older `background_terminal_timeout` key. |35 {

~~36| `chatgpt_base_url` | `string` | Override the base URL used during the ChatGPT login flow. |~~36 key: "model_context_window",

~~37| `check_for_update_on_startup` | `boolean` | Check for Codex updates on startup (set to false only when updates are centrally managed). |~~37 type: "number",

~~39| `commit_attribution` | `string` | Override the commit co-author trailer text. Set an empty string to disable automatic attribution. |~~39 },

~~40| `compact_prompt` | `string` | Inline override for the history compaction prompt. |~~40 {

~~41| `developer_instructions` | `string` | Additional developer instructions injected into the session (optional). |~~41 key: "model_auto_compact_token_limit",

~~42| `disable_paste_burst` | `boolean` | Disable burst-paste detection in the TUI. |~~42 type: "number",

~~43| `experimental_compact_prompt_file` | `string (path)` | Load the compaction prompt override from a file (experimental). |~~43 description:

~~44| `experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`. |~~44 "Token threshold that triggers automatic history compaction (unset uses model defaults).",

~~45| `features.apps` | `boolean` | Enable ChatGPT Apps/connectors support (experimental). |~~45 },

~~46| `features.apps_mcp_gateway` | `boolean` | Route Apps MCP calls through the OpenAI connectors MCP gateway (`https://api.openai.com/v1/connectors/mcp/`) instead of legacy routing (experimental). |~~46 {

~~47| `features.artifact` | `boolean` | Enable native artifact tools such as slides and spreadsheets (under development). |~~47 key: "model_catalog_json",

~~48| `features.child_agents_md` | `boolean` | Append AGENTS.md scope/precedence guidance even when no AGENTS.md is present (experimental). |~~48 type: "string (path)",

~~49| `features.collaboration_modes` | `boolean` | Legacy toggle for collaboration modes. Plan and default modes are available in current builds without setting this key. |~~49 description:

~~50| `features.default_mode_request_user_input` | `boolean` | Allow `request_user_input` in default collaboration mode (under development; off by default). |~~50 "Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile.",

~~51| `features.elevated_windows_sandbox` | `boolean` | Legacy toggle for an earlier elevated Windows sandbox rollout. Current builds do not use it. |~~51 },

~~52| `features.enable_request_compression` | `boolean` | Compress streaming request bodies with zstd when supported (stable; on by default). |~~52 {

~~53| `features.experimental_windows_sandbox` | `boolean` | Legacy toggle for an earlier Windows sandbox rollout. Current builds do not use it. |~~53 key: "oss_provider",

~~55| `features.image_detail_original` | `boolean` | Allow image outputs with `detail = "original"` on supported models (under development). |~~55 description:

~~56| `features.image_generation` | `boolean` | Enable the built-in image generation tool (under development). |~~56 "Default local provider used when running with `--oss` (defaults to prompting if unset).",

~~57| `features.personality` | `boolean` | Enable personality selection controls (stable; on by default). |~~57 },

~~58| `features.powershell_utf8` | `boolean` | Force PowerShell UTF-8 output. Enabled by default on Windows and off elsewhere. |~~58 {

~~59| `features.prevent_idle_sleep` | `boolean` | Prevent the machine from sleeping while a turn is actively running (experimental; off by default). |~~59 key: "approval_policy",

~~60| `features.remote_models` | `boolean` | Legacy toggle for an older remote-model readiness flow. Current builds do not use it. |~~60 type: "untrusted | on-request | never | { granular = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool, request_permissions = bool, skill_approval = bool } }",

~~61| `features.request_rule` | `boolean` | Legacy toggle for Smart approvals. Current builds include this behavior by default, so most users can leave this unset. |~~61 description:

~~62| `features.responses_websockets` | `boolean` | Prefer the Responses API WebSocket transport for supported providers (under development). |~~62 "Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { granular = { ... } }` to allow or auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs.",

~~63| `features.responses_websockets_v2` | `boolean` | Enable Responses API WebSocket v2 mode (under development). |~~63 },

~~64| `features.runtime_metrics` | `boolean` | Show runtime metrics summary in TUI turn separators (experimental). |~~64 {

~~65| `features.search_tool` | `boolean` | Legacy toggle for an older Apps discovery flow. Current builds do not use it. |~~65 key: "approval_policy.granular.sandbox_approval",

~~66| `features.shell_snapshot` | `boolean` | Snapshot shell environment to speed up repeated commands (stable; on by default). |~~66 type: "boolean",

~~67| `features.shell_tool` | `boolean` | Enable the default `shell` tool for running commands (stable; on by default). |~~67 description:

~~68| `features.skill_env_var_dependency_prompt` | `boolean` | Prompt for missing skill environment-variable dependencies (under development). |~~68 "When `true`, sandbox escalation approval prompts are allowed to surface.",

~~69| `features.skill_mcp_dependency_install` | `boolean` | Allow prompting and installing missing MCP dependencies for skills (stable; on by default). |~~69 },

~~70| `features.sqlite` | `boolean` | Enable SQLite-backed state persistence (stable; on by default). |~~70 {

~~71| `features.steer` | `boolean` | Legacy toggle from an earlier Enter/Tab steering rollout. Current builds always use the current steering behavior. |~~71 key: "approval_policy.granular.rules",

~~72| `features.undo` | `boolean` | Enable undo support (stable; off by default). |~~72 type: "boolean",

~~73| `features.unified_exec` | `boolean` | Use the unified PTY-backed exec tool (stable; enabled by default except on Windows). |~~73 description:

~~74| `features.use_linux_sandbox_bwrap` | `boolean` | Use the bubblewrap-based Linux sandbox pipeline (experimental; off by default). |~~74 "When `true`, approvals triggered by execpolicy `prompt` rules are allowed to surface.",

~~75| `features.web_search` | `boolean` | Deprecated legacy toggle; prefer the top-level `web_search` setting. |~~75 },

~~76| `features.web_search_cached` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`. |~~76 {

~~77| `features.web_search_request` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`. |~~77 key: "approval_policy.granular.mcp_elicitations",

~~78| `feedback.enabled` | `boolean` | Enable feedback submission via `/feedback` across Codex surfaces (default: true). |~~78 type: "boolean",

~~80| `forced_chatgpt_workspace_id` | `string (uuid)` | Limit ChatGPT logins to a specific workspace identifier. |~~80 "When `true`, MCP elicitation prompts are allowed to surface instead of being auto-rejected.",

~~81| `forced_login_method` | `chatgpt | api` | Restrict Codex to a specific authentication method. |~~81 },

~~82| `hide_agent_reasoning` | `boolean` | Suppress reasoning events in both the TUI and `codex exec` output. |~~82 {

~~83| `history.max_bytes` | `number` | If set, caps the history file size in bytes by dropping oldest entries. |~~83 key: "approval_policy.granular.request_permissions",

~~85| `instructions` | `string` | Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`. |~~85 description:

~~86| `log_dir` | `string (path)` | Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`. |~~86 "When `true`, prompts from the `request_permissions` tool are allowed to surface.",

~~87| `mcp_oauth_callback_port` | `integer` | Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS. |~~87 },

~~88| `mcp_oauth_callback_url` | `string` | Optional redirect URI override for MCP OAuth login (for example, a devbox ingress URL). `mcp_oauth_callback_port` still controls the callback listener port. |~~88 {

~~90| `mcp_servers.<id>.args` | `array<string>` | Arguments passed to the MCP stdio server command. |~~90 type: "boolean",

~~91| `mcp_servers.<id>.bearer_token_env_var` | `string` | Environment variable sourcing the bearer token for an MCP HTTP server. |~~91 description:

~~92| `mcp_servers.<id>.command` | `string` | Launcher command for an MCP stdio server. |~~92 "When `true`, skill-script approval prompts are allowed to surface.",

~~93| `mcp_servers.<id>.cwd` | `string` | Working directory for the MCP stdio server process. |~~93 },

~~94| `mcp_servers.<id>.disabled_tools` | `array<string>` | Deny list applied after `enabled_tools` for the MCP server. |~~94 {

~~95| `mcp_servers.<id>.enabled` | `boolean` | Disable an MCP server without removing its configuration. |~~95 key: "approvals_reviewer",

~~97| `mcp_servers.<id>.env` | `map<string,string>` | Environment variables forwarded to the MCP stdio server. |~~97 description:

~~98| `mcp_servers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables for an MCP HTTP server. |~~98 "Who reviews eligible approval prompts under `on-request` or granular approval policies. Defaults to `user`; `auto_review` uses the reviewer subagent. This setting doesn't change sandboxing or review actions already allowed inside the sandbox.",

~~99| `mcp_servers.<id>.env_vars` | `array<string>` | Additional environment variables to whitelist for an MCP stdio server. |~~99 },

100| `mcp_servers.<id>.http_headers` | `map<string,string>` | Static HTTP headers included with each MCP HTTP request. |100 {

101| `mcp_servers.<id>.oauth_resource` | `string` | Optional RFC 8707 OAuth resource parameter to include during MCP login. |101 key: "auto_review.policy",

102| `mcp_servers.<id>.required` | `boolean` | When true, fail startup/resume if this enabled MCP server cannot initialize. |102 type: "string",

103| `mcp_servers.<id>.scopes` | `array<string>` | OAuth scopes to request when authenticating to that MCP server. |103 description:

104| `mcp_servers.<id>.startup_timeout_ms` | `number` | Alias for `startup_timeout_sec` in milliseconds. |104 "Local Markdown policy instructions for automatic review. Managed `guardian_policy_config` takes precedence. Blank values are ignored.",

105| `mcp_servers.<id>.startup_timeout_sec` | `number` | Override the default 10s startup timeout for an MCP server. |105 },

106| `mcp_servers.<id>.tool_timeout_sec` | `number` | Override the default 60s per-tool timeout for an MCP server. |106 {

107| `mcp_servers.<id>.url` | `string` | Endpoint for an MCP streamable HTTP server. |107 key: "allow_login_shell",

108| `model` | `string` | Model to use (e.g., `gpt-5-codex`). |108 type: "boolean",

109| `model_auto_compact_token_limit` | `number` | Token threshold that triggers automatic history compaction (unset uses model defaults). |109 description:

110| `model_catalog_json` | `string (path)` | Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile. |110 "Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells.",

111| `model_context_window` | `number` | Context window tokens available to the active model. |111 },

112| `model_instructions_file` | `string (path)` | Replacement for built-in instructions instead of `AGENTS.md`. |112 {

113| `model_provider` | `string` | Provider id from `model_providers` (default: `openai`). |113 key: "sandbox_mode",

115| `model_providers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables when present. |115 description:

116| `model_providers.<id>.env_key` | `string` | Environment variable supplying the provider API key. |116 "Sandbox policy for filesystem and network access during command execution.",

117| `model_providers.<id>.env_key_instructions` | `string` | Optional setup guidance for the provider API key. |117 },

118| `model_providers.<id>.experimental_bearer_token` | `string` | Direct bearer token for the provider (discouraged; use `env_key`). |118 {

119| `model_providers.<id>.http_headers` | `map<string,string>` | Static HTTP headers added to provider requests. |119 key: "sandbox_workspace_write.writable_roots",

120| `model_providers.<id>.name` | `string` | Display name for a custom model provider. |120 type: "array<string>",

121| `model_providers.<id>.query_params` | `map<string,string>` | Extra query parameters appended to provider requests. |121 description:

122| `model_providers.<id>.request_max_retries` | `number` | Retry count for HTTP requests to the provider (default: 4). |122 'Additional writable roots when `sandbox_mode = "workspace-write"`.',

123| `model_providers.<id>.requires_openai_auth` | `boolean` | The provider uses OpenAI authentication (defaults to false). |123 },

124| `model_providers.<id>.stream_idle_timeout_ms` | `number` | Idle timeout for SSE streams in milliseconds (default: 300000). |124 {

125| `model_providers.<id>.stream_max_retries` | `number` | Retry count for SSE streaming interruptions (default: 5). |125 key: "sandbox_workspace_write.network_access",

126| `model_providers.<id>.supports_websockets` | `boolean` | Whether that provider supports the Responses API WebSocket transport. |126 type: "boolean",

127| `model_providers.<id>.wire_api` | `responses` | Protocol used by the provider. `responses` is the only supported value, and it is the default when omitted. |127 description:

129| `model_reasoning_summary` | `auto | concise | detailed | none` | Select reasoning summary detail or disable summaries entirely. |129 },

130| `model_supports_reasoning_summaries` | `boolean` | Force Codex to send or not send reasoning metadata. |130 {

132| `notice.hide_full_access_warning` | `boolean` | Track acknowledgement of the full access warning prompt. |132 type: "boolean",

133| `notice.hide_gpt-5.1-codex-max_migration_prompt` | `boolean` | Track acknowledgement of the gpt-5.1-codex-max migration prompt. |133 description:

134| `notice.hide_gpt5_1_migration_prompt` | `boolean` | Track acknowledgement of the GPT-5.1 migration prompt. |134 "Exclude `$TMPDIR` from writable roots in workspace-write mode.",

135| `notice.hide_rate_limit_model_nudge` | `boolean` | Track opt-out of the rate limit model switch reminder. |135 },

136| `notice.hide_world_writable_warning` | `boolean` | Track acknowledgement of the Windows world-writable directories warning. |136 {

137| `notice.model_migrations` | `map<string,string>` | Track acknowledged model migrations as old->new mappings. |137 key: "sandbox_workspace_write.exclude_slash_tmp",

138| `notify` | `array<string>` | Command invoked for notifications; receives a JSON payload from Codex. |138 type: "boolean",

140| `otel.environment` | `string` | Environment tag applied to emitted OpenTelemetry events (default: `dev`). |140 "Exclude `/tmp` from writable roots in workspace-write mode.",

141| `otel.exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry exporter and provide any endpoint metadata. |141 },

142| `otel.exporter.<id>.endpoint` | `string` | Exporter endpoint for OTEL logs. |142 {

143| `otel.exporter.<id>.headers` | `map<string,string>` | Static headers included with OTEL exporter requests. |143 key: "windows.sandbox",

145| `otel.exporter.<id>.tls.ca-certificate` | `string` | CA certificate path for OTEL exporter TLS. |145 description:

146| `otel.exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL exporter TLS. |146 "Windows-only native sandbox mode when running Codex natively on Windows.",

147| `otel.exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL exporter TLS. |147 },

148| `otel.log_user_prompt` | `boolean` | Opt in to exporting raw user prompts with OpenTelemetry logs. |148 {

151| `otel.trace_exporter.<id>.endpoint` | `string` | Trace exporter endpoint for OTEL logs. |151 description:

152| `otel.trace_exporter.<id>.headers` | `map<string,string>` | Static headers included with OTEL trace exporter requests. |152 "Run the final sandboxed child process on a private desktop by default on native Windows. Set `false` only for compatibility with the older `Winsta0\\\\Default` behavior.",

153| `otel.trace_exporter.<id>.protocol` | `binary | json` | Protocol used by the OTLP/HTTP trace exporter. |153 },

154| `otel.trace_exporter.<id>.tls.ca-certificate` | `string` | CA certificate path for OTEL trace exporter TLS. |154 {

155| `otel.trace_exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL trace exporter TLS. |155 key: "notify",

156| `otel.trace_exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL trace exporter TLS. |156 type: "array<string>",

157| `permissions.network.admin_url` | `string` | Admin endpoint for the managed network proxy. |157 description:

158| `permissions.network.allow_local_binding` | `boolean` | Permit local bind/listen operations through the managed proxy. |158 "Command invoked for notifications; receives a JSON payload from Codex.",

159| `permissions.network.allow_unix_sockets` | `array<string>` | Allowlist of Unix socket paths permitted through the managed proxy. |159 },

160| `permissions.network.allow_upstream_proxy` | `boolean` | Allow the managed proxy to chain to another upstream proxy. |160 {

161| `permissions.network.allowed_domains` | `array<string>` | Allowlist of domains permitted through the managed proxy. |161 key: "check_for_update_on_startup",

162| `permissions.network.dangerously_allow_all_unix_sockets` | `boolean` | Allow the proxy to use arbitrary Unix sockets instead of the default restricted set. |162 type: "boolean",

163| `permissions.network.dangerously_allow_non_loopback_admin` | `boolean` | Permit non-loopback bind addresses for the managed proxy admin listener. |163 description:

164| `permissions.network.dangerously_allow_non_loopback_proxy` | `boolean` | Permit non-loopback bind addresses for the managed proxy listener. |164 "Check for Codex updates on startup (set to false only when updates are centrally managed).",

165| `permissions.network.denied_domains` | `array<string>` | Denylist of domains blocked by the managed proxy. |165 },

166| `permissions.network.enable_socks5` | `boolean` | Expose a SOCKS5 listener from the managed network proxy. |166 {

167| `permissions.network.enable_socks5_udp` | `boolean` | Allow UDP over the SOCKS5 listener when enabled. |167 key: "feedback.enabled",

168| `permissions.network.enabled` | `boolean` | Enable the managed network proxy configuration for subprocesses. |168 type: "boolean",

170| `permissions.network.proxy_url` | `string` | HTTP proxy endpoint used by the managed network proxy. |170 "Enable feedback submission via `/feedback` across Codex surfaces (default: true).",

171| `permissions.network.socks_url` | `string` | SOCKS5 proxy endpoint used by the managed network proxy. |171 },

172| `personality` | `none | friendly | pragmatic` | Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`. |172 {

174| `profile` | `string` | Default profile applied at startup (equivalent to `--profile`). |174 type: "boolean",

175| `profiles.<name>.*` | `various` | Profile-scoped overrides for any of the supported configuration keys. |175 description:

176| `profiles.<name>.analytics.enabled` | `boolean` | Profile-scoped analytics enablement override. |176 "Enable or disable analytics for this machine/profile. When unset, the client default applies.",

177| `profiles.<name>.experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec`. |177 },

178| `profiles.<name>.model_catalog_json` | `string (path)` | Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile). |178 {

179| `profiles.<name>.model_instructions_file` | `string (path)` | Profile-scoped replacement for the built-in instruction file. |179 key: "instructions",

183| `profiles.<name>.service_tier` | `flex | fast` | Profile-scoped service tier preference for new turns. |183 },

184| `profiles.<name>.tools_view_image` | `boolean` | Enable or disable the `view_image` tool in that profile. |184 {

187| `project_doc_fallback_filenames` | `array<string>` | Additional filenames to try when `AGENTS.md` is missing. |187 description:

188| `project_doc_max_bytes` | `number` | Maximum bytes read from `AGENTS.md` when building project instructions. |188 "Additional developer instructions injected into the session (optional).",

189| `project_root_markers` | `array<string>` | List of project root marker filenames; used when searching parent directories for the project root. |189 },

190| `projects.<path>.trust_level` | `string` | Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers. |190 {

191| `review_model` | `string` | Optional model override used by `/review` (defaults to the current session model). |191 key: "log_dir",

193| `sandbox_workspace_write.exclude_slash_tmp` | `boolean` | Exclude `/tmp` from writable roots in workspace-write mode. |193 description:

194| `sandbox_workspace_write.exclude_tmpdir_env_var` | `boolean` | Exclude `$TMPDIR` from writable roots in workspace-write mode. |194 "Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`.",

195| `sandbox_workspace_write.network_access` | `boolean` | Allow outbound network access inside the workspace-write sandbox. |195 },

196| `sandbox_workspace_write.writable_roots` | `array<string>` | Additional writable roots when `sandbox_mode = "workspace-write"`. |196 {

198| `shell_environment_policy.exclude` | `array<string>` | Glob patterns for removing environment variables after the defaults. |198 type: "string (path)",

199| `shell_environment_policy.experimental_use_profile` | `boolean` | Use the user shell profile when spawning subprocesses. |199 description:

200| `shell_environment_policy.ignore_default_excludes` | `boolean` | Keep variables containing KEY/SECRET/TOKEN before other filters run. |200 "Directory where Codex stores the SQLite-backed state DB used by agent jobs and other resumable runtime state.",

201| `shell_environment_policy.include_only` | `array<string>` | Whitelist of patterns; when set only matching variables are kept. |201 },

202| `shell_environment_policy.inherit` | `all | core | none` | Baseline environment inheritance when spawning subprocesses. |202 {

203| `shell_environment_policy.set` | `map<string,string>` | Explicit environment overrides injected into every subprocess. |203 key: "compact_prompt",

204| `show_raw_agent_reasoning` | `boolean` | Surface raw reasoning content when the active model emits it. |204 type: "string",

205| `skills.config` | `array<object>` | Per-skill enablement overrides stored in config.toml. |205 description: "Inline override for the history compaction prompt.",

206| `skills.config.<index>.enabled` | `boolean` | Enable or disable the referenced skill. |206 },

207| `skills.config.<index>.path` | `string (path)` | Path to a skill folder containing `SKILL.md`. |207 {

208| `sqlite_home` | `string (path)` | Directory where Codex stores the SQLite-backed state DB used by agent jobs and other resumable runtime state. |208 key: "commit_attribution",

209| `suppress_unstable_features_warning` | `boolean` | Suppress the warning that appears when under-development feature flags are enabled. |209 type: "string",

210| `tool_output_token_limit` | `number` | Token budget for storing individual tool/function outputs in history. |210 description:

211| `tools.view_image` | `boolean` | Enable the local-image attachment tool `view_image`. |211 "Override the commit co-author trailer text. Set an empty string to disable automatic attribution.",

212| `tools.web_search` | `boolean` | Deprecated legacy toggle for web search; prefer the top-level `web_search` setting. |212 },

213| `tui` | `table` | TUI-specific options such as enabling inline desktop notifications. |213 {

215| `tui.animations` | `boolean` | Enable terminal animations (welcome screen, shimmer, spinner) (default: true). |215 type: "string (path)",

216| `tui.model_availability_nux.<model>` | `integer` | Internal startup-tooltip state keyed by model slug. |216 description:

217| `tui.notification_method` | `auto | osc9 | bel` | Notification method for unfocused terminal notifications (default: auto). |217 "Replacement for built-in instructions instead of `AGENTS.md`.",

218| `tui.notifications` | `boolean | array<string>` | Enable TUI notifications; optionally restrict to specific event types. |218 },

219| `tui.show_tooltips` | `boolean` | Show onboarding tooltips in the TUI welcome screen (default: true). |219 {

222| `web_search` | `disabled | cached | live` | Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool. |222 description:

223| `windows_wsl_setup_acknowledged` | `boolean` | Track Windows onboarding acknowledgement (Windows only). |223 "Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`.",

224| `windows.sandbox` | `unelevated | elevated` | Windows-only native sandbox mode when running Codex natively on Windows. |224 },

~~225~~ 225 {

226Key226 key: "service_tier",

~~227~~ 227 type: "flex | fast",

228`agents.<name>.config_file`228 description: "Preferred service tier for new turns.",

~~229~~ 229 },

230Type / Values230 {

~~231~~ 231 key: "experimental_compact_prompt_file",

232`string (path)`232 type: "string (path)",

~~233~~ 233 description:

234Details234 "Load the compaction prompt override from a file (experimental).",

~~235~~ 235 },

236Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role.236 {

~~237~~ 237 key: "skills.config",

238Key238 type: "array<object>",

~~239~~ 239 description: "Per-skill enablement overrides stored in config.toml.",

240`agents.<name>.description`240 },

~~241~~ 241 {

242Type / Values242 key: "skills.config.<index>.path",

~~243~~ 243 type: "string (path)",

244`string`244 description: "Path to a skill folder containing `SKILL.md`.",

~~245~~ 245 },

246Details246 {

~~247~~ 247 key: "skills.config.<index>.enabled",

248Role guidance shown to Codex when choosing and spawning that agent type.248 type: "boolean",

~~249~~ 249 description: "Enable or disable the referenced skill.",

250Key250 },

~~251~~ 251 {

252`agents.<name>.nickname_candidates`252 key: "apps.<id>.enabled",

~~253~~ 253 type: "boolean",

254Type / Values254 description:

~~255~~ 255 "Enable or disable a specific app/connector by id (default: true).",

256`array<string>`256 },

~~257~~ 257 {

258Details258 key: "apps._default.enabled",

~~259~~ 259 type: "boolean",

260Optional pool of display nicknames for spawned agents in that role.260 description:

~~261~~ 261 "Default app enabled state for all apps unless overridden per app.",

262Key262 },

~~263~~ 263 {

264`agents.job_max_runtime_seconds`264 key: "apps._default.destructive_enabled",

~~265~~ 265 type: "boolean",

266Type / Values266 description:

~~267~~ 267 "Default allow/deny for app tools with `destructive_hint = true`.",

268`number`268 },

~~269~~ 269 {

270Details270 key: "apps._default.open_world_enabled",

~~271~~ 271 type: "boolean",

272Default per-worker timeout for `spawn_agents_on_csv` jobs. When unset, the tool falls back to 1800 seconds per worker.272 description:

~~273~~ 273 "Default allow/deny for app tools with `open_world_hint = true`.",

274Key274 },

~~275~~ 275 {

276`agents.max_depth`276 key: "apps.<id>.destructive_enabled",

~~277~~ 277 type: "boolean",

278Type / Values278 description:

~~279~~ 279 "Allow or block tools in this app that advertise `destructive_hint = true`.",

280`number`280 },

~~281~~ 281 {

282Details282 key: "apps.<id>.open_world_enabled",

~~283~~ 283 type: "boolean",

284Maximum nesting depth allowed for spawned agent threads (root sessions start at depth 0; default: 1).284 description:

~~285~~ 285 "Allow or block tools in this app that advertise `open_world_hint = true`.",

286Key286 },

~~287~~ 287 {

288`agents.max_threads`288 key: "apps.<id>.default_tools_enabled",

~~289~~ 289 type: "boolean",

290Type / Values290 description:

~~291~~ 291 "Default enabled state for tools in this app unless a per-tool override exists.",

292`number`292 },

~~293~~ 293 {

294Details294 key: "apps.<id>.default_tools_approval_mode",

~~295~~ 295 type: "auto | prompt | approve",

296Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset.296 description:

~~297~~ 297 "Default approval behavior for tools in this app unless a per-tool override exists.",

298Key298 },

~~299~~ 299 {

300`allow_login_shell`300 key: "apps.<id>.tools.<tool>.enabled",

~~301~~ 301 type: "boolean",

302Type / Values302 description:

~~303~~ 303 "Per-tool enabled override for an app tool (for example `repos/list`).",

304`boolean`304 },

~~305~~ 305 {

306Details306 key: "apps.<id>.tools.<tool>.approval_mode",

~~307~~ 307 type: "auto | prompt | approve",

308Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells.308 description: "Per-tool approval behavior override for a single app tool.",

~~309~~ 309 },

310Key310 {

~~311~~ 311 key: "tool_suggest.discoverables",

312`analytics.enabled`312 type: "array<table>",

~~313~~ 313 description:

314Type / Values314 'Allow tool suggestions for additional discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`.',

~~315~~ 315 },

316`boolean`316 {

~~317~~ 317 key: "tool_suggest.disabled_tools",

318Details318 type: "array<table>",

~~319~~ 319 description:

320Enable or disable analytics for this machine/profile. When unset, the client default applies.320 'Disable suggestions for specific discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`.',

~~321~~ 321 },

322Key322 {

~~323~~ 323 key: "features.apps",

324`approval_policy`324 type: "boolean",

~~325~~ 325 description: "Enable ChatGPT Apps/connectors support (experimental).",

326Type / Values326 },

~~327~~ 327 {

328`untrusted | on-request | never | { reject = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool } }`328 key: "features.codex_hooks",

~~329~~ 329 type: "boolean",

330Details330 description:

~~331~~ 331 "Enable lifecycle hooks loaded from `hooks.json` or inline `[hooks]` config.",

332Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { reject = { ... } }` to auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs.332 },

~~333~~ 333 {

334Key334 key: "hooks",

~~335~~ 335 type: "table",

336`approval_policy.reject.mcp_elicitations`336 description:

~~337~~ 337 "Lifecycle hooks configured inline in `config.toml`. Uses the same event schema as `hooks.json`; see the Hooks guide for examples and supported events.",

338Type / Values338 },

~~339~~ 339 {

340`boolean`340 key: "features.memories",

~~341~~ 341 type: "boolean",

342Details342 description: "Enable [Memories](https://developers.openai.com/codex/memories) (off by default).",

~~343~~ 343 },

344When `true`, MCP elicitation prompts are auto-rejected instead of shown to the user.344 {

~~345~~ 345 key: "mcp_servers.<id>.command",

346Key346 type: "string",

~~347~~ 347 description: "Launcher command for an MCP stdio server.",

348`approval_policy.reject.rules`348 },

~~349~~ 349 {

350Type / Values350 key: "mcp_servers.<id>.args",

~~351~~ 351 type: "array<string>",

352`boolean`352 description: "Arguments passed to the MCP stdio server command.",

~~353~~ 353 },

354Details354 {

~~355~~ 355 key: "mcp_servers.<id>.env",

356When `true`, approvals triggered by execpolicy `prompt` rules are auto-rejected.356 type: "map<string,string>",

~~357~~ 357 description: "Environment variables forwarded to the MCP stdio server.",

358Key358 },

~~359~~ 359 {

360`approval_policy.reject.sandbox_approval`360 key: "mcp_servers.<id>.env_vars",

~~361~~ 361 type: 'array<string | { name = string, source = "local" | "remote" }>',

362Type / Values362 description:

~~363~~ 363 'Additional environment variables to whitelist for an MCP stdio server. String entries default to `source = "local"`; use `source = "remote"` only with executor-backed remote stdio.',

364`boolean`364 },

~~365~~ 365 {

366Details366 key: "mcp_servers.<id>.cwd",

~~367~~ 367 type: "string",

368When `true`, sandbox escalation approval prompts are auto-rejected.368 description: "Working directory for the MCP stdio server process.",

~~369~~ 369 },

370Key370 {

~~371~~ 371 key: "mcp_servers.<id>.url",

372`apps._default.destructive_enabled`372 type: "string",

~~373~~ 373 description: "Endpoint for an MCP streamable HTTP server.",

374Type / Values374 },

~~375~~ 375 {

376`boolean`376 key: "mcp_servers.<id>.bearer_token_env_var",

~~377~~ 377 type: "string",

378Details378 description:

~~379~~ 379 "Environment variable sourcing the bearer token for an MCP HTTP server.",

380Default allow/deny for app tools with `destructive_hint = true`.380 },

~~381~~ 381 {

382Key382 key: "mcp_servers.<id>.http_headers",

~~383~~ 383 type: "map<string,string>",

384`apps._default.enabled`384 description: "Static HTTP headers included with each MCP HTTP request.",

~~385~~ 385 },

386Type / Values386 {

~~387~~ 387 key: "mcp_servers.<id>.env_http_headers",

388`boolean`388 type: "map<string,string>",

~~389~~ 389 description:

390Details390 "HTTP headers populated from environment variables for an MCP HTTP server.",

~~391~~ 391 },

392Default app enabled state for all apps unless overridden per app.392 {

~~393~~ 393 key: "mcp_servers.<id>.enabled",

394Key394 type: "boolean",

~~395~~ 395 description: "Disable an MCP server without removing its configuration.",

396`apps._default.open_world_enabled`396 },

~~397~~ 397 {

398Type / Values398 key: "mcp_servers.<id>.required",

~~399~~ 399 type: "boolean",

400`boolean`400 description:

~~401~~ 401 "When true, fail startup/resume if this enabled MCP server cannot initialize.",

402Details402 },

~~403~~ 403 {

404Default allow/deny for app tools with `open_world_hint = true`.404 key: "mcp_servers.<id>.startup_timeout_sec",

~~405~~ 405 type: "number",

406Key406 description:

~~407~~ 407 "Override the default 10s startup timeout for an MCP server.",

408`apps.<id>.default_tools_approval_mode`408 },

~~409~~ 409 {

410Type / Values410 key: "mcp_servers.<id>.startup_timeout_ms",

~~411~~ 411 type: "number",

412`auto | prompt | approve`412 description: "Alias for `startup_timeout_sec` in milliseconds.",

~~413~~ 413 },

414Details414 {

~~415~~ 415 key: "mcp_servers.<id>.tool_timeout_sec",

416Default approval behavior for tools in this app unless a per-tool override exists.416 type: "number",

~~417~~ 417 description:

418Key418 "Override the default 60s per-tool timeout for an MCP server.",

~~419~~ 419 },

420`apps.<id>.default_tools_enabled`420 {

~~421~~ 421 key: "mcp_servers.<id>.enabled_tools",

422Type / Values422 type: "array<string>",

~~423~~ 423 description: "Allow list of tool names exposed by the MCP server.",

424`boolean`424 },

~~425~~ 425 {

426Details426 key: "mcp_servers.<id>.disabled_tools",

~~427~~ 427 type: "array<string>",

428Default enabled state for tools in this app unless a per-tool override exists.428 description:

~~429~~ 429 "Deny list applied after `enabled_tools` for the MCP server.",

430Key430 },

~~431~~ 431 {

432`apps.<id>.destructive_enabled`432 key: "mcp_servers.<id>.scopes",

~~433~~ 433 type: "array<string>",

434Type / Values434 description:

~~435~~ 435 "OAuth scopes to request when authenticating to that MCP server.",

436`boolean`436 },

~~437~~ 437 {

438Details438 key: "mcp_servers.<id>.oauth_resource",

~~439~~ 439 type: "string",

440Allow or block tools in this app that advertise `destructive_hint = true`.440 description:

~~441~~ 441 "Optional RFC 8707 OAuth resource parameter to include during MCP login.",

442Key442 },

~~443~~ 443 {

444`apps.<id>.enabled`444 key: "mcp_servers.<id>.experimental_environment",

~~445~~ 445 type: "local | remote",

446Type / Values446 description:

~~447~~ 447 "Experimental placement for an MCP server. `remote` starts stdio servers through a remote executor environment; streamable HTTP remote placement is not implemented.",

448`boolean`448 },

~~449~~ 449 {

450Details450 key: "agents.max_threads",

~~451~~ 451 type: "number",

452Enable or disable a specific app/connector by id (default: true).452 description:

~~453~~ 453 "Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset.",

454Key454 },

~~455~~ 455 {

456`apps.<id>.open_world_enabled`456 key: "agents.max_depth",

~~457~~ 457 type: "number",

458Type / Values458 description:

~~459~~ 459 "Maximum nesting depth allowed for spawned agent threads (root sessions start at depth 0; default: 1).",

460`boolean`460 },

~~461~~ 461 {

462Details462 key: "agents.job_max_runtime_seconds",

~~463~~ 463 type: "number",

464Allow or block tools in this app that advertise `open_world_hint = true`.464 description:

~~465~~ 465 "Default per-worker timeout for `spawn_agents_on_csv` jobs. When unset, the tool falls back to 1800 seconds per worker.",

466Key466 },

~~467~~ 467 {

468`apps.<id>.tools.<tool>.approval_mode`468 key: "agents.<name>.description",

~~469~~ 469 type: "string",

470Type / Values470 description:

~~471~~ 471 "Role guidance shown to Codex when choosing and spawning that agent type.",

472`auto | prompt | approve`472 },

~~473~~ 473 {

474Details474 key: "agents.<name>.config_file",

~~475~~ 475 type: "string (path)",

476Per-tool approval behavior override for a single app tool.476 description:

~~477~~ 477 "Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role.",

478Key478 },

~~479~~ 479 {

480`apps.<id>.tools.<tool>.enabled`480 key: "agents.<name>.nickname_candidates",

~~481~~ 481 type: "array<string>",

482Type / Values482 description:

~~483~~ 483 "Optional pool of display nicknames for spawned agents in that role.",

484`boolean`484 },

~~485~~ 485 {

486Details486 key: "memories.generate_memories",

~~487~~ 487 type: "boolean",

488Per-tool enabled override for an app tool (for example `repos/list`).488 description:

~~489~~ 489 "When `false`, newly created threads are not stored as memory-generation inputs. Defaults to `true`.",

490Key490 },

~~491~~ 491 {

492`background_terminal_max_timeout`492 key: "memories.use_memories",

~~493~~ 493 type: "boolean",

494Type / Values494 description:

~~495~~ 495 "When `false`, Codex skips injecting existing memories into future sessions. Defaults to `true`.",

496`number`496 },

~~497~~ 497 {

498Details498 key: "memories.disable_on_external_context",

~~499~~ 499 type: "boolean",

500Maximum poll window in milliseconds for empty `write_stdin` polls (background terminal polling). Default: `300000` (5 minutes). Replaces the older `background_terminal_timeout` key.500 description:

~~501~~ 501 "When `true`, threads that use external context such as MCP tool calls, web search, or tool search are kept out of memory generation. Defaults to `false`. Legacy alias: `memories.no_memories_if_mcp_or_web_search`.",

502Key502 },

~~503~~ 503 {

504`chatgpt_base_url`504 key: "memories.max_raw_memories_for_consolidation",

~~505~~ 505 type: "number",

506Type / Values506 description:

~~507~~ 507 "Maximum recent raw memories retained for global consolidation. Defaults to `256` and is capped at `4096`.",

508`string`508 },

~~509~~ 509 {

510Details510 key: "memories.max_unused_days",

~~511~~ 511 type: "number",

512Override the base URL used during the ChatGPT login flow.512 description:

~~513~~ 513 "Maximum days since a memory was last used before it becomes ineligible for consolidation. Defaults to `30` and is clamped to `0`-`365`.",

514Key514 },

~~515~~ 515 {

516`check_for_update_on_startup`516 key: "memories.max_rollout_age_days",

~~517~~ 517 type: "number",

518Type / Values518 description:

~~519~~ 519 "Maximum age of threads considered for memory generation. Defaults to `30` and is clamped to `0`-`90`.",

520`boolean`520 },

~~521~~ 521 {

522Details522 key: "memories.max_rollouts_per_startup",

~~523~~ 523 type: "number",

524Check for Codex updates on startup (set to false only when updates are centrally managed).524 description:

~~525~~ 525 "Maximum rollout candidates processed per startup pass. Defaults to `16` and is capped at `128`.",

526Key526 },

~~527~~ 527 {

528`cli_auth_credentials_store`528 key: "memories.min_rollout_idle_hours",

~~529~~ 529 type: "number",

530Type / Values530 description:

~~531~~ 531 "Minimum idle time before a thread is considered for memory generation. Defaults to `6` and is clamped to `1`-`48`.",

532`file | keyring | auto`532 },

~~533~~ 533 {

534Details534 key: "memories.min_rate_limit_remaining_percent",

~~535~~ 535 type: "number",

536Control where the CLI stores cached credentials (file-based auth.json vs OS keychain).536 description:

~~537~~ 537 "Minimum remaining percentage required in Codex rate-limit windows before memory generation starts. Defaults to `25` and is clamped to `0`-`100`.",

538Key538 },

~~539~~ 539 {

540`commit_attribution`540 key: "memories.extract_model",

~~541~~ 541 type: "string",

542Type / Values542 description: "Optional model override for per-thread memory extraction.",

~~543~~ 543 },

544`string`544 {

~~545~~ 545 key: "memories.consolidation_model",

546Details546 type: "string",

~~547~~ 547 description: "Optional model override for global memory consolidation.",

548Override the commit co-author trailer text. Set an empty string to disable automatic attribution.548 },

~~549~~ 549 {

550Key550 key: "features.unified_exec",

~~551~~ 551 type: "boolean",

552`compact_prompt`552 description:

~~553~~ 553 "Use the unified PTY-backed exec tool (stable; enabled by default except on Windows).",

554Type / Values554 },

~~555~~ 555 {

556`string`556 key: "features.shell_snapshot",

~~557~~ 557 type: "boolean",

558Details558 description:

~~559~~ 559 "Snapshot shell environment to speed up repeated commands (stable; on by default).",

560Inline override for the history compaction prompt.560 },

~~561~~ 561 {

562Key562 key: "features.undo",

~~563~~ 563 type: "boolean",

564`developer_instructions`564 description: "Enable undo support (stable; off by default).",

~~565~~ 565 },

566Type / Values566 {

~~567~~ 567 key: "features.multi_agent",

568`string`568 type: "boolean",

~~569~~ 569 description:

570Details570 "Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait_agent`, and `close_agent`) (stable; on by default).",

~~571~~ 571 },

572Additional developer instructions injected into the session (optional).572 {

~~573~~ 573 key: "features.personality",

574Key574 type: "boolean",

~~575~~ 575 description:

576`disable_paste_burst`576 "Enable personality selection controls (stable; on by default).",

~~577~~ 577 },

578Type / Values578 {

~~579~~ 579 key: "features.web_search",

580`boolean`580 type: "boolean",

~~581~~ 581 description:

582Details582 "Deprecated legacy toggle; prefer the top-level `web_search` setting.",

~~583~~ 583 },

584Disable burst-paste detection in the TUI.584 {

~~585~~ 585 key: "features.web_search_cached",

586Key586 type: "boolean",

~~587~~ 587 description:

588`experimental_compact_prompt_file`588 'Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`.',

~~589~~ 589 },

590Type / Values590 {

~~591~~ 591 key: "features.web_search_request",

592`string (path)`592 type: "boolean",

~~593~~ 593 description:

594Details594 'Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`.',

~~595~~ 595 },

596Load the compaction prompt override from a file (experimental).596 {

~~597~~ 597 key: "features.shell_tool",

598Key598 type: "boolean",

~~599~~ 599 description:

600`experimental_use_unified_exec_tool`600 "Enable the default `shell` tool for running commands (stable; on by default).",

~~601~~ 601 },

602Type / Values602 {

~~603~~ 603 key: "features.enable_request_compression",

604`boolean`604 type: "boolean",

~~605~~ 605 description:

606Details606 "Compress streaming request bodies with zstd when supported (stable; on by default).",

~~607~~ 607 },

608Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`.608 {

~~609~~ 609 key: "features.skill_mcp_dependency_install",

610Key610 type: "boolean",

~~611~~ 611 description:

612`features.apps`612 "Allow prompting and installing missing MCP dependencies for skills (stable; on by default).",

~~613~~ 613 },

614Type / Values614 {

~~615~~ 615 key: "features.fast_mode",

616`boolean`616 type: "boolean",

~~617~~ 617 description:

618Details618 'Enable Fast mode selection and the `service_tier = "fast"` path (stable; on by default).',

~~619~~ 619 },

620Enable ChatGPT Apps/connectors support (experimental).620 {

~~621~~ 621 key: "features.prevent_idle_sleep",

622Key622 type: "boolean",

~~623~~ 623 description:

624`features.apps_mcp_gateway`624 "Prevent the machine from sleeping while a turn is actively running (experimental; off by default).",

~~625~~ 625 },

626Type / Values626 {

~~627~~ 627 key: "suppress_unstable_features_warning",

628`boolean`628 type: "boolean",

~~629~~ 629 description:

630Details630 "Suppress the warning that appears when under-development feature flags are enabled.",

~~631~~ 631 },

632Route Apps MCP calls through the OpenAI connectors MCP gateway (`https://api.openai.com/v1/connectors/mcp/`) instead of legacy routing (experimental).632 {

~~633~~ 633 key: "model_providers.<id>",

634Key634 type: "table",

~~635~~ 635 description:

636`features.artifact`636 "Custom provider definition. Built-in provider IDs (`openai`, `ollama`, and `lmstudio`) are reserved and cannot be overridden.",

~~637~~ 637 },

638Type / Values638 {

~~639~~ 639 key: "model_providers.<id>.name",

640`boolean`640 type: "string",

~~641~~ 641 description: "Display name for a custom model provider.",

642Details642 },

~~643~~ 643 {

644Enable native artifact tools such as slides and spreadsheets (under development).644 key: "model_providers.<id>.base_url",

~~645~~ 645 type: "string",

646Key646 description: "API base URL for the model provider.",

~~647~~ 647 },

648`features.child_agents_md`648 {

~~649~~ 649 key: "model_providers.<id>.env_key",

650Type / Values650 type: "string",

~~651~~ 651 description: "Environment variable supplying the provider API key.",

652`boolean`652 },

~~653~~ 653 {

654Details654 key: "model_providers.<id>.env_key_instructions",

~~655~~ 655 type: "string",

656Append AGENTS.md scope/precedence guidance even when no AGENTS.md is present (experimental).656 description: "Optional setup guidance for the provider API key.",

~~657~~ 657 },

658Key658 {

~~659~~ 659 key: "model_providers.<id>.experimental_bearer_token",

660`features.collaboration_modes`660 type: "string",

~~661~~ 661 description:

662Type / Values662 "Direct bearer token for the provider (discouraged; use `env_key`).",

~~663~~ 663 },

664`boolean`664 {

~~665~~ 665 key: "model_providers.<id>.requires_openai_auth",

666Details666 type: "boolean",

~~667~~ 667 description:

668Legacy toggle for collaboration modes. Plan and default modes are available in current builds without setting this key.668 "The provider uses OpenAI authentication (defaults to false).",

~~669~~ 669 },

670Key670 {

~~671~~ 671 key: "model_providers.<id>.wire_api",

672`features.default_mode_request_user_input`672 type: "responses",

~~673~~ 673 description:

674Type / Values674 "Protocol used by the provider. `responses` is the only supported value, and it is the default when omitted.",

~~675~~ 675 },

676`boolean`676 {

~~677~~ 677 key: "model_providers.<id>.query_params",

678Details678 type: "map<string,string>",

~~679~~ 679 description: "Extra query parameters appended to provider requests.",

680Allow `request_user_input` in default collaboration mode (under development; off by default).680 },

~~681~~ 681 {

682Key682 key: "model_providers.<id>.http_headers",

~~683~~ 683 type: "map<string,string>",

684`features.elevated_windows_sandbox`684 description: "Static HTTP headers added to provider requests.",

~~685~~ 685 },

686Type / Values686 {

~~687~~ 687 key: "model_providers.<id>.env_http_headers",

688`boolean`688 type: "map<string,string>",

~~689~~ 689 description:

690Details690 "HTTP headers populated from environment variables when present.",

~~691~~ 691 },

692Legacy toggle for an earlier elevated Windows sandbox rollout. Current builds do not use it.692 {

~~693~~ 693 key: "model_providers.<id>.request_max_retries",

694Key694 type: "number",

~~695~~ 695 description:

696`features.enable_request_compression`696 "Retry count for HTTP requests to the provider (default: 4).",

~~697~~ 697 },

698Type / Values698 {

~~699~~ 699 key: "model_providers.<id>.stream_max_retries",

700`boolean`700 type: "number",

~~701~~ 701 description: "Retry count for SSE streaming interruptions (default: 5).",

702Details702 },

~~703~~ 703 {

704Compress streaming request bodies with zstd when supported (stable; on by default).704 key: "model_providers.<id>.stream_idle_timeout_ms",

~~705~~ 705 type: "number",

706Key706 description:

~~707~~ 707 "Idle timeout for SSE streams in milliseconds (default: 300000).",

708`features.experimental_windows_sandbox`708 },

~~709~~ 709 {

710Type / Values710 key: "model_providers.<id>.supports_websockets",

~~711~~ 711 type: "boolean",

712`boolean`712 description:

~~713~~ 713 "Whether that provider supports the Responses API WebSocket transport.",

714Details714 },

~~715~~ 715 {

716Legacy toggle for an earlier Windows sandbox rollout. Current builds do not use it.716 key: "model_providers.<id>.auth",

~~717~~ 717 type: "table",

718Key718 description:

~~719~~ 719 "Command-backed bearer token configuration for a custom provider. Do not combine with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`.",

720`features.fast_mode`720 },

~~721~~ 721 {

722Type / Values722 key: "model_providers.<id>.auth.command",

~~723~~ 723 type: "string",

724`boolean`724 description:

~~725~~ 725 "Command to run when Codex needs a bearer token. The command must print the token to stdout.",

726Details726 },

~~727~~ 727 {

728Enable Fast mode selection and the `service_tier = "fast"` path (stable; on by default).728 key: "model_providers.<id>.auth.args",

~~729~~ 729 type: "array<string>",

730Key730 description: "Arguments passed to the token command.",

~~731~~ 731 },

732`features.image_detail_original`732 {

~~733~~ 733 key: "model_providers.<id>.auth.timeout_ms",

734Type / Values734 type: "number",

~~735~~ 735 description:

736`boolean`736 "Maximum token command runtime in milliseconds (default: 5000).",

~~737~~ 737 },

738Details738 {

~~739~~ 739 key: "model_providers.<id>.auth.refresh_interval_ms",

740Allow image outputs with `detail = "original"` on supported models (under development).740 type: "number",

~~741~~ 741 description:

742Key742 "How often Codex proactively refreshes the token in milliseconds (default: 300000). Set to `0` to refresh only after an authentication retry.",

~~743~~ 743 },

744`features.image_generation`744 {

~~745~~ 745 key: "model_providers.<id>.auth.cwd",

746Type / Values746 type: "string (path)",

~~747~~ 747 description: "Working directory for the token command.",

748`boolean`748 },

~~749~~ 749 {

750Details750 key: "model_providers.amazon-bedrock.aws.profile",

~~751~~ 751 type: "string",

752Enable the built-in image generation tool (under development).752 description:

~~753~~ 753 "AWS profile name used by the built-in `amazon-bedrock` provider.",

754Key754 },

~~755~~ 755 {

756`features.personality`756 key: "model_providers.amazon-bedrock.aws.region",

~~757~~ 757 type: "string",

758Type / Values758 description: "AWS region used by the built-in `amazon-bedrock` provider.",

~~759~~ 759 },

760`boolean`760 {

~~761~~ 761 key: "model_reasoning_effort",

762Details762 type: "minimal | low | medium | high | xhigh",

~~763~~ 763 description:

764Enable personality selection controls (stable; on by default).764 "Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent).",

~~765~~ 765 },

766Key766 {

~~767~~ 767 key: "plan_mode_reasoning_effort",

~~769~~ 769 description:

770Type / Values770 "Plan-mode-specific reasoning override. When unset, Plan mode uses its built-in preset default.",

~~771~~ 771 },

772`boolean`772 {

~~773~~ 773 key: "model_reasoning_summary",

774Details774 type: "auto | concise | detailed | none",

~~775~~ 775 description:

776Force PowerShell UTF-8 output. Enabled by default on Windows and off elsewhere.776 "Select reasoning summary detail or disable summaries entirely.",

~~777~~ 777 },

778Key778 {

~~779~~ 779 key: "model_verbosity",

780`features.prevent_idle_sleep`780 type: "low | medium | high",

~~781~~ 781 description:

782Type / Values782 "Optional GPT-5 Responses API verbosity override; when unset, the selected model/preset default is used.",

~~783~~ 783 },

784`boolean`784 {

~~785~~ 785 key: "model_supports_reasoning_summaries",

786Details786 type: "boolean",

~~787~~ 787 description: "Force Codex to send or not send reasoning metadata.",

788Prevent the machine from sleeping while a turn is actively running (experimental; off by default).788 },

~~789~~ 789 {

790Key790 key: "shell_environment_policy.inherit",

~~791~~ 791 type: "all | core | none",

792`features.remote_models`792 description:

~~793~~ 793 "Baseline environment inheritance when spawning subprocesses.",

794Type / Values794 },

~~795~~ 795 {

796`boolean`796 key: "shell_environment_policy.ignore_default_excludes",

~~797~~ 797 type: "boolean",

798Details798 description:

~~799~~ 799 "Keep variables containing KEY/SECRET/TOKEN before other filters run.",

800Legacy toggle for an older remote-model readiness flow. Current builds do not use it.800 },

~~801~~ 801 {

802Key802 key: "shell_environment_policy.exclude",

~~803~~ 803 type: "array<string>",

804`features.request_rule`804 description:

~~805~~ 805 "Glob patterns for removing environment variables after the defaults.",

806Type / Values806 },

~~807~~ 807 {

808`boolean`808 key: "shell_environment_policy.include_only",

~~809~~ 809 type: "array<string>",

810Details810 description:

~~811~~ 811 "Whitelist of patterns; when set only matching variables are kept.",

812Legacy toggle for Smart approvals. Current builds include this behavior by default, so most users can leave this unset.812 },

~~813~~ 813 {

814Key814 key: "shell_environment_policy.set",

~~815~~ 815 type: "map<string,string>",

816`features.responses_websockets`816 description:

~~817~~ 817 "Explicit environment overrides injected into every subprocess.",

818Type / Values818 },

~~819~~ 819 {

820`boolean`820 key: "shell_environment_policy.experimental_use_profile",

~~821~~ 821 type: "boolean",

822Details822 description: "Use the user shell profile when spawning subprocesses.",

~~823~~ 823 },

824Prefer the Responses API WebSocket transport for supported providers (under development).824 {

~~825~~ 825 key: "project_root_markers",

826Key826 type: "array<string>",

~~827~~ 827 description:

828`features.responses_websockets_v2`828 "List of project root marker filenames; used when searching parent directories for the project root.",

~~829~~ 829 },

830Type / Values830 {

~~831~~ 831 key: "project_doc_max_bytes",

832`boolean`832 type: "number",

~~833~~ 833 description:

834Details834 "Maximum bytes read from `AGENTS.md` when building project instructions.",

~~835~~ 835 },

836Enable Responses API WebSocket v2 mode (under development).836 {

~~837~~ 837 key: "project_doc_fallback_filenames",

838Key838 type: "array<string>",

~~839~~ 839 description: "Additional filenames to try when `AGENTS.md` is missing.",

840`features.runtime_metrics`840 },

~~841~~ 841 {

842Type / Values842 key: "profile",

~~843~~ 843 type: "string",

844`boolean`844 description:

~~845~~ 845 "Default profile applied at startup (equivalent to `--profile`).",

846Details846 },

~~847~~ 847 {

848Show runtime metrics summary in TUI turn separators (experimental).848 key: "profiles.<name>.*",

~~849~~ 849 type: "various",

850Key850 description:

~~851~~ 851 "Profile-scoped overrides for any of the supported configuration keys.",

852`features.search_tool`852 },

~~853~~ 853 {

854Type / Values854 key: "profiles.<name>.service_tier",

~~855~~ 855 type: "flex | fast",

856`boolean`856 description: "Profile-scoped service tier preference for new turns.",

~~857~~ 857 },

858Details858 {

~~859~~ 859 key: "profiles.<name>.plan_mode_reasoning_effort",

~~861~~ 861 description: "Profile-scoped Plan-mode reasoning override.",

862Key862 },

~~863~~ 863 {

864`features.shell_snapshot`864 key: "profiles.<name>.web_search",

~~865~~ 865 type: "disabled | cached | live",

866Type / Values866 description:

~~867~~ 867 'Profile-scoped web search mode override (default: `"cached"`).',

868`boolean`868 },

~~869~~ 869 {

870Details870 key: "profiles.<name>.personality",

~~871~~ 871 type: "none | friendly | pragmatic",

872Snapshot shell environment to speed up repeated commands (stable; on by default).872 description:

~~873~~ 873 "Profile-scoped communication style override for supported models.",

874Key874 },

~~875~~ 875 {

876`features.shell_tool`876 key: "profiles.<name>.model_catalog_json",

~~877~~ 877 type: "string (path)",

878Type / Values878 description:

~~879~~ 879 "Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile).",

880`boolean`880 },

~~881~~ 881 {

882Details882 key: "profiles.<name>.model_instructions_file",

~~883~~ 883 type: "string (path)",

884Enable the default `shell` tool for running commands (stable; on by default).884 description:

~~885~~ 885 "Profile-scoped replacement for the built-in instruction file.",

886Key886 },

~~887~~ 887 {

888`features.skill_env_var_dependency_prompt`888 key: "profiles.<name>.experimental_use_unified_exec_tool",

~~889~~ 889 type: "boolean",

890Type / Values890 description:

~~891~~ 891 "Legacy name for enabling unified exec; prefer `[features].unified_exec`.",

892`boolean`892 },

~~893~~ 893 {

894Details894 key: "profiles.<name>.oss_provider",

~~895~~ 895 type: "lmstudio | ollama",

896Prompt for missing skill environment-variable dependencies (under development).896 description: "Profile-scoped OSS provider for `--oss` sessions.",

~~897~~ 897 },

898Key898 {

~~899~~ 899 key: "profiles.<name>.tools_view_image",

900`features.skill_mcp_dependency_install`900 type: "boolean",

~~901~~ 901 description: "Enable or disable the `view_image` tool in that profile.",

902Type / Values902 },

~~903~~ 903 {

904`boolean`904 key: "profiles.<name>.analytics.enabled",

~~905~~ 905 type: "boolean",

906Details906 description: "Profile-scoped analytics enablement override.",

~~907~~ 907 },

908Allow prompting and installing missing MCP dependencies for skills (stable; on by default).908 {

~~909~~ 909 key: "profiles.<name>.windows.sandbox",

910Key910 type: "unelevated | elevated",

~~911~~ 911 description: "Profile-scoped Windows sandbox mode override.",

912`features.sqlite`912 },

~~913~~ 913 {

914Type / Values914 key: "history.persistence",

~~915~~ 915 type: "save-all | none",

916`boolean`916 description:

~~917~~ 917 "Control whether Codex saves session transcripts to history.jsonl.",

918Details918 },

~~919~~ 919 {

920Enable SQLite-backed state persistence (stable; on by default).920 key: "tool_output_token_limit",

~~921~~ 921 type: "number",

922Key922 description:

~~923~~ 923 "Token budget for storing individual tool/function outputs in history.",

924`features.steer`924 },

~~925~~ 925 {

926Type / Values926 key: "background_terminal_max_timeout",

~~927~~ 927 type: "number",

928`boolean`928 description:

~~929~~ 929 "Maximum poll window in milliseconds for empty `write_stdin` polls (background terminal polling). Default: `300000` (5 minutes). Replaces the older `background_terminal_timeout` key.",

930Details930 },

~~931~~ 931 {

932Legacy toggle from an earlier Enter/Tab steering rollout. Current builds always use the current steering behavior.932 key: "history.max_bytes",

~~933~~ 933 type: "number",

934Key934 description:

~~935~~ 935 "If set, caps the history file size in bytes by dropping oldest entries.",

936`features.undo`936 },

~~937~~ 937 {

938Type / Values938 key: "file_opener",

~~939~~ 939 type: "vscode | vscode-insiders | windsurf | cursor | none",

940`boolean`940 description:

~~941~~ 941 "URI scheme used to open citations from Codex output (default: `vscode`).",

942Details942 },

~~943~~ 943 {

944Enable undo support (stable; off by default).944 key: "otel.environment",

~~945~~ 945 type: "string",

946Key946 description:

~~947~~ 947 "Environment tag applied to emitted OpenTelemetry events (default: `dev`).",

948`features.unified_exec`948 },

~~949~~ 949 {

950Type / Values950 key: "otel.exporter",

~~951~~ 951 type: "none | otlp-http | otlp-grpc",

952`boolean`952 description:

~~953~~ 953 "Select the OpenTelemetry exporter and provide any endpoint metadata.",

954Details954 },

~~955~~ 955 {

956Use the unified PTY-backed exec tool (stable; enabled by default except on Windows).956 key: "otel.trace_exporter",

~~957~~ 957 type: "none | otlp-http | otlp-grpc",

958Key958 description:

~~959~~ 959 "Select the OpenTelemetry trace exporter and provide any endpoint metadata.",

960`features.use_linux_sandbox_bwrap`960 },

~~961~~ 961 {

962Type / Values962 key: "otel.metrics_exporter",

~~963~~ 963 type: "none | statsig | otlp-http | otlp-grpc",

964`boolean`964 description:

~~965~~ 965 "Select the OpenTelemetry metrics exporter (defaults to `statsig`).",

966Details966 },

~~967~~ 967 {

968Use the bubblewrap-based Linux sandbox pipeline (experimental; off by default).968 key: "otel.log_user_prompt",

~~969~~ 969 type: "boolean",

970Key970 description:

~~971~~ 971 "Opt in to exporting raw user prompts with OpenTelemetry logs.",

972`features.web_search`972 },

~~973~~ 973 {

974Type / Values974 key: "otel.exporter.<id>.endpoint",

~~975~~ 975 type: "string",

976`boolean`976 description: "Exporter endpoint for OTEL logs.",

~~977~~ 977 },

978Details978 {

~~979~~ 979 key: "otel.exporter.<id>.protocol",

980Deprecated legacy toggle; prefer the top-level `web_search` setting.980 type: "binary | json",

~~981~~ 981 description: "Protocol used by the OTLP/HTTP exporter.",

982Key982 },

~~983~~ 983 {

984`features.web_search_cached`984 key: "otel.exporter.<id>.headers",

~~985~~ 985 type: "map<string,string>",

986Type / Values986 description: "Static headers included with OTEL exporter requests.",

~~987~~ 987 },

988`boolean`988 {

~~989~~ 989 key: "otel.trace_exporter.<id>.endpoint",

990Details990 type: "string",

~~991~~ 991 description: "Trace exporter endpoint for OTEL logs.",

992Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`.992 },

~~993~~ 993 {

994Key994 key: "otel.trace_exporter.<id>.protocol",

~~995~~ 995 type: "binary | json",

996`features.web_search_request`996 description: "Protocol used by the OTLP/HTTP trace exporter.",

~~997~~ 997 },

998Type / Values998 {

~~999~~ 999 key: "otel.trace_exporter.<id>.headers",

1000`boolean`1000 type: "map<string,string>",

~~1001~~ 1001 description: "Static headers included with OTEL trace exporter requests.",

1002Details1002 },

~~1003~~ 1003 {

1004Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`.1004 key: "otel.exporter.<id>.tls.ca-certificate",

~~1005~~ 1005 type: "string",

1006Key1006 description: "CA certificate path for OTEL exporter TLS.",

~~1007~~ 1007 },

1008`feedback.enabled`1008 {

~~1009~~ 1009 key: "otel.exporter.<id>.tls.client-certificate",

1010Type / Values1010 type: "string",

~~1011~~ 1011 description: "Client certificate path for OTEL exporter TLS.",

1012`boolean`1012 },

~~1013~~ 1013 {

1014Details1014 key: "otel.exporter.<id>.tls.client-private-key",

~~1015~~ 1015 type: "string",

1016Enable feedback submission via `/feedback` across Codex surfaces (default: true).1016 description: "Client private key path for OTEL exporter TLS.",

~~1017~~ 1017 },

1018Key1018 {

~~1019~~ 1019 key: "otel.trace_exporter.<id>.tls.ca-certificate",

1020`file_opener`1020 type: "string",

~~1021~~ 1021 description: "CA certificate path for OTEL trace exporter TLS.",

1022Type / Values1022 },

~~1023~~ 1023 {

1024`vscode | vscode-insiders | windsurf | cursor | none`1024 key: "otel.trace_exporter.<id>.tls.client-certificate",

~~1025~~ 1025 type: "string",

1026Details1026 description: "Client certificate path for OTEL trace exporter TLS.",

~~1027~~ 1027 },

1028URI scheme used to open citations from Codex output (default: `vscode`).1028 {

~~1029~~ 1029 key: "otel.trace_exporter.<id>.tls.client-private-key",

1030Key1030 type: "string",

~~1031~~ 1031 description: "Client private key path for OTEL trace exporter TLS.",

1032`forced_chatgpt_workspace_id`1032 },

~~1033~~ 1033 {

1034Type / Values1034 key: "tui",

~~1035~~ 1035 type: "table",

1036`string (uuid)`1036 description:

~~1037~~ 1037 "TUI-specific options such as enabling inline desktop notifications.",

1038Details1038 },

~~1039~~ 1039 {

1040Limit ChatGPT logins to a specific workspace identifier.1040 key: "tui.notifications",

~~1041~~ 1041 type: "boolean | array<string>",

1042Key1042 description:

~~1043~~ 1043 "Enable TUI notifications; optionally restrict to specific event types.",

1044`forced_login_method`1044 },

~~1045~~ 1045 {

1046Type / Values1046 key: "tui.notification_method",

~~1047~~ 1047 type: "auto | osc9 | bel",

1048`chatgpt | api`1048 description:

~~1049~~ 1049 "Notification method for terminal notifications (default: auto).",

1050Details1050 },

~~1051~~ 1051 {

1052Restrict Codex to a specific authentication method.1052 key: "tui.notification_condition",

~~1053~~ 1053 type: "unfocused | always",

1054Key1054 description:

~~1055~~ 1055 "Control whether TUI notifications fire only when the terminal is unfocused or regardless of focus. Defaults to `unfocused`.",

1056`hide_agent_reasoning`1056 },

~~1057~~ 1057 {

1058Type / Values1058 key: "tui.animations",

~~1059~~ 1059 type: "boolean",

1060`boolean`1060 description:

~~1061~~ 1061 "Enable terminal animations (welcome screen, shimmer, spinner) (default: true).",

1062Details1062 },

~~1063~~ 1063 {

1064Suppress reasoning events in both the TUI and `codex exec` output.1064 key: "tui.alternate_screen",

~~1065~~ 1065 type: "auto | always | never",

1066Key1066 description:

~~1067~~ 1067 "Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback).",

1068`history.max_bytes`1068 },

~~1069~~ 1069 {

1070Type / Values1070 key: "tui.show_tooltips",

~~1071~~ 1071 type: "boolean",

1072`number`1072 description:

~~1073~~ 1073 "Show onboarding tooltips in the TUI welcome screen (default: true).",

1074Details1074 },

~~1075~~ 1075 {

1076If set, caps the history file size in bytes by dropping oldest entries.1076 key: "tui.status_line",

~~1077~~ 1077 type: "array<string> | null",

1078Key1078 description:

~~1079~~ 1079 "Ordered list of TUI footer status-line item identifiers. `null` disables the status line.",

1080`history.persistence`1080 },

~~1081~~ 1081 {

1082Type / Values1082 key: "tui.terminal_title",

~~1083~~ 1083 type: "array<string> | null",

1084`save-all | none`1084 description:

~~1085~~ 1085 'Ordered list of terminal window/tab title item identifiers. Defaults to `["spinner", "project"]`; `null` disables title updates.',

1086Details1086 },

~~1087~~ 1087 {

1088Control whether Codex saves session transcripts to history.jsonl.1088 key: "tui.theme",

~~1089~~ 1089 type: "string",

1090Key1090 description:

~~1091~~ 1091 "Syntax-highlighting theme override (kebab-case theme name).",

1092`instructions`1092 },

~~1093~~ 1093 {

1094Type / Values1094 key: "tui.keymap.<context>.<action>",

~~1095~~ 1095 type: "string | array<string>",

1096`string`1096 description:

~~1097~~ 1097 "Keyboard shortcut binding for a TUI action. Supported contexts include `global`, `chat`, `composer`, `editor`, `pager`, `list`, and `approval`; context-specific bindings override `tui.keymap.global`.",

1098Details1098 },

~~1099~~ 1099 {

1100Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`.1100 key: "tui.keymap.<context>.<action> = []",

~~1101~~ 1101 type: "empty array",

1102Key1102 description:

~~1103~~ 1103 "Unbind the action in that keymap context. Key names use normalized strings such as `ctrl-a`, `shift-enter`, or `page-down`.",

1104`log_dir`1104 },

~~1105~~ 1105 {

1106Type / Values1106 key: "tui.model_availability_nux.<model>",

~~1107~~ 1107 type: "integer",

1108`string (path)`1108 description: "Internal startup-tooltip state keyed by model slug.",

~~1109~~ 1109 },

1110Details1110 {

~~1111~~ 1111 key: "hide_agent_reasoning",

1112Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`.1112 type: "boolean",

~~1113~~ 1113 description:

1114Key1114 "Suppress reasoning events in both the TUI and `codex exec` output.",

~~1115~~ 1115 },

1116`mcp_oauth_callback_port`1116 {

~~1117~~ 1117 key: "show_raw_agent_reasoning",

1118Type / Values1118 type: "boolean",

~~1119~~ 1119 description:

1120`integer`1120 "Surface raw reasoning content when the active model emits it.",

~~1121~~ 1121 },

1122Details1122 {

~~1123~~ 1123 key: "disable_paste_burst",

1124Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS.1124 type: "boolean",

~~1125~~ 1125 description: "Disable burst-paste detection in the TUI.",

1126Key1126 },

~~1127~~ 1127 {

1128`mcp_oauth_callback_url`1128 key: "windows_wsl_setup_acknowledged",

~~1129~~ 1129 type: "boolean",

1130Type / Values1130 description: "Track Windows onboarding acknowledgement (Windows only).",

~~1131~~ 1131 },

1132`string`1132 {

~~1133~~ 1133 key: "chatgpt_base_url",

1134Details1134 type: "string",

~~1135~~ 1135 description: "Override the base URL used during the ChatGPT login flow.",

1136Optional redirect URI override for MCP OAuth login (for example, a devbox ingress URL). `mcp_oauth_callback_port` still controls the callback listener port.1136 },

~~1137~~ 1137 {

1138Key1138 key: "cli_auth_credentials_store",

~~1139~~ 1139 type: "file | keyring | auto",

1140`mcp_oauth_credentials_store`1140 description:

~~1141~~ 1141 "Control where the CLI stores cached credentials (file-based auth.json vs OS keychain).",

1142Type / Values1142 },

~~1143~~ 1143 {

1144`auto | file | keyring`1144 key: "mcp_oauth_credentials_store",

~~1145~~ 1145 type: "auto | file | keyring",

1146Details1146 description: "Preferred store for MCP OAuth credentials.",

~~1147~~ 1147 },

1148Preferred store for MCP OAuth credentials.1148 {

~~1149~~ 1149 key: "mcp_oauth_callback_port",

1150Key1150 type: "integer",

~~1151~~ 1151 description:

1152`mcp_servers.<id>.args`1152 "Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS.",

~~1153~~ 1153 },

1154Type / Values1154 {

~~1155~~ 1155 key: "mcp_oauth_callback_url",

1156`array<string>`1156 type: "string",

~~1157~~ 1157 description:

1158Details1158 "Optional redirect URI override for MCP OAuth login (for example, a devbox ingress URL). `mcp_oauth_callback_port` still controls the callback listener port.",

~~1159~~ 1159 },

1160Arguments passed to the MCP stdio server command.1160 {

~~1161~~ 1161 key: "experimental_use_unified_exec_tool",

1162Key1162 type: "boolean",

~~1163~~ 1163 description:

1164`mcp_servers.<id>.bearer_token_env_var`1164 "Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`.",

~~1165~~ 1165 },

1166Type / Values1166 {

~~1167~~ 1167 key: "tools.web_search",

1168`string`1168 type: 'boolean | { context_size = "low|medium|high", allowed_domains = [string], location = { country, region, city, timezone } }',

~~1169~~ 1169 description:

1170Details1170 "Optional web search tool configuration. The legacy boolean form is still accepted, but the object form lets you set search context size, allowed domains, and approximate user location.",

~~1171~~ 1171 },

1172Environment variable sourcing the bearer token for an MCP HTTP server.1172 {

~~1173~~ 1173 key: "tools.view_image",

1174Key1174 type: "boolean",

~~1175~~ 1175 description: "Enable the local-image attachment tool `view_image`.",

1176`mcp_servers.<id>.command`1176 },

~~1177~~ 1177 {

1178Type / Values1178 key: "web_search",

~~1179~~ 1179 type: "disabled | cached | live",

1180`string`1180 description:

~~1181~~ 1181 'Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool.',

1182Details1182 },

~~1183~~ 1183 {

1184Launcher command for an MCP stdio server.1184 key: "default_permissions",

~~1185~~ 1185 type: "string",

1186Key1186 description:

~~1187~~ 1187 "Name of the default permissions profile to apply to sandboxed tool calls. Built-ins are `:read-only`, `:workspace`, and `:danger-no-sandbox`; custom profile names require matching `[permissions.<name>]` tables.",

1188`mcp_servers.<id>.cwd`1188 },

~~1189~~ 1189 {

1190Type / Values1190 key: "permissions.<name>.filesystem",

~~1191~~ 1191 type: "table",

1192`string`1192 description:

~~1193~~ 1193 "Named filesystem permission profile. Each key is an absolute path or special token such as `:minimal` or `:project_roots`.",

1194Details1194 },

~~1195~~ 1195 {

1196Working directory for the MCP stdio server process.1196 key: "permissions.<name>.filesystem.glob_scan_max_depth",

~~1197~~ 1197 type: "number",

1198Key1198 description:

~~1199~~ 1199 "Maximum depth for expanding deny-read glob patterns on platforms that snapshot matches before sandbox startup. Must be at least `1` when set.",

1200`mcp_servers.<id>.disabled_tools`1200 },

~~1201~~ 1201 {

1202Type / Values1202 key: "permissions.<name>.filesystem.<path-or-glob>",

~~1203~~ 1203 type: '"read" | "write" | "none" | table',

1204`array<string>`1204 description:

~~1205~~ 1205 'Grant direct access for a path, glob pattern, or special token, or scope nested entries under that root. Use `"none"` to deny reads for matching paths.',

1206Details1206 },

~~1207~~ 1207 {

1208Deny list applied after `enabled_tools` for the MCP server.1208 key: 'permissions.<name>.filesystem.":project_roots".<subpath-or-glob>',

~~1209~~ 1209 type: '"read" | "write" | "none"',

1210Key1210 description:

~~1211~~ 1211 'Scoped filesystem access relative to the detected project roots. Use `"."` for the root itself; glob subpaths such as `"**/*.env"` can deny reads with `"none"`.',

1212`mcp_servers.<id>.enabled`1212 },

~~1213~~ 1213 {

1214Type / Values1214 key: "permissions.<name>.network.enabled",

~~1215~~ 1215 type: "boolean",

1216`boolean`1216 description: "Enable network access for this named permissions profile.",

~~1217~~ 1217 },

1218Details1218 {

~~1219~~ 1219 key: "permissions.<name>.network.proxy_url",

1220Disable an MCP server without removing its configuration.1220 type: "string",

~~1221~~ 1221 description:

1222Key1222 "HTTP proxy endpoint used when this permissions profile enables the managed network proxy.",

~~1223~~ 1223 },

1224`mcp_servers.<id>.enabled_tools`1224 {

~~1225~~ 1225 key: "permissions.<name>.network.enable_socks5",

1226Type / Values1226 type: "boolean",

~~1227~~ 1227 description:

1228`array<string>`1228 "Expose a SOCKS5 listener when this permissions profile enables the managed network proxy.",

~~1229~~ 1229 },

1230Details1230 {

~~1231~~ 1231 key: "permissions.<name>.network.socks_url",

1232Allow list of tool names exposed by the MCP server.1232 type: "string",

~~1233~~ 1233 description: "SOCKS5 proxy endpoint used by this permissions profile.",

1234Key1234 },

~~1235~~ 1235 {

1236`mcp_servers.<id>.env`1236 key: "permissions.<name>.network.enable_socks5_udp",

~~1237~~ 1237 type: "boolean",

1238Type / Values1238 description: "Allow UDP over the SOCKS5 listener when enabled.",

~~1239~~ 1239 },

1240`map<string,string>`1240 {

~~1241~~ 1241 key: "permissions.<name>.network.allow_upstream_proxy",

1242Details1242 type: "boolean",

~~1243~~ 1243 description:

1244Environment variables forwarded to the MCP stdio server.1244 "Allow the managed proxy to chain to another upstream proxy.",

~~1245~~ 1245 },

1246Key1246 {

~~1247~~ 1247 key: "permissions.<name>.network.dangerously_allow_non_loopback_proxy",

1248`mcp_servers.<id>.env_http_headers`1248 type: "boolean",

~~1249~~ 1249 description:

1250Type / Values1250 "Permit non-loopback bind addresses for the managed proxy listener.",

~~1251~~ 1251 },

1252`map<string,string>`1252 {

~~1253~~ 1253 key: "permissions.<name>.network.dangerously_allow_all_unix_sockets",

1254Details1254 type: "boolean",

~~1255~~ 1255 description:

1256HTTP headers populated from environment variables for an MCP HTTP server.1256 "Allow the proxy to use arbitrary Unix sockets instead of the default restricted set.",

~~1257~~ 1257 },

1258Key1258 {

~~1259~~ 1259 key: "permissions.<name>.network.mode",

1260`mcp_servers.<id>.env_vars`1260 type: "limited | full",

~~1261~~ 1261 description: "Network proxy mode used for subprocess traffic.",

1262Type / Values1262 },

~~1263~~ 1263 {

1264`array<string>`1264 key: "permissions.<name>.network.domains",

~~1265~~ 1265 type: "map<string, allow | deny>",

1266Details1266 description:

~~1267~~ 1267 "Domain rules for the managed proxy. Use domain names or wildcard patterns as keys, with `allow` or `deny` values.",

1268Additional environment variables to whitelist for an MCP stdio server.1268 },

~~1269~~ 1269 {

1270Key1270 key: "permissions.<name>.network.unix_sockets",

~~1271~~ 1271 type: "map<string, allow | none>",

1272`mcp_servers.<id>.http_headers`1272 description:

~~1273~~ 1273 "Unix socket rules for the managed proxy. Use socket paths as keys, with `allow` or `none` values.",

1274Type / Values1274 },

~~1275~~ 1275 {

1276`map<string,string>`1276 key: "permissions.<name>.network.allow_local_binding",

~~1277~~ 1277 type: "boolean",

1278Details1278 description:

~~1279~~ 1279 "Permit local bind/listen operations through the managed proxy.",

1280Static HTTP headers included with each MCP HTTP request.1280 },

~~1281~~ 1281 {

1282Key1282 key: "projects.<path>.trust_level",

~~1283~~ 1283 type: "string",

1284`mcp_servers.<id>.oauth_resource`1284 description:

~~1285~~ 1285 'Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers, including project-local config, hooks, and rules.',

1286Type / Values1286 },

~~1287~~ 1287 {

1288`string`1288 key: "notice.hide_full_access_warning",

~~1289~~ 1289 type: "boolean",

1290Details1290 description: "Track acknowledgement of the full access warning prompt.",

~~1291~~ 1291 },

1292Optional RFC 8707 OAuth resource parameter to include during MCP login.1292 {

~~1293~~ 1293 key: "notice.hide_world_writable_warning",

1294Key1294 type: "boolean",

~~1295~~ 1295 description:

1296`mcp_servers.<id>.required`1296 "Track acknowledgement of the Windows world-writable directories warning.",

~~1297~~ 1297 },

1298Type / Values1298 {

~~1299~~ 1299 key: "notice.hide_rate_limit_model_nudge",

1300`boolean`1300 type: "boolean",

~~1301~~ 1301 description: "Track opt-out of the rate limit model switch reminder.",

1302Details1302 },

~~1303~~ 1303 {

1304When true, fail startup/resume if this enabled MCP server cannot initialize.1304 key: "notice.hide_gpt5_1_migration_prompt",

~~1305~~ 1305 type: "boolean",

1306Key1306 description: "Track acknowledgement of the GPT-5.1 migration prompt.",

~~1307~~ 1307 },

1308`mcp_servers.<id>.scopes`1308 {

~~1309~~ 1309 key: "notice.hide_gpt-5.1-codex-max_migration_prompt",

1310Type / Values1310 type: "boolean",

~~1311~~ 1311 description:

1312`array<string>`1312 "Track acknowledgement of the gpt-5.1-codex-max migration prompt.",

~~1313~~ 1313 },

1314Details1314 {

~~1315~~ 1315 key: "notice.model_migrations",

1316OAuth scopes to request when authenticating to that MCP server.1316 type: "map<string,string>",

~~1317~~ 1317 description: "Track acknowledged model migrations as old->new mappings.",

1318Key1318 },

~~1319~~ 1319 {

1320`mcp_servers.<id>.startup_timeout_ms`1320 key: "forced_login_method",

~~1321~~ 1321 type: "chatgpt | api",

1322Type / Values1322 description: "Restrict Codex to a specific authentication method.",

~~1323~~ 1323 },

1324`number`1324 {

~~1325~~ 1325 key: "forced_chatgpt_workspace_id",

1326Details1326 type: "string (uuid)",

~~1327~~ 1327 description: "Limit ChatGPT logins to a specific workspace identifier.",

1328Alias for `startup_timeout_sec` in milliseconds.1328 },

~~1329~~ 1329 ]}

1330Key1330 client:load

~~1331~~ 1331/>

1332`mcp_servers.<id>.startup_timeout_sec`

~~1333~~

1334Type / Values

~~1335~~

1336`number`

~~1337~~

1338Details

~~1339~~

1340Override the default 10s startup timeout for an MCP server.

~~1341~~

1342Key

~~1343~~

1344`mcp_servers.<id>.tool_timeout_sec`

~~1345~~

1346Type / Values

~~1347~~

1348`number`

~~1349~~

1350Details

~~1351~~

1352Override the default 60s per-tool timeout for an MCP server.

~~1353~~

1354Key

~~1355~~

1356`mcp_servers.<id>.url`

~~1357~~

1358Type / Values

~~1359~~

1360`string`

~~1361~~

1362Details

~~1363~~

1364Endpoint for an MCP streamable HTTP server.

~~1365~~

1366Key

~~1367~~

1368`model`

~~1369~~

1370Type / Values

~~1371~~

1372`string`

~~1373~~

1374Details

~~1375~~

1376Model to use (e.g., `gpt-5-codex`).

~~1377~~

1378Key

~~1379~~

1380`model_auto_compact_token_limit`

~~1381~~

1382Type / Values

~~1383~~

1384`number`

~~1385~~

1386Details

~~1387~~

1388Token threshold that triggers automatic history compaction (unset uses model defaults).

~~1389~~

1390Key

~~1391~~

1392`model_catalog_json`

~~1393~~

1394Type / Values

~~1395~~

1396`string (path)`

~~1397~~

1398Details

~~1399~~

1400Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile.

~~1401~~

1402Key

~~1403~~

1404`model_context_window`

~~1405~~

1406Type / Values

~~1407~~

1408`number`

~~1409~~

1410Details

~~1411~~

1412Context window tokens available to the active model.

~~1413~~

1414Key

~~1415~~

1416`model_instructions_file`

~~1417~~

1418Type / Values

~~1419~~

1420`string (path)`

~~1421~~

1422Details

~~1423~~

1424Replacement for built-in instructions instead of `AGENTS.md`.

~~1425~~

1426Key

~~1427~~

1428`model_provider`

~~1429~~

1430Type / Values

~~1431~~

1432`string`

~~1433~~

1434Details

~~1435~~

1436Provider id from `model_providers` (default: `openai`).

~~1437~~

1438Key

~~1439~~

1440`model_providers.<id>.base_url`

~~1441~~

1442Type / Values

~~1443~~

1444`string`

~~1445~~

1446Details

~~1447~~

1448API base URL for the model provider.

~~1449~~

1450Key

~~1451~~

1452`model_providers.<id>.env_http_headers`

~~1453~~

1454Type / Values

~~1455~~

1456`map<string,string>`

~~1457~~

1458Details

~~1459~~

1460HTTP headers populated from environment variables when present.

~~1461~~

1462Key

~~1463~~

1464`model_providers.<id>.env_key`

~~1465~~

1466Type / Values

~~1467~~

1468`string`

~~1469~~

1470Details

~~1471~~

1472Environment variable supplying the provider API key.

~~1473~~

1474Key

~~1475~~

1476`model_providers.<id>.env_key_instructions`

~~1477~~

1478Type / Values

~~1479~~

1480`string`

~~1481~~

1482Details

~~1483~~

1484Optional setup guidance for the provider API key.

~~1485~~

1486Key

~~1487~~

1488`model_providers.<id>.experimental_bearer_token`

~~1489~~

1490Type / Values

~~1491~~

1492`string`

~~1493~~

1494Details

~~1495~~

1496Direct bearer token for the provider (discouraged; use `env_key`).

~~1497~~

1498Key

~~1499~~

1500`model_providers.<id>.http_headers`

~~1501~~

1502Type / Values

~~1503~~

1504`map<string,string>`

~~1505~~

1506Details

~~1507~~

1508Static HTTP headers added to provider requests.

~~1509~~

1510Key

~~1511~~

1512`model_providers.<id>.name`

~~1513~~

1514Type / Values

~~1515~~

1516`string`

~~1517~~

1518Details

~~1519~~

1520Display name for a custom model provider.

~~1521~~

1522Key

~~1523~~

1524`model_providers.<id>.query_params`

~~1525~~

1526Type / Values

~~1527~~

1528`map<string,string>`

~~1529~~

1530Details

~~1531~~

1532Extra query parameters appended to provider requests.

~~1533~~

1534Key

~~1535~~

1536`model_providers.<id>.request_max_retries`

~~1537~~

1538Type / Values

~~1539~~

1540`number`

~~1541~~

1542Details

~~1543~~

1544Retry count for HTTP requests to the provider (default: 4).

~~1545~~

1546Key

~~1547~~

1548`model_providers.<id>.requires_openai_auth`

~~1549~~

1550Type / Values

~~1551~~

1552`boolean`

~~1553~~

1554Details

~~1555~~

1556The provider uses OpenAI authentication (defaults to false).

~~1557~~

1558Key

~~1559~~

1560`model_providers.<id>.stream_idle_timeout_ms`

~~1561~~

1562Type / Values

~~1563~~

1564`number`

~~1565~~

1566Details

~~1567~~

1568Idle timeout for SSE streams in milliseconds (default: 300000).

~~1569~~

1570Key

~~1571~~

1572`model_providers.<id>.stream_max_retries`

~~1573~~

1574Type / Values

~~1575~~

1576`number`

~~1577~~

1578Details

~~1579~~

1580Retry count for SSE streaming interruptions (default: 5).

~~1581~~

1582Key

~~1583~~

1584`model_providers.<id>.supports_websockets`

~~1585~~

1586Type / Values

~~1587~~

1588`boolean`

~~1589~~

1590Details

~~1591~~

1592Whether that provider supports the Responses API WebSocket transport.

~~1593~~

1594Key

~~1595~~

1596`model_providers.<id>.wire_api`

~~1597~~

1598Type / Values

~~1599~~

1600`responses`

~~1601~~

1602Details

~~1603~~

1604Protocol used by the provider. `responses` is the only supported value, and it is the default when omitted.

~~1605~~

1606Key

~~1607~~

1608`model_reasoning_effort`

~~1609~~

1610Type / Values

~~1611~~

1612`minimal | low | medium | high | xhigh`

~~1613~~

1614Details

~~1615~~

1616Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent).

~~1617~~

1618Key

~~1619~~

1620`model_reasoning_summary`

~~1621~~

1622Type / Values

~~1623~~

1624`auto | concise | detailed | none`

~~1625~~

1626Details

~~1627~~

1628Select reasoning summary detail or disable summaries entirely.

~~1629~~

1630Key

~~1631~~

1632`model_supports_reasoning_summaries`

~~1633~~

1634Type / Values

~~1635~~

1636`boolean`

~~1637~~

1638Details

~~1639~~

1640Force Codex to send or not send reasoning metadata.

~~1641~~

1642Key

~~1643~~

1644`model_verbosity`

~~1645~~

1646Type / Values

~~1647~~

1648`low | medium | high`

~~1649~~

1650Details

~~1651~~

1652Optional GPT-5 Responses API verbosity override; when unset, the selected model/preset default is used.

~~1653~~

1654Key

~~1655~~

1656`notice.hide_full_access_warning`

~~1657~~

1658Type / Values

~~1659~~

1660`boolean`

~~1661~~

1662Details

~~1663~~

1664Track acknowledgement of the full access warning prompt.

~~1665~~

1666Key

~~1667~~

1668`notice.hide_gpt-5.1-codex-max_migration_prompt`

~~1669~~

1670Type / Values

~~1671~~

1672`boolean`

~~1673~~

1674Details

~~1675~~

1676Track acknowledgement of the gpt-5.1-codex-max migration prompt.

~~1677~~

1678Key

~~1679~~

1680`notice.hide_gpt5_1_migration_prompt`

~~1681~~

1682Type / Values

~~1683~~

1684`boolean`

~~1685~~

1686Details

~~1687~~

1688Track acknowledgement of the GPT-5.1 migration prompt.

~~1689~~

1690Key

~~1691~~

1692`notice.hide_rate_limit_model_nudge`

~~1693~~

1694Type / Values

~~1695~~

1696`boolean`

~~1697~~

1698Details

~~1699~~

1700Track opt-out of the rate limit model switch reminder.

~~1701~~

1702Key

~~1703~~

1704`notice.hide_world_writable_warning`

~~1705~~

1706Type / Values

~~1707~~

1708`boolean`

~~1709~~

1710Details

~~1711~~

1712Track acknowledgement of the Windows world-writable directories warning.

~~1713~~

1714Key

~~1715~~

1716`notice.model_migrations`

~~1717~~

1718Type / Values

~~1719~~

1720`map<string,string>`

~~1721~~

1722Details

~~1723~~

1724Track acknowledged model migrations as old->new mappings.

~~1725~~

1726Key

~~1727~~

1728`notify`

~~1729~~

1730Type / Values

~~1731~~

1732`array<string>`

~~1733~~

1734Details

~~1735~~

1736Command invoked for notifications; receives a JSON payload from Codex.

~~1737~~

1738Key

~~1739~~

1740`oss_provider`

~~1741~~

1742Type / Values

~~1743~~

1744`lmstudio | ollama`

~~1745~~

1746Details

~~1747~~

1748Default local provider used when running with `--oss` (defaults to prompting if unset).

~~1749~~

1750Key

~~1751~~

1752`otel.environment`

~~1753~~

1754Type / Values

~~1755~~

1756`string`

~~1757~~

1758Details

~~1759~~

1760Environment tag applied to emitted OpenTelemetry events (default: `dev`).

~~1761~~

1762Key

~~1763~~

1764`otel.exporter`

~~1765~~

1766Type / Values

~~1767~~

1768`none | otlp-http | otlp-grpc`

~~1769~~

1770Details

~~1771~~

1772Select the OpenTelemetry exporter and provide any endpoint metadata.

~~1773~~

1774Key

~~1775~~

1776`otel.exporter.<id>.endpoint`

~~1777~~

1778Type / Values

~~1779~~

1780`string`

~~1781~~

1782Details

~~1783~~

1784Exporter endpoint for OTEL logs.

~~1785~~

1786Key

~~1787~~

1788`otel.exporter.<id>.headers`

~~1789~~

1790Type / Values

~~1791~~

1792`map<string,string>`

~~1793~~

1794Details

~~1795~~

1796Static headers included with OTEL exporter requests.

~~1797~~

1798Key

~~1799~~

1800`otel.exporter.<id>.protocol`

~~1801~~

1802Type / Values

~~1803~~

1804`binary | json`

~~1805~~

1806Details

~~1807~~

1808Protocol used by the OTLP/HTTP exporter.

~~1809~~

1810Key

~~1811~~

1812`otel.exporter.<id>.tls.ca-certificate`

~~1813~~

1814Type / Values

~~1815~~

1816`string`

~~1817~~

1818Details

~~1819~~

1820CA certificate path for OTEL exporter TLS.

~~1821~~

1822Key

~~1823~~

1824`otel.exporter.<id>.tls.client-certificate`

~~1825~~

1826Type / Values

~~1827~~

1828`string`

~~1829~~

1830Details

~~1831~~

1832Client certificate path for OTEL exporter TLS.

~~1833~~

1834Key

~~1835~~

1836`otel.exporter.<id>.tls.client-private-key`

~~1837~~

1838Type / Values

~~1839~~

1840`string`

~~1841~~

1842Details

~~1843~~

1844Client private key path for OTEL exporter TLS.

~~1845~~

1846Key

~~1847~~

1848`otel.log_user_prompt`

~~1849~~

1850Type / Values

~~1851~~

1852`boolean`

~~1853~~

1854Details

~~1855~~

1856Opt in to exporting raw user prompts with OpenTelemetry logs.

~~1857~~

1858Key

~~1859~~

1860`otel.metrics_exporter`

~~1861~~

1862Type / Values

~~1863~~

1864`none | statsig | otlp-http | otlp-grpc`

~~1865~~

1866Details

~~1867~~

1868Select the OpenTelemetry metrics exporter (defaults to `statsig`).

~~1869~~

1870Key

~~1871~~

1872`otel.trace_exporter`

~~1873~~

1874Type / Values

~~1875~~

1876`none | otlp-http | otlp-grpc`

~~1877~~

1878Details

~~1879~~

1880Select the OpenTelemetry trace exporter and provide any endpoint metadata.

~~1881~~

1882Key

~~1883~~

1884`otel.trace_exporter.<id>.endpoint`

~~1885~~

1886Type / Values

~~1887~~

1888`string`

~~1889~~

1890Details

~~1891~~

1892Trace exporter endpoint for OTEL logs.

~~1893~~

1894Key

~~1895~~

1896`otel.trace_exporter.<id>.headers`

~~1897~~

1898Type / Values

~~1899~~

1900`map<string,string>`

~~1901~~

1902Details

~~1903~~

1904Static headers included with OTEL trace exporter requests.

~~1905~~

1906Key

~~1907~~

1908`otel.trace_exporter.<id>.protocol`

~~1909~~

1910Type / Values

~~1911~~

1912`binary | json`

~~1913~~

1914Details

~~1915~~

1916Protocol used by the OTLP/HTTP trace exporter.

~~1917~~

1918Key

~~1919~~

1920`otel.trace_exporter.<id>.tls.ca-certificate`

~~1921~~

1922Type / Values

~~1923~~

1924`string`

~~1925~~

1926Details

~~1927~~

1928CA certificate path for OTEL trace exporter TLS.

~~1929~~

1930Key

~~1931~~

1932`otel.trace_exporter.<id>.tls.client-certificate`

~~1933~~

1934Type / Values

~~1935~~

1936`string`

~~1937~~

1938Details

~~1939~~

1940Client certificate path for OTEL trace exporter TLS.

~~1941~~

1942Key

~~1943~~

1944`otel.trace_exporter.<id>.tls.client-private-key`

~~1945~~

1946Type / Values

~~1947~~

1948`string`

~~1949~~

1950Details

~~1951~~

1952Client private key path for OTEL trace exporter TLS.

~~1953~~

1954Key

~~1955~~

1956`permissions.network.admin_url`

~~1957~~

1958Type / Values

~~1959~~

1960`string`

~~1961~~

1962Details

~~1963~~

1964Admin endpoint for the managed network proxy.

~~1965~~

1966Key

~~1967~~

1968`permissions.network.allow_local_binding`

~~1969~~

1970Type / Values

~~1971~~

1972`boolean`

~~1973~~

1974Details

~~1975~~

1976Permit local bind/listen operations through the managed proxy.

~~1977~~

1978Key

~~1979~~

1980`permissions.network.allow_unix_sockets`

~~1981~~

1982Type / Values

~~1983~~

1984`array<string>`

~~1985~~

1986Details

~~1987~~

1988Allowlist of Unix socket paths permitted through the managed proxy.

~~1989~~

1990Key

~~1991~~

1992`permissions.network.allow_upstream_proxy`

~~1993~~

1994Type / Values

~~1995~~

1996`boolean`

~~1997~~

1998Details

~~1999~~

2000Allow the managed proxy to chain to another upstream proxy.

~~2001~~

2002Key

~~2003~~

2004`permissions.network.allowed_domains`

~~2005~~

2006Type / Values

~~2007~~

2008`array<string>`

~~2009~~

2010Details

~~2011~~

2012Allowlist of domains permitted through the managed proxy.

~~2013~~

2014Key

~~2015~~

2016`permissions.network.dangerously_allow_all_unix_sockets`

~~2017~~

2018Type / Values

~~2019~~

2020`boolean`

~~2021~~

2022Details

~~2023~~

2024Allow the proxy to use arbitrary Unix sockets instead of the default restricted set.

~~2025~~

2026Key

~~2027~~

2028`permissions.network.dangerously_allow_non_loopback_admin`

~~2029~~

2030Type / Values

~~2031~~

2032`boolean`

~~2033~~

2034Details

~~2035~~

2036Permit non-loopback bind addresses for the managed proxy admin listener.

~~2037~~

2038Key

~~2039~~

2040`permissions.network.dangerously_allow_non_loopback_proxy`

~~2041~~

2042Type / Values

~~2043~~

2044`boolean`

~~2045~~

2046Details

~~2047~~

2048Permit non-loopback bind addresses for the managed proxy listener.

~~2049~~

2050Key

~~2051~~

2052`permissions.network.denied_domains`

~~2053~~

2054Type / Values

~~2055~~

2056`array<string>`

~~2057~~

2058Details

~~2059~~

2060Denylist of domains blocked by the managed proxy.

~~2061~~

2062Key

~~2063~~

2064`permissions.network.enable_socks5`

~~2065~~

2066Type / Values

~~2067~~

2068`boolean`

~~2069~~

2070Details

~~2071~~

2072Expose a SOCKS5 listener from the managed network proxy.

~~2073~~

2074Key

~~2075~~

2076`permissions.network.enable_socks5_udp`

~~2077~~

2078Type / Values

~~2079~~

2080`boolean`

~~2081~~

2082Details

~~2083~~

2084Allow UDP over the SOCKS5 listener when enabled.

~~2085~~

2086Key

~~2087~~

2088`permissions.network.enabled`

~~2089~~

2090Type / Values

~~2091~~

2092`boolean`

~~2093~~

2094Details

~~2095~~

2096Enable the managed network proxy configuration for subprocesses.

~~2097~~

2098Key

~~2099~~

2100`permissions.network.mode`

~~2101~~

2102Type / Values

~~2103~~

2104`limited | full`

~~2105~~

2106Details

~~2107~~

2108Network proxy mode used for subprocess traffic.

~~2109~~

2110Key

~~2111~~

2112`permissions.network.proxy_url`

~~2113~~

2114Type / Values

~~2115~~

2116`string`

~~2117~~

2118Details

~~2119~~

2120HTTP proxy endpoint used by the managed network proxy.

~~2121~~

2122Key

~~2123~~

2124`permissions.network.socks_url`

~~2125~~

2126Type / Values

~~2127~~

2128`string`

~~2129~~

2130Details

~~2131~~

2132SOCKS5 proxy endpoint used by the managed network proxy.

~~2133~~

2134Key

~~2135~~

2136`personality`

~~2137~~

2138Type / Values

~~2139~~

2140`none | friendly | pragmatic`

~~2141~~

2142Details

~~2143~~

2144Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`.

~~2145~~

2146Key

~~2147~~

2148`plan_mode_reasoning_effort`

~~2149~~

2150Type / Values

~~2151~~

~~2153~~

2154Details

~~2155~~

2156Plan-mode-specific reasoning override. When unset, Plan mode uses its built-in preset default.

~~2157~~

2158Key

~~2159~~

2160`profile`

~~2161~~

2162Type / Values

~~2163~~

2164`string`

~~2165~~

2166Details

~~2167~~

2168Default profile applied at startup (equivalent to `--profile`).

~~2169~~

2170Key

~~2171~~

2172`profiles.<name>.*`

~~2173~~

2174Type / Values

~~2175~~

2176`various`

~~2177~~

2178Details

~~2179~~

2180Profile-scoped overrides for any of the supported configuration keys.

~~2181~~

2182Key

~~2183~~

2184`profiles.<name>.analytics.enabled`

~~2185~~

2186Type / Values

~~2187~~

2188`boolean`

~~2189~~

2190Details

~~2191~~

2192Profile-scoped analytics enablement override.

~~2193~~

2194Key

~~2195~~

2196`profiles.<name>.experimental_use_unified_exec_tool`

~~2197~~

2198Type / Values

~~2199~~

2200`boolean`

~~2201~~

2202Details

~~2203~~

2204Legacy name for enabling unified exec; prefer `[features].unified_exec`.

~~2205~~

2206Key

~~2207~~

2208`profiles.<name>.model_catalog_json`

~~2209~~

2210Type / Values

~~2211~~

2212`string (path)`

~~2213~~

2214Details

~~2215~~

2216Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile).

~~2217~~

2218Key

~~2219~~

2220`profiles.<name>.model_instructions_file`

~~2221~~

2222Type / Values

~~2223~~

2224`string (path)`

~~2225~~

2226Details

~~2227~~

2228Profile-scoped replacement for the built-in instruction file.

~~2229~~

2230Key

~~2231~~

2232`profiles.<name>.oss_provider`

~~2233~~

2234Type / Values

~~2235~~

2236`lmstudio | ollama`

~~2237~~

2238Details

~~2239~~

2240Profile-scoped OSS provider for `--oss` sessions.

~~2241~~

2242Key

~~2243~~

2244`profiles.<name>.personality`

~~2245~~

2246Type / Values

~~2247~~

2248`none | friendly | pragmatic`

~~2249~~

2250Details

~~2251~~

2252Profile-scoped communication style override for supported models.

~~2253~~

2254Key

~~2255~~

2256`profiles.<name>.plan_mode_reasoning_effort`

~~2257~~

2258Type / Values

~~2259~~

~~2261~~

2262Details

~~2263~~

2264Profile-scoped Plan-mode reasoning override.

~~2265~~

2266Key

~~2267~~

2268`profiles.<name>.service_tier`

~~2269~~

2270Type / Values

~~2271~~

2272`flex | fast`

~~2273~~

2274Details

~~2275~~

2276Profile-scoped service tier preference for new turns.

~~2277~~

2278Key

~~2279~~

2280`profiles.<name>.tools_view_image`

~~2281~~

2282Type / Values

~~2283~~

2284`boolean`

~~2285~~

2286Details

~~2287~~

2288Enable or disable the `view_image` tool in that profile.

~~2289~~

2290Key

~~2291~~

2292`profiles.<name>.web_search`

~~2293~~

2294Type / Values

~~2295~~

2296`disabled | cached | live`

~~2297~~

2298Details

~~2299~~

2300Profile-scoped web search mode override (default: `"cached"`).

~~2301~~

2302Key

~~2303~~

2304`profiles.<name>.windows.sandbox`

~~2305~~

2306Type / Values

~~2307~~

2308`unelevated | elevated`

~~2309~~

2310Details

~~2311~~

2312Profile-scoped Windows sandbox mode override.

~~2313~~

2314Key

~~2315~~

2316`project_doc_fallback_filenames`

~~2317~~

2318Type / Values

~~2319~~

2320`array<string>`

~~2321~~

2322Details

~~2323~~

2324Additional filenames to try when `AGENTS.md` is missing.

~~2325~~

2326Key

~~2327~~

2328`project_doc_max_bytes`

~~2329~~

2330Type / Values

~~2331~~

2332`number`

~~2333~~

2334Details

~~2335~~

2336Maximum bytes read from `AGENTS.md` when building project instructions.

~~2337~~

2338Key

~~2339~~

2340`project_root_markers`

~~2341~~

2342Type / Values

~~2343~~

2344`array<string>`

~~2345~~

2346Details

~~2347~~

2348List of project root marker filenames; used when searching parent directories for the project root.

~~2349~~

2350Key

~~2351~~

2352`projects.<path>.trust_level`

~~2353~~

2354Type / Values

~~2355~~

2356`string`

~~2357~~

2358Details

~~2359~~

2360Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers.

~~2361~~

2362Key

~~2363~~

2364`review_model`

~~2365~~

2366Type / Values

~~2367~~

2368`string`

~~2369~~

2370Details

~~2371~~

2372Optional model override used by `/review` (defaults to the current session model).

~~2373~~

2374Key

~~2375~~

2376`sandbox_mode`

~~2377~~

2378Type / Values

~~2379~~

2380`read-only | workspace-write | danger-full-access`

~~2381~~

2382Details

~~2383~~

2384Sandbox policy for filesystem and network access during command execution.

~~2385~~

2386Key

~~2387~~

2388`sandbox_workspace_write.exclude_slash_tmp`

~~2389~~

2390Type / Values

~~2391~~

2392`boolean`

~~2393~~

2394Details

~~2395~~

2396Exclude `/tmp` from writable roots in workspace-write mode.

~~2397~~

2398Key

~~2399~~

2400`sandbox_workspace_write.exclude_tmpdir_env_var`

~~2401~~

2402Type / Values

~~2403~~

2404`boolean`

~~2405~~

2406Details

~~2407~~

2408Exclude `$TMPDIR` from writable roots in workspace-write mode.

~~2409~~

2410Key

~~2411~~

2412`sandbox_workspace_write.network_access`

~~2413~~

2414Type / Values

~~2415~~

2416`boolean`

~~2417~~

2418Details

~~2419~~

2420Allow outbound network access inside the workspace-write sandbox.

~~2421~~

2422Key

~~2423~~

2424`sandbox_workspace_write.writable_roots`

~~2425~~

2426Type / Values

~~2427~~

2428`array<string>`

~~2429~~

2430Details

~~2431~~

2432Additional writable roots when `sandbox_mode = "workspace-write"`.

~~2433~~

2434Key

~~2435~~

2436`service_tier`

~~2437~~

2438Type / Values

~~2439~~

2440`flex | fast`

~~2441~~

2442Details

~~2443~~

2444Preferred service tier for new turns. `fast` is honored only when the `features.fast_mode` gate is enabled.

~~2445~~

2446Key

~~2447~~

2448`shell_environment_policy.exclude`

~~2449~~

2450Type / Values

~~2451~~

2452`array<string>`

~~2453~~

2454Details

~~2455~~

2456Glob patterns for removing environment variables after the defaults.

~~2457~~

2458Key

~~2459~~

2460`shell_environment_policy.experimental_use_profile`

~~2461~~

2462Type / Values

~~2463~~

2464`boolean`

~~2465~~

2466Details

~~2467~~

2468Use the user shell profile when spawning subprocesses.

~~2469~~

2470Key

~~2471~~

2472`shell_environment_policy.ignore_default_excludes`

~~2473~~

2474Type / Values

~~2475~~

2476`boolean`

~~2477~~

2478Details

~~2479~~

2480Keep variables containing KEY/SECRET/TOKEN before other filters run.

~~2481~~

2482Key

~~2483~~

2484`shell_environment_policy.include_only`

~~2485~~

2486Type / Values

~~2487~~

2488`array<string>`

~~2489~~

2490Details

~~2491~~

2492Whitelist of patterns; when set only matching variables are kept.

~~2493~~

2494Key

~~2495~~

2496`shell_environment_policy.inherit`

~~2497~~

2498Type / Values

~~2499~~

2500`all | core | none`

~~2501~~

2502Details

~~2503~~

2504Baseline environment inheritance when spawning subprocesses.

~~2505~~

2506Key

~~2507~~

2508`shell_environment_policy.set`

~~2509~~

2510Type / Values

~~2511~~

2512`map<string,string>`

~~2513~~

2514Details

~~2515~~

2516Explicit environment overrides injected into every subprocess.

~~2517~~

2518Key

~~2519~~

2520`show_raw_agent_reasoning`

~~2521~~

2522Type / Values

~~2523~~

2524`boolean`

~~2525~~

2526Details

~~2527~~

2528Surface raw reasoning content when the active model emits it.

~~2529~~

2530Key

~~2531~~

2532`skills.config`

~~2533~~

2534Type / Values

~~2535~~

2536`array<object>`

~~2537~~

2538Details

~~2539~~

2540Per-skill enablement overrides stored in config.toml.

~~2541~~

2542Key

~~2543~~

2544`skills.config.<index>.enabled`

~~2545~~

2546Type / Values

~~2547~~

2548`boolean`

~~2549~~

2550Details

~~2551~~

2552Enable or disable the referenced skill.

~~2553~~

2554Key

~~2555~~

2556`skills.config.<index>.path`

~~2557~~

2558Type / Values

~~2559~~

2560`string (path)`

~~2561~~

2562Details

~~2563~~

2564Path to a skill folder containing `SKILL.md`.

~~2565~~

2566Key

~~2567~~

2568`sqlite_home`

~~2569~~

2570Type / Values

~~2571~~

2572`string (path)`

~~2573~~

2574Details

~~2575~~

2576Directory where Codex stores the SQLite-backed state DB used by agent jobs and other resumable runtime state.

~~2577~~

2578Key

~~2579~~

2580`suppress_unstable_features_warning`

~~2581~~

2582Type / Values

~~2583~~

2584`boolean`

~~2585~~

2586Details

~~2587~~

2588Suppress the warning that appears when under-development feature flags are enabled.

~~2589~~

2590Key

~~2591~~

2592`tool_output_token_limit`

~~2593~~

2594Type / Values

~~2595~~

2596`number`

~~2597~~

2598Details

~~2599~~

2600Token budget for storing individual tool/function outputs in history.

~~2601~~

2602Key

~~2603~~

2604`tools.view_image`

~~2605~~

2606Type / Values

~~2607~~

2608`boolean`

~~2609~~

2610Details

~~2611~~

2612Enable the local-image attachment tool `view_image`.

~~2613~~

2614Key

~~2615~~

2616`tools.web_search`

~~2617~~

2618Type / Values

~~2619~~

2620`boolean`

~~2621~~

2622Details

~~2623~~

2624Deprecated legacy toggle for web search; prefer the top-level `web_search` setting.

~~2625~~

2626Key

~~2627~~

2628`tui`

~~2629~~

2630Type / Values

~~2631~~

2632`table`

~~2633~~

2634Details

~~2635~~

2636TUI-specific options such as enabling inline desktop notifications.

~~2637~~

2638Key

~~2639~~

2640`tui.alternate_screen`

~~2641~~

2642Type / Values

~~2643~~

2644`auto | always | never`

~~2645~~

2646Details

~~2647~~

2648Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback).

~~2649~~

2650Key

~~2651~~

2652`tui.animations`

~~2653~~

2654Type / Values

~~2655~~

2656`boolean`

~~2657~~

2658Details

~~2659~~

2660Enable terminal animations (welcome screen, shimmer, spinner) (default: true).

~~2661~~

2662Key

~~2663~~

2664`tui.model_availability_nux.<model>`

~~2665~~

2666Type / Values

~~2667~~

2668`integer`

~~2669~~

2670Details

~~2671~~

2672Internal startup-tooltip state keyed by model slug.

~~2673~~

2674Key

~~2675~~

2676`tui.notification_method`

~~2677~~

2678Type / Values

~~2679~~

2680`auto | osc9 | bel`

~~2681~~

2682Details

~~2683~~

2684Notification method for unfocused terminal notifications (default: auto).

~~2685~~

2686Key

~~2687~~

2688`tui.notifications`

~~2689~~

2690Type / Values

~~2691~~

2692`boolean | array<string>`

~~2693~~

2694Details

~~2695~~

2696Enable TUI notifications; optionally restrict to specific event types.

~~2697~~

2698Key

~~2699~~

2700`tui.show_tooltips`

~~2701~~

2702Type / Values

~~2703~~

2704`boolean`

~~2705~~

2706Details

~~2707~~

2708Show onboarding tooltips in the TUI welcome screen (default: true).

~~2709~~

2710Key

~~2711~~

2712`tui.status_line`

~~2713~~

2714Type / Values

~~2715~~

2716`array<string> | null`

~~2717~~

2718Details

~~2719~~

2720Ordered list of TUI footer status-line item identifiers. `null` disables the status line.

~~2721~~

2722Key

~~2723~~

2724`tui.theme`

~~2725~~

2726Type / Values

~~2727~~

2728`string`

~~2729~~

2730Details

~~2731~~

2732Syntax-highlighting theme override (kebab-case theme name).

~~2733~~

2734Key

~~2735~~

2736`web_search`

~~2737~~

2738Type / Values

~~2739~~

2740`disabled | cached | live`

~~2741~~

2742Details

~~2743~~

2744Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool.

~~2745~~

2746Key

~~2747~~

2748`windows_wsl_setup_acknowledged`

~~2749~~

2750Type / Values

~~2751~~

2752`boolean`

~~2753~~

2754Details

~~2755~~

2756Track Windows onboarding acknowledgement (Windows only).

~~2757~~

2758Key

~~2759~~

2760`windows.sandbox`

~~2761~~

2762Type / Values

~~2763~~

2764`unelevated | elevated`

~~2765~~

2766Details

~~2767~~

2768Windows-only native sandbox mode when running Codex natively on Windows.

~~2769~~

2770Expand to view all

2771 1332

2772You can find the latest JSON schema for `config.toml` [here](https://developers.openai.com/codex/config-schema.json).1333You can find the latest JSON schema for `config.toml` [here](https://developers.openai.com/codex/config-schema.json).

2773 1334

2789Use `[features]` in `requirements.toml` to pin feature flags by the same1350Use `[features]` in `requirements.toml` to pin feature flags by the same

2790canonical keys that `config.toml` uses. Omitted keys remain unconstrained.1351canonical keys that `config.toml` uses. Omitted keys remain unconstrained.

2791 1352

2792| Key | Type / Values | Details |1353<ConfigTable

2793| --- | --- | --- |1354 options={[

2794| `allowed_approval_policies` | `array<string>` | Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `reject`). |1355 {

2795| `allowed_sandbox_modes` | `array<string>` | Allowed values for `sandbox_mode`. |1356 key: "allowed_approval_policies",

2796| `allowed_web_search_modes` | `array<string>` | Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`. |1357 type: "array<string>",

2797| `features` | `table` | Pinned feature values keyed by the canonical names from `config.toml`'s `[features]` table. |1358 description:

2798| `features.<name>` | `boolean` | Require a specific canonical feature key to stay enabled or disabled. |1359 "Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `granular`).",

2799| `mcp_servers` | `table` | Allowlist of MCP servers that may be enabled. Both the server name (`<id>`) and its identity must match for the MCP server to be enabled. Any configured MCP server not in the allowlist (or with a mismatched identity) is disabled. |1360 },

2800| `mcp_servers.<id>.identity` | `table` | Identity rule for a single MCP server. Set either `command` (stdio) or `url` (streamable HTTP). |1361 {

2801| `mcp_servers.<id>.identity.command` | `string` | Allow an MCP stdio server when its `mcp_servers.<id>.command` matches this command. |1362 key: "allowed_approvals_reviewers",

2802| `mcp_servers.<id>.identity.url` | `string` | Allow an MCP streamable HTTP server when its `mcp_servers.<id>.url` matches this URL. |1363 type: "array<string>",

2803| `rules` | `table` | Admin-enforced command rules merged with `.rules` files. Requirements rules must be restrictive. |1364 description:

2804| `rules.prefix_rules` | `array<table>` | List of enforced prefix rules. Each rule must include `pattern` and `decision`. |1365 "Allowed values for `approvals_reviewer`, such as `user` and `auto_review`.",

2805| `rules.prefix_rules[].decision` | `prompt | forbidden` | Required. Requirements rules can only prompt or forbid (not allow). |1366 },

2806| `rules.prefix_rules[].justification` | `string` | Optional non-empty rationale surfaced in approval prompts or rejection messages. |1367 {

2807| `rules.prefix_rules[].pattern` | `array<table>` | Command prefix expressed as pattern tokens. Each token sets either `token` or `any_of`. |1368 key: "guardian_policy_config",

2808| `rules.prefix_rules[].pattern[].any_of` | `array<string>` | A list of allowed alternative tokens at this position. |1369 type: "string",

2809| `rules.prefix_rules[].pattern[].token` | `string` | A single literal token at this position. |1370 description:

~~2810~~ 1371 "Managed Markdown policy instructions for automatic review. This takes precedence over local `[auto_review].policy`. Blank values are ignored.",

2811Key1372 },

~~2812~~ 1373 {

2813`allowed_approval_policies`1374 key: "allowed_sandbox_modes",

~~2814~~ 1375 type: "array<string>",

2815Type / Values1376 description: "Allowed values for `sandbox_mode`.",

~~2816~~ 1377 },

2817`array<string>`1378 {

~~2818~~ 1379 key: "remote_sandbox_config",

2819Details1380 type: "array<table>",

~~2820~~ 1381 description:

2821Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `reject`).1382 "Host-specific sandbox requirements. The first entry whose `hostname_patterns` match the resolved host name overrides top-level `allowed_sandbox_modes` for that requirements source. Host-specific entries currently override sandbox modes only.",

~~2822~~ 1383 },

2823Key1384 {

~~2824~~ 1385 key: "remote_sandbox_config[].hostname_patterns",

2825`allowed_sandbox_modes`1386 type: "array<string>",

~~2826~~ 1387 description:

2827Type / Values1388 "Case-insensitive host name patterns. Supports `*` for any sequence of characters and `?` for one character.",

~~2828~~ 1389 },

2829`array<string>`1390 {

~~2830~~ 1391 key: "remote_sandbox_config[].allowed_sandbox_modes",

2831Details1392 type: "array<string>",

~~2832~~ 1393 description:

2833Allowed values for `sandbox_mode`.1394 "Allowed sandbox modes to apply when this host-specific entry matches.",

~~2834~~ 1395 },

2835Key1396 {

~~2836~~ 1397 key: "allowed_web_search_modes",

2837`allowed_web_search_modes`1398 type: "array<string>",

~~2838~~ 1399 description:

2839Type / Values1400 "Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`.",

~~2840~~ 1401 },

2841`array<string>`1402 {

~~2842~~ 1403 key: "features",

2843Details1404 type: "table",

~~2844~~ 1405 description:

2845Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`.1406 "Pinned feature values keyed by the canonical names from `config.toml`'s `[features]` table.",

~~2846~~ 1407 },

2847Key1408 {

~~2848~~ 1409 key: "features.<name>",

2849`features`1410 type: "boolean",

~~2850~~ 1411 description:

2851Type / Values1412 "Require a specific canonical feature key to stay enabled or disabled.",

~~2852~~ 1413 },

2853`table`1414 {

~~2854~~ 1415 key: "features.in_app_browser",

2855Details1416 type: "boolean",

~~2856~~ 1417 description:

2857Pinned feature values keyed by the canonical names from `config.toml`'s `[features]` table.1418 "Set to `false` in `requirements.toml` to disable the in-app browser pane.",

~~2858~~ 1419 },

2859Key1420 {

~~2860~~ 1421 key: "features.browser_use",

2861`features.<name>`1422 type: "boolean",

~~2862~~ 1423 description:

2863Type / Values1424 "Set to `false` in `requirements.toml` to disable Browser Use and Browser Agent availability.",

~~2864~~ 1425 },

2865`boolean`1426 {

~~2866~~ 1427 key: "features.computer_use",

2867Details1428 type: "boolean",

~~2868~~ 1429 description:

2869Require a specific canonical feature key to stay enabled or disabled.1430 "Set to `false` in `requirements.toml` to disable Computer Use availability and related install or enablement flows.",

~~2870~~ 1431 },

2871Key1432 {

~~2872~~ 1433 key: "hooks",

2873`mcp_servers`1434 type: "table",

~~2874~~ 1435 description:

2875Type / Values1436 "Admin-enforced managed lifecycle hooks. Requires a managed hook directory and uses the same event schema as inline `[hooks]` in `config.toml`.",

~~2876~~ 1437 },

2877`table`1438 {

~~2878~~ 1439 key: "hooks.managed_dir",

2879Details1440 type: "string (absolute path)",

~~2880~~ 1441 description:

2881Allowlist of MCP servers that may be enabled. Both the server name (`<id>`) and its identity must match for the MCP server to be enabled. Any configured MCP server not in the allowlist (or with a mismatched identity) is disabled.1442 "Directory containing managed hook scripts on macOS and Linux. Codex validates that it is absolute and exists before loading managed hooks.",

~~2882~~ 1443 },

2883Key1444 {

~~2884~~ 1445 key: "hooks.windows_managed_dir",

2885`mcp_servers.<id>.identity`1446 type: "string (absolute path)",

~~2886~~ 1447 description:

2887Type / Values1448 "Directory containing managed hook scripts on Windows. Codex validates that it is absolute and exists before loading managed hooks.",

~~2888~~ 1449 },

2889`table`1450 {

~~2890~~ 1451 key: "hooks.<Event>",

2891Details1452 type: "array<table>",

~~2892~~ 1453 description:

2893Identity rule for a single MCP server. Set either `command` (stdio) or `url` (streamable HTTP).1454 "Matcher groups for a hook event such as `PreToolUse`, `PostToolUse`, `PermissionRequest`, `SessionStart`, `UserPromptSubmit`, or `Stop`.",

~~2894~~ 1455 },

2895Key1456 {

~~2896~~ 1457 key: "hooks.<Event>[].hooks",

2897`mcp_servers.<id>.identity.command`1458 type: "array<table>",

~~2898~~ 1459 description:

2899Type / Values1460 "Hook handlers for a matcher group. Command hooks are currently supported; prompt and agent hook handlers are parsed but skipped.",

~~2900~~ 1461 },

2901`string`1462 {

~~2902~~ 1463 key: "permissions.filesystem.deny_read",

2903Details1464 type: "array<string>",

~~2904~~ 1465 description:

2905Allow an MCP stdio server when its `mcp_servers.<id>.command` matches this command.1466 "Admin-enforced filesystem read denials. Entries can be paths or glob patterns, and users cannot weaken them with local config.",

~~2906~~ 1467 },

2907Key1468 {

~~2908~~ 1469 key: "mcp_servers",

2909`mcp_servers.<id>.identity.url`1470 type: "table",

~~2910~~ 1471 description:

2911Type / Values1472 "Allowlist of MCP servers that may be enabled. Both the server name (`<id>`) and its identity must match for the MCP server to be enabled. Any configured MCP server not in the allowlist (or with a mismatched identity) is disabled.",

~~2912~~ 1473 },

2913`string`1474 {

~~2914~~ 1475 key: "mcp_servers.<id>.identity",

2915Details1476 type: "table",

~~2916~~ 1477 description:

2917Allow an MCP streamable HTTP server when its `mcp_servers.<id>.url` matches this URL.1478 "Identity rule for a single MCP server. Set either `command` (stdio) or `url` (streamable HTTP).",

~~2918~~ 1479 },

2919Key1480 {

~~2920~~ 1481 key: "mcp_servers.<id>.identity.command",

2921`rules`1482 type: "string",

~~2922~~ 1483 description:

2923Type / Values1484 "Allow an MCP stdio server when its `mcp_servers.<id>.command` matches this command.",

~~2924~~ 1485 },

2925`table`1486 {

~~2926~~ 1487 key: "mcp_servers.<id>.identity.url",

2927Details1488 type: "string",

~~2928~~ 1489 description:

2929Admin-enforced command rules merged with `.rules` files. Requirements rules must be restrictive.1490 "Allow an MCP streamable HTTP server when its `mcp_servers.<id>.url` matches this URL.",

~~2930~~ 1491 },

2931Key1492 {

~~2932~~ 1493 key: "rules",

2933`rules.prefix_rules`1494 type: "table",

~~2934~~ 1495 description:

2935Type / Values1496 "Admin-enforced command rules merged with `.rules` files. Requirements rules must be restrictive.",

~~2936~~ 1497 },

2937`array<table>`1498 {

~~2938~~ 1499 key: "rules.prefix_rules",

2939Details1500 type: "array<table>",

~~2940~~ 1501 description:

2941List of enforced prefix rules. Each rule must include `pattern` and `decision`.1502 "List of enforced prefix rules. Each rule must include `pattern` and `decision`.",

~~2942~~ 1503 },

2943Key1504 {

~~2944~~ 1505 key: "rules.prefix_rules[].pattern",

2945`rules.prefix_rules[].decision`1506 type: "array<table>",

~~2946~~ 1507 description:

2947Type / Values1508 "Command prefix expressed as pattern tokens. Each token sets either `token` or `any_of`.",

~~2948~~ 1509 },

2949`prompt | forbidden`1510 {

~~2950~~ 1511 key: "rules.prefix_rules[].pattern[].token",

2951Details1512 type: "string",

~~2952~~ 1513 description: "A single literal token at this position.",

2953Required. Requirements rules can only prompt or forbid (not allow).1514 },

~~2954~~ 1515 {

2955Key1516 key: "rules.prefix_rules[].pattern[].any_of",

~~2956~~ 1517 type: "array<string>",

2957`rules.prefix_rules[].justification`1518 description: "A list of allowed alternative tokens at this position.",

~~2958~~ 1519 },

2959Type / Values1520 {

~~2960~~ 1521 key: "rules.prefix_rules[].decision",

2961`string`1522 type: "prompt | forbidden",

~~2962~~ 1523 description:

2963Details1524 "Required. Requirements rules can only prompt or forbid (not allow).",

~~2964~~ 1525 },

2965Optional non-empty rationale surfaced in approval prompts or rejection messages.1526 {

~~2966~~ 1527 key: "rules.prefix_rules[].justification",

2967Key1528 type: "string",

~~2968~~ 1529 description:

2969`rules.prefix_rules[].pattern`1530 "Optional non-empty rationale surfaced in approval prompts or rejection messages.",

~~2970~~ 1531 },

2971Type / Values1532 ]}

~~2972~~ 1533 client:load

2973`array<table>`1534/>

~~2974~~

2975Details

~~2976~~

2977Command prefix expressed as pattern tokens. Each token sets either `token` or `any_of`.

~~2978~~

2979Key

~~2980~~

2981`rules.prefix_rules[].pattern[].any_of`

~~2982~~

2983Type / Values

~~2984~~

2985`array<string>`

~~2986~~

2987Details

~~2988~~

2989A list of allowed alternative tokens at this position.

~~2990~~

2991Key

~~2992~~

2993`rules.prefix_rules[].pattern[].token`

~~2994~~

2995Type / Values

~~2996~~

2997`string`

~~2998~~

2999Details

~~3000~~

3001A single literal token at this position.

~~3002~~

3003Expand to view all

config-reference.md Codex Docs, 2026-03-17 18:24 UTC → 2026-05-07 17:08 UTC