config-reference.md +1719 −2959
6 6
7User-level configuration lives in `~/.codex/config.toml`. You can also add project-scoped overrides in `.codex/config.toml` files. Codex loads project-scoped config files only when you trust the project.7User-level configuration lives in `~/.codex/config.toml`. You can also add project-scoped overrides in `.codex/config.toml` files. Codex loads project-scoped config files only when you trust the project.
8 8
99For sandbox and approval keys (`approval_policy`, `sandbox_mode`, and `sandbox_workspace_write.*`), pair this reference with [Sandbox and approvals](https://developers.openai.com/codex/agent-approvals-security#sandbox-and-approvals), [Protected paths in writable roots](https://developers.openai.com/codex/agent-approvals-security#protected-paths-in-writable-roots), and [Network access](https://developers.openai.com/codex/agent-approvals-security#network-access).Project-scoped config can't override machine-local provider, auth,
1010 notification, profile, or telemetry routing keys. Codex ignores
1111| Key | Type / Values | Details |`openai_base_url`, `chatgpt_base_url`, `model_provider`, `model_providers`,
1212| --- | --- | --- |`notify`, `profile`, `profiles`, `experimental_realtime_ws_base_url`, and
1313| `agents.<name>.config_file` | `string (path)` | Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role. |`otel` when they appear in a project-local `.codex/config.toml`; put those in
1414| `agents.<name>.description` | `string` | Role guidance shown to Codex when choosing and spawning that agent type. |user-level config instead.
15| `agents.<name>.nickname_candidates` | `array<string>` | Optional pool of display nicknames for spawned agents in that role. |
16| `agents.job_max_runtime_seconds` | `number` | Default per-worker timeout for `spawn_agents_on_csv` jobs. When unset, the tool falls back to 1800 seconds per worker. |
17| `agents.max_depth` | `number` | Maximum nesting depth allowed for spawned agent threads (root sessions start at depth 0; default: 1). |
18| `agents.max_threads` | `number` | Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset. |
19| `allow_login_shell` | `boolean` | Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells. |
20| `analytics.enabled` | `boolean` | Enable or disable analytics for this machine/profile. When unset, the client default applies. |
21| `approval_policy` | `untrusted | on-request | never | { granular = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool, request_permissions = bool, skill_approval = bool } }` | Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { granular = { ... } }` to allow or auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs. |
22| `approval_policy.granular.mcp_elicitations` | `boolean` | When `true`, MCP elicitation prompts are allowed to surface instead of being auto-rejected. |
23| `approval_policy.granular.request_permissions` | `boolean` | When `true`, prompts from the `request_permissions` tool are allowed to surface. |
24| `approval_policy.granular.rules` | `boolean` | When `true`, approvals triggered by execpolicy `prompt` rules are allowed to surface. |
25| `approval_policy.granular.sandbox_approval` | `boolean` | When `true`, sandbox escalation approval prompts are allowed to surface. |
26| `approval_policy.granular.skill_approval` | `boolean` | When `true`, skill-script approval prompts are allowed to surface. |
27| `approvals_reviewer` | `user | guardian_subagent` | Select who reviews eligible approval prompts. Defaults to `user`; `guardian_subagent` routes supported reviews through the Guardian reviewer subagent. |
28| `apps._default.destructive_enabled` | `boolean` | Default allow/deny for app tools with `destructive_hint = true`. |
29| `apps._default.enabled` | `boolean` | Default app enabled state for all apps unless overridden per app. |
30| `apps._default.open_world_enabled` | `boolean` | Default allow/deny for app tools with `open_world_hint = true`. |
31| `apps.<id>.default_tools_approval_mode` | `auto | prompt | approve` | Default approval behavior for tools in this app unless a per-tool override exists. |
32| `apps.<id>.default_tools_enabled` | `boolean` | Default enabled state for tools in this app unless a per-tool override exists. |
33| `apps.<id>.destructive_enabled` | `boolean` | Allow or block tools in this app that advertise `destructive_hint = true`. |
34| `apps.<id>.enabled` | `boolean` | Enable or disable a specific app/connector by id (default: true). |
35| `apps.<id>.open_world_enabled` | `boolean` | Allow or block tools in this app that advertise `open_world_hint = true`. |
36| `apps.<id>.tools.<tool>.approval_mode` | `auto | prompt | approve` | Per-tool approval behavior override for a single app tool. |
37| `apps.<id>.tools.<tool>.enabled` | `boolean` | Per-tool enabled override for an app tool (for example `repos/list`). |
38| `background_terminal_max_timeout` | `number` | Maximum poll window in milliseconds for empty `write_stdin` polls (background terminal polling). Default: `300000` (5 minutes). Replaces the older `background_terminal_timeout` key. |
39| `chatgpt_base_url` | `string` | Override the base URL used during the ChatGPT login flow. |
40| `check_for_update_on_startup` | `boolean` | Check for Codex updates on startup (set to false only when updates are centrally managed). |
41| `cli_auth_credentials_store` | `file | keyring | auto` | Control where the CLI stores cached credentials (file-based auth.json vs OS keychain). |
42| `commit_attribution` | `string` | Override the commit co-author trailer text. Set an empty string to disable automatic attribution. |
43| `compact_prompt` | `string` | Inline override for the history compaction prompt. |
44| `default_permissions` | `string` | Name of the default permissions profile to apply to sandboxed tool calls. |
45| `developer_instructions` | `string` | Additional developer instructions injected into the session (optional). |
46| `disable_paste_burst` | `boolean` | Disable burst-paste detection in the TUI. |
47| `experimental_compact_prompt_file` | `string (path)` | Load the compaction prompt override from a file (experimental). |
48| `experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`. |
49| `features.apps` | `boolean` | Enable ChatGPT Apps/connectors support (experimental). |
50| `features.codex_hooks` | `boolean` | Enable lifecycle hooks loaded from `hooks.json` (under development; off by default). |
51| `features.enable_request_compression` | `boolean` | Compress streaming request bodies with zstd when supported (stable; on by default). |
52| `features.fast_mode` | `boolean` | Enable Fast mode selection and the `service_tier = "fast"` path (stable; on by default). |
53| `features.multi_agent` | `boolean` | Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait_agent`, and `close_agent`) (stable; on by default). |
54| `features.personality` | `boolean` | Enable personality selection controls (stable; on by default). |
55| `features.prevent_idle_sleep` | `boolean` | Prevent the machine from sleeping while a turn is actively running (experimental; off by default). |
56| `features.shell_snapshot` | `boolean` | Snapshot shell environment to speed up repeated commands (stable; on by default). |
57| `features.shell_tool` | `boolean` | Enable the default `shell` tool for running commands (stable; on by default). |
58| `features.skill_mcp_dependency_install` | `boolean` | Allow prompting and installing missing MCP dependencies for skills (stable; on by default). |
59| `features.smart_approvals` | `boolean` | Route eligible approval requests through the guardian reviewer subagent (experimental; off by default). |
60| `features.undo` | `boolean` | Enable undo support (stable; off by default). |
61| `features.unified_exec` | `boolean` | Use the unified PTY-backed exec tool (stable; enabled by default except on Windows). |
62| `features.web_search` | `boolean` | Deprecated legacy toggle; prefer the top-level `web_search` setting. |
63| `features.web_search_cached` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`. |
64| `features.web_search_request` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`. |
65| `feedback.enabled` | `boolean` | Enable feedback submission via `/feedback` across Codex surfaces (default: true). |
66| `file_opener` | `vscode | vscode-insiders | windsurf | cursor | none` | URI scheme used to open citations from Codex output (default: `vscode`). |
67| `forced_chatgpt_workspace_id` | `string (uuid)` | Limit ChatGPT logins to a specific workspace identifier. |
68| `forced_login_method` | `chatgpt | api` | Restrict Codex to a specific authentication method. |
69| `hide_agent_reasoning` | `boolean` | Suppress reasoning events in both the TUI and `codex exec` output. |
70| `history.max_bytes` | `number` | If set, caps the history file size in bytes by dropping oldest entries. |
71| `history.persistence` | `save-all | none` | Control whether Codex saves session transcripts to history.jsonl. |
72| `instructions` | `string` | Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`. |
73| `log_dir` | `string (path)` | Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`. |
74| `mcp_oauth_callback_port` | `integer` | Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS. |
75| `mcp_oauth_callback_url` | `string` | Optional redirect URI override for MCP OAuth login (for example, a devbox ingress URL). `mcp_oauth_callback_port` still controls the callback listener port. |
76| `mcp_oauth_credentials_store` | `auto | file | keyring` | Preferred store for MCP OAuth credentials. |
77| `mcp_servers.<id>.args` | `array<string>` | Arguments passed to the MCP stdio server command. |
78| `mcp_servers.<id>.bearer_token_env_var` | `string` | Environment variable sourcing the bearer token for an MCP HTTP server. |
79| `mcp_servers.<id>.command` | `string` | Launcher command for an MCP stdio server. |
80| `mcp_servers.<id>.cwd` | `string` | Working directory for the MCP stdio server process. |
81| `mcp_servers.<id>.disabled_tools` | `array<string>` | Deny list applied after `enabled_tools` for the MCP server. |
82| `mcp_servers.<id>.enabled` | `boolean` | Disable an MCP server without removing its configuration. |
83| `mcp_servers.<id>.enabled_tools` | `array<string>` | Allow list of tool names exposed by the MCP server. |
84| `mcp_servers.<id>.env` | `map<string,string>` | Environment variables forwarded to the MCP stdio server. |
85| `mcp_servers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables for an MCP HTTP server. |
86| `mcp_servers.<id>.env_vars` | `array<string>` | Additional environment variables to whitelist for an MCP stdio server. |
87| `mcp_servers.<id>.http_headers` | `map<string,string>` | Static HTTP headers included with each MCP HTTP request. |
88| `mcp_servers.<id>.oauth_resource` | `string` | Optional RFC 8707 OAuth resource parameter to include during MCP login. |
89| `mcp_servers.<id>.required` | `boolean` | When true, fail startup/resume if this enabled MCP server cannot initialize. |
90| `mcp_servers.<id>.scopes` | `array<string>` | OAuth scopes to request when authenticating to that MCP server. |
91| `mcp_servers.<id>.startup_timeout_ms` | `number` | Alias for `startup_timeout_sec` in milliseconds. |
92| `mcp_servers.<id>.startup_timeout_sec` | `number` | Override the default 10s startup timeout for an MCP server. |
93| `mcp_servers.<id>.tool_timeout_sec` | `number` | Override the default 60s per-tool timeout for an MCP server. |
94| `mcp_servers.<id>.url` | `string` | Endpoint for an MCP streamable HTTP server. |
95| `model` | `string` | Model to use (e.g., `gpt-5.4`). |
96| `model_auto_compact_token_limit` | `number` | Token threshold that triggers automatic history compaction (unset uses model defaults). |
97| `model_catalog_json` | `string (path)` | Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile. |
98| `model_context_window` | `number` | Context window tokens available to the active model. |
99| `model_instructions_file` | `string (path)` | Replacement for built-in instructions instead of `AGENTS.md`. |
100| `model_provider` | `string` | Provider id from `model_providers` (default: `openai`). |
101| `model_providers.<id>` | `table` | Custom provider definition. Built-in provider IDs (`openai`, `ollama`, and `lmstudio`) are reserved and cannot be overridden. |
102| `model_providers.<id>.auth` | `table` | Command-backed bearer token configuration for a custom provider. Do not combine with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`. |
103| `model_providers.<id>.auth.args` | `array<string>` | Arguments passed to the token command. |
104| `model_providers.<id>.auth.command` | `string` | Command to run when Codex needs a bearer token. The command must print the token to stdout. |
105| `model_providers.<id>.auth.cwd` | `string (path)` | Working directory for the token command. |
106| `model_providers.<id>.auth.refresh_interval_ms` | `number` | How often Codex proactively refreshes the token in milliseconds (default: 300000). Set to `0` to refresh only after an authentication retry. |
107| `model_providers.<id>.auth.timeout_ms` | `number` | Maximum token command runtime in milliseconds (default: 5000). |
108| `model_providers.<id>.base_url` | `string` | API base URL for the model provider. |
109| `model_providers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables when present. |
110| `model_providers.<id>.env_key` | `string` | Environment variable supplying the provider API key. |
111| `model_providers.<id>.env_key_instructions` | `string` | Optional setup guidance for the provider API key. |
112| `model_providers.<id>.experimental_bearer_token` | `string` | Direct bearer token for the provider (discouraged; use `env_key`). |
113| `model_providers.<id>.http_headers` | `map<string,string>` | Static HTTP headers added to provider requests. |
114| `model_providers.<id>.name` | `string` | Display name for a custom model provider. |
115| `model_providers.<id>.query_params` | `map<string,string>` | Extra query parameters appended to provider requests. |
116| `model_providers.<id>.request_max_retries` | `number` | Retry count for HTTP requests to the provider (default: 4). |
117| `model_providers.<id>.requires_openai_auth` | `boolean` | The provider uses OpenAI authentication (defaults to false). |
118| `model_providers.<id>.stream_idle_timeout_ms` | `number` | Idle timeout for SSE streams in milliseconds (default: 300000). |
119| `model_providers.<id>.stream_max_retries` | `number` | Retry count for SSE streaming interruptions (default: 5). |
120| `model_providers.<id>.supports_websockets` | `boolean` | Whether that provider supports the Responses API WebSocket transport. |
121| `model_providers.<id>.wire_api` | `responses` | Protocol used by the provider. `responses` is the only supported value, and it is the default when omitted. |
122| `model_reasoning_effort` | `minimal | low | medium | high | xhigh` | Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent). |
123| `model_reasoning_summary` | `auto | concise | detailed | none` | Select reasoning summary detail or disable summaries entirely. |
124| `model_supports_reasoning_summaries` | `boolean` | Force Codex to send or not send reasoning metadata. |
125| `model_verbosity` | `low | medium | high` | Optional GPT-5 Responses API verbosity override; when unset, the selected model/preset default is used. |
126| `notice.hide_full_access_warning` | `boolean` | Track acknowledgement of the full access warning prompt. |
127| `notice.hide_gpt-5.1-codex-max_migration_prompt` | `boolean` | Track acknowledgement of the gpt-5.1-codex-max migration prompt. |
128| `notice.hide_gpt5_1_migration_prompt` | `boolean` | Track acknowledgement of the GPT-5.1 migration prompt. |
129| `notice.hide_rate_limit_model_nudge` | `boolean` | Track opt-out of the rate limit model switch reminder. |
130| `notice.hide_world_writable_warning` | `boolean` | Track acknowledgement of the Windows world-writable directories warning. |
131| `notice.model_migrations` | `map<string,string>` | Track acknowledged model migrations as old->new mappings. |
132| `notify` | `array<string>` | Command invoked for notifications; receives a JSON payload from Codex. |
133| `openai_base_url` | `string` | Base URL override for the built-in `openai` model provider. |
134| `oss_provider` | `lmstudio | ollama` | Default local provider used when running with `--oss` (defaults to prompting if unset). |
135| `otel.environment` | `string` | Environment tag applied to emitted OpenTelemetry events (default: `dev`). |
136| `otel.exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry exporter and provide any endpoint metadata. |
137| `otel.exporter.<id>.endpoint` | `string` | Exporter endpoint for OTEL logs. |
138| `otel.exporter.<id>.headers` | `map<string,string>` | Static headers included with OTEL exporter requests. |
139| `otel.exporter.<id>.protocol` | `binary | json` | Protocol used by the OTLP/HTTP exporter. |
140| `otel.exporter.<id>.tls.ca-certificate` | `string` | CA certificate path for OTEL exporter TLS. |
141| `otel.exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL exporter TLS. |
142| `otel.exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL exporter TLS. |
143| `otel.log_user_prompt` | `boolean` | Opt in to exporting raw user prompts with OpenTelemetry logs. |
144| `otel.metrics_exporter` | `none | statsig | otlp-http | otlp-grpc` | Select the OpenTelemetry metrics exporter (defaults to `statsig`). |
145| `otel.trace_exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry trace exporter and provide any endpoint metadata. |
146| `otel.trace_exporter.<id>.endpoint` | `string` | Trace exporter endpoint for OTEL logs. |
147| `otel.trace_exporter.<id>.headers` | `map<string,string>` | Static headers included with OTEL trace exporter requests. |
148| `otel.trace_exporter.<id>.protocol` | `binary | json` | Protocol used by the OTLP/HTTP trace exporter. |
149| `otel.trace_exporter.<id>.tls.ca-certificate` | `string` | CA certificate path for OTEL trace exporter TLS. |
150| `otel.trace_exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL trace exporter TLS. |
151| `otel.trace_exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL trace exporter TLS. |
152| `permissions.<name>.filesystem` | `table` | Named filesystem permission profile. Each key is an absolute path or special token such as `:minimal` or `:project_roots`. |
153| `permissions.<name>.filesystem.":project_roots".<subpath>` | `"read" | "write" | "none"` | Scoped filesystem access relative to the detected project roots. Use `"."` for the root itself. |
154| `permissions.<name>.filesystem.<path>` | `"read" | "write" | "none" | table` | Grant direct access for a path or special token, or scope nested entries under that root. |
155| `permissions.<name>.network.allow_local_binding` | `boolean` | Permit local bind/listen operations through the managed proxy. |
156| `permissions.<name>.network.allow_upstream_proxy` | `boolean` | Allow the managed proxy to chain to another upstream proxy. |
157| `permissions.<name>.network.dangerously_allow_all_unix_sockets` | `boolean` | Allow the proxy to use arbitrary Unix sockets instead of the default restricted set. |
158| `permissions.<name>.network.dangerously_allow_non_loopback_proxy` | `boolean` | Permit non-loopback bind addresses for the managed proxy listener. |
159| `permissions.<name>.network.domains` | `map<string, allow | deny>` | Domain rules for the managed proxy. Use domain names or wildcard patterns as keys, with `allow` or `deny` values. |
160| `permissions.<name>.network.enable_socks5` | `boolean` | Expose a SOCKS5 listener when this permissions profile enables the managed network proxy. |
161| `permissions.<name>.network.enable_socks5_udp` | `boolean` | Allow UDP over the SOCKS5 listener when enabled. |
162| `permissions.<name>.network.enabled` | `boolean` | Enable network access for this named permissions profile. |
163| `permissions.<name>.network.mode` | `limited | full` | Network proxy mode used for subprocess traffic. |
164| `permissions.<name>.network.proxy_url` | `string` | HTTP proxy endpoint used when this permissions profile enables the managed network proxy. |
165| `permissions.<name>.network.socks_url` | `string` | SOCKS5 proxy endpoint used by this permissions profile. |
166| `permissions.<name>.network.unix_sockets` | `map<string, allow | none>` | Unix socket rules for the managed proxy. Use socket paths as keys, with `allow` or `none` values. |
167| `personality` | `none | friendly | pragmatic` | Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`. |
168| `plan_mode_reasoning_effort` | `none | minimal | low | medium | high | xhigh` | Plan-mode-specific reasoning override. When unset, Plan mode uses its built-in preset default. |
169| `profile` | `string` | Default profile applied at startup (equivalent to `--profile`). |
170| `profiles.<name>.*` | `various` | Profile-scoped overrides for any of the supported configuration keys. |
171| `profiles.<name>.analytics.enabled` | `boolean` | Profile-scoped analytics enablement override. |
172| `profiles.<name>.experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec`. |
173| `profiles.<name>.model_catalog_json` | `string (path)` | Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile). |
174| `profiles.<name>.model_instructions_file` | `string (path)` | Profile-scoped replacement for the built-in instruction file. |
175| `profiles.<name>.oss_provider` | `lmstudio | ollama` | Profile-scoped OSS provider for `--oss` sessions. |
176| `profiles.<name>.personality` | `none | friendly | pragmatic` | Profile-scoped communication style override for supported models. |
177| `profiles.<name>.plan_mode_reasoning_effort` | `none | minimal | low | medium | high | xhigh` | Profile-scoped Plan-mode reasoning override. |
178| `profiles.<name>.service_tier` | `flex | fast` | Profile-scoped service tier preference for new turns. |
179| `profiles.<name>.tools_view_image` | `boolean` | Enable or disable the `view_image` tool in that profile. |
180| `profiles.<name>.web_search` | `disabled | cached | live` | Profile-scoped web search mode override (default: `"cached"`). |
181| `profiles.<name>.windows.sandbox` | `unelevated | elevated` | Profile-scoped Windows sandbox mode override. |
182| `project_doc_fallback_filenames` | `array<string>` | Additional filenames to try when `AGENTS.md` is missing. |
183| `project_doc_max_bytes` | `number` | Maximum bytes read from `AGENTS.md` when building project instructions. |
184| `project_root_markers` | `array<string>` | List of project root marker filenames; used when searching parent directories for the project root. |
185| `projects.<path>.trust_level` | `string` | Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers. |
186| `review_model` | `string` | Optional model override used by `/review` (defaults to the current session model). |
187| `sandbox_mode` | `read-only | workspace-write | danger-full-access` | Sandbox policy for filesystem and network access during command execution. |
188| `sandbox_workspace_write.exclude_slash_tmp` | `boolean` | Exclude `/tmp` from writable roots in workspace-write mode. |
189| `sandbox_workspace_write.exclude_tmpdir_env_var` | `boolean` | Exclude `$TMPDIR` from writable roots in workspace-write mode. |
190| `sandbox_workspace_write.network_access` | `boolean` | Allow outbound network access inside the workspace-write sandbox. |
191| `sandbox_workspace_write.writable_roots` | `array<string>` | Additional writable roots when `sandbox_mode = "workspace-write"`. |
192| `service_tier` | `flex | fast` | Preferred service tier for new turns. |
193| `shell_environment_policy.exclude` | `array<string>` | Glob patterns for removing environment variables after the defaults. |
194| `shell_environment_policy.experimental_use_profile` | `boolean` | Use the user shell profile when spawning subprocesses. |
195| `shell_environment_policy.ignore_default_excludes` | `boolean` | Keep variables containing KEY/SECRET/TOKEN before other filters run. |
196| `shell_environment_policy.include_only` | `array<string>` | Whitelist of patterns; when set only matching variables are kept. |
197| `shell_environment_policy.inherit` | `all | core | none` | Baseline environment inheritance when spawning subprocesses. |
198| `shell_environment_policy.set` | `map<string,string>` | Explicit environment overrides injected into every subprocess. |
199| `show_raw_agent_reasoning` | `boolean` | Surface raw reasoning content when the active model emits it. |
200| `skills.config` | `array<object>` | Per-skill enablement overrides stored in config.toml. |
201| `skills.config.<index>.enabled` | `boolean` | Enable or disable the referenced skill. |
202| `skills.config.<index>.path` | `string (path)` | Path to a skill folder containing `SKILL.md`. |
203| `sqlite_home` | `string (path)` | Directory where Codex stores the SQLite-backed state DB used by agent jobs and other resumable runtime state. |
204| `suppress_unstable_features_warning` | `boolean` | Suppress the warning that appears when under-development feature flags are enabled. |
205| `tool_output_token_limit` | `number` | Token budget for storing individual tool/function outputs in history. |
206| `tool_suggest.discoverables` | `array<table>` | Allow tool suggestions for additional discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`. |
207| `tools.view_image` | `boolean` | Enable the local-image attachment tool `view_image`. |
208| `tools.web_search` | `boolean | { context_size = "low|medium|high", allowed_domains = [string], location = { country, region, city, timezone } }` | Optional web search tool configuration. The legacy boolean form is still accepted, but the object form lets you set search context size, allowed domains, and approximate user location. |
209| `tui` | `table` | TUI-specific options such as enabling inline desktop notifications. |
210| `tui.alternate_screen` | `auto | always | never` | Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback). |
211| `tui.animations` | `boolean` | Enable terminal animations (welcome screen, shimmer, spinner) (default: true). |
212| `tui.model_availability_nux.<model>` | `integer` | Internal startup-tooltip state keyed by model slug. |
213| `tui.notification_method` | `auto | osc9 | bel` | Notification method for unfocused terminal notifications (default: auto). |
214| `tui.notifications` | `boolean | array<string>` | Enable TUI notifications; optionally restrict to specific event types. |
215| `tui.show_tooltips` | `boolean` | Show onboarding tooltips in the TUI welcome screen (default: true). |
216| `tui.status_line` | `array<string> | null` | Ordered list of TUI footer status-line item identifiers. `null` disables the status line. |
217| `tui.terminal_title` | `array<string> | null` | Ordered list of terminal window/tab title item identifiers. Defaults to `["spinner", "project"]`; `null` disables title updates. |
218| `tui.theme` | `string` | Syntax-highlighting theme override (kebab-case theme name). |
219| `web_search` | `disabled | cached | live` | Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool. |
220| `windows_wsl_setup_acknowledged` | `boolean` | Track Windows onboarding acknowledgement (Windows only). |
221| `windows.sandbox` | `unelevated | elevated` | Windows-only native sandbox mode when running Codex natively on Windows. |
222| `windows.sandbox_private_desktop` | `boolean` | Run the final sandboxed child process on a private desktop by default on native Windows. Set `false` only for compatibility with the older `Winsta0\\Default` behavior. |
223
224Key
225
226`agents.<name>.config_file`
227
228Type / Values
229
230`string (path)`
231
232Details
233
234Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role.
235
236Key
237
238`agents.<name>.description`
239
240Type / Values
241
242`string`
243
244Details
245
246Role guidance shown to Codex when choosing and spawning that agent type.
247
248Key
249
250`agents.<name>.nickname_candidates`
251
252Type / Values
253
254`array<string>`
255
256Details
257
258Optional pool of display nicknames for spawned agents in that role.
259
260Key
261
262`agents.job_max_runtime_seconds`
263
264Type / Values
265
266`number`
267
268Details
269
270Default per-worker timeout for `spawn_agents_on_csv` jobs. When unset, the tool falls back to 1800 seconds per worker.
271
272Key
273
274`agents.max_depth`
275
276Type / Values
277
278`number`
279
280Details
281
282Maximum nesting depth allowed for spawned agent threads (root sessions start at depth 0; default: 1).
283
284Key
285
286`agents.max_threads`
287
288Type / Values
289
290`number`
291
292Details
293
294Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset.
295
296Key
297
298`allow_login_shell`
299
300Type / Values
301
302`boolean`
303
304Details
305
306Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells.
307
308Key
309
310`analytics.enabled`
311
312Type / Values
313
314`boolean`
315
316Details
317
318Enable or disable analytics for this machine/profile. When unset, the client default applies.
319
320Key
321
322`approval_policy`
323
324Type / Values
325
326`untrusted | on-request | never | { granular = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool, request_permissions = bool, skill_approval = bool } }`
327
328Details
329
330Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { granular = { ... } }` to allow or auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs.
331
332Key
333
334`approval_policy.granular.mcp_elicitations`
335
336Type / Values
337
338`boolean`
339
340Details
341
342When `true`, MCP elicitation prompts are allowed to surface instead of being auto-rejected.
343
344Key
345
346`approval_policy.granular.request_permissions`
347
348Type / Values
349
350`boolean`
351
352Details
353
354When `true`, prompts from the `request_permissions` tool are allowed to surface.
355
356Key
357
358`approval_policy.granular.rules`
359
360Type / Values
361
362`boolean`
363
364Details
365
366When `true`, approvals triggered by execpolicy `prompt` rules are allowed to surface.
367
368Key
369
370`approval_policy.granular.sandbox_approval`
371
372Type / Values
373
374`boolean`
375
376Details
377
378When `true`, sandbox escalation approval prompts are allowed to surface.
379
380Key
381
382`approval_policy.granular.skill_approval`
383
384Type / Values
385
386`boolean`
387
388Details
389
390When `true`, skill-script approval prompts are allowed to surface.
391
392Key
393
394`approvals_reviewer`
395
396Type / Values
397
398`user | guardian_subagent`
399
400Details
401
402Select who reviews eligible approval prompts. Defaults to `user`; `guardian_subagent` routes supported reviews through the Guardian reviewer subagent.
403
404Key
405
406`apps._default.destructive_enabled`
407
408Type / Values
409
410`boolean`
411
412Details
413
414Default allow/deny for app tools with `destructive_hint = true`.
415
416Key
417
418`apps._default.enabled`
419
420Type / Values
421
422`boolean`
423
424Details
425
426Default app enabled state for all apps unless overridden per app.
427
428Key
429
430`apps._default.open_world_enabled`
431
432Type / Values
433
434`boolean`
435
436Details
437
438Default allow/deny for app tools with `open_world_hint = true`.
439
440Key
441
442`apps.<id>.default_tools_approval_mode`
443
444Type / Values
445
446`auto | prompt | approve`
447
448Details
449
450Default approval behavior for tools in this app unless a per-tool override exists.
451
452Key
453
454`apps.<id>.default_tools_enabled`
455
456Type / Values
457
458`boolean`
459
460Details
461
462Default enabled state for tools in this app unless a per-tool override exists.
463
464Key
465
466`apps.<id>.destructive_enabled`
467
468Type / Values
469
470`boolean`
471
472Details
473
474Allow or block tools in this app that advertise `destructive_hint = true`.
475
476Key
477
478`apps.<id>.enabled`
479
480Type / Values
481
482`boolean`
483
484Details
485
486Enable or disable a specific app/connector by id (default: true).
487
488Key
489
490`apps.<id>.open_world_enabled`
491
492Type / Values
493
494`boolean`
495
496Details
497
498Allow or block tools in this app that advertise `open_world_hint = true`.
499
500Key
501
502`apps.<id>.tools.<tool>.approval_mode`
503
504Type / Values
505
506`auto | prompt | approve`
507
508Details
509
510Per-tool approval behavior override for a single app tool.
511
512Key
513
514`apps.<id>.tools.<tool>.enabled`
515
516Type / Values
517
518`boolean`
519
520Details
521
522Per-tool enabled override for an app tool (for example `repos/list`).
523
524Key
525
526`background_terminal_max_timeout`
527
528Type / Values
529
530`number`
531
532Details
533
534Maximum poll window in milliseconds for empty `write_stdin` polls (background terminal polling). Default: `300000` (5 minutes). Replaces the older `background_terminal_timeout` key.
535
536Key
537
538`chatgpt_base_url`
539
540Type / Values
541
542`string`
543
544Details
545
546Override the base URL used during the ChatGPT login flow.
547
548Key
549
550`check_for_update_on_startup`
551
552Type / Values
553
554`boolean`
555
556Details
557
558Check for Codex updates on startup (set to false only when updates are centrally managed).
559
560Key
561
562`cli_auth_credentials_store`
563
564Type / Values
565
566`file | keyring | auto`
567
568Details
569
570Control where the CLI stores cached credentials (file-based auth.json vs OS keychain).
571
572Key
573
574`commit_attribution`
575
576Type / Values
577
578`string`
579
580Details
581
582Override the commit co-author trailer text. Set an empty string to disable automatic attribution.
583
584Key
585
586`compact_prompt`
587
588Type / Values
589
590`string`
591
592Details
593
594Inline override for the history compaction prompt.
595
596Key
597
598`default_permissions`
599
600Type / Values
601
602`string`
603
604Details
605
606Name of the default permissions profile to apply to sandboxed tool calls.
607
608Key
609
610`developer_instructions`
611
612Type / Values
613
614`string`
615
616Details
617
618Additional developer instructions injected into the session (optional).
619
620Key
621
622`disable_paste_burst`
623
624Type / Values
625
626`boolean`
627
628Details
629
630Disable burst-paste detection in the TUI.
631
632Key
633
634`experimental_compact_prompt_file`
635
636Type / Values
637
638`string (path)`
639
640Details
641
642Load the compaction prompt override from a file (experimental).
643
644Key
645
646`experimental_use_unified_exec_tool`
647
648Type / Values
649
650`boolean`
651
652Details
653
654Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`.
655
656Key
657
658`features.apps`
659
660Type / Values
661
662`boolean`
663
664Details
665
666Enable ChatGPT Apps/connectors support (experimental).
667
668Key
669
670`features.codex_hooks`
671
672Type / Values
673
674`boolean`
675
676Details
677
678Enable lifecycle hooks loaded from `hooks.json` (under development; off by default).
679
680Key
681
682`features.enable_request_compression`
683
684Type / Values
685
686`boolean`
687
688Details
689
690Compress streaming request bodies with zstd when supported (stable; on by default).
691
692Key
693
694`features.fast_mode`
695
696Type / Values
697
698`boolean`
699
700Details
701
702Enable Fast mode selection and the `service_tier = "fast"` path (stable; on by default).
703
704Key
705
706`features.multi_agent`
707
708Type / Values
709
710`boolean`
711
712Details
713
714Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait_agent`, and `close_agent`) (stable; on by default).
715
716Key
717
718`features.personality`
719
720Type / Values
721
722`boolean`
723
724Details
725
726Enable personality selection controls (stable; on by default).
727
728Key
729
730`features.prevent_idle_sleep`
731
732Type / Values
733
734`boolean`
735
736Details
737
738Prevent the machine from sleeping while a turn is actively running (experimental; off by default).
739
740Key
741
742`features.shell_snapshot`
743
744Type / Values
745
746`boolean`
747
748Details
749
750Snapshot shell environment to speed up repeated commands (stable; on by default).
751
752Key
753
754`features.shell_tool`
755
756Type / Values
757
758`boolean`
759
760Details
761
762Enable the default `shell` tool for running commands (stable; on by default).
763
764Key
765
766`features.skill_mcp_dependency_install`
767
768Type / Values
769
770`boolean`
771
772Details
773
774Allow prompting and installing missing MCP dependencies for skills (stable; on by default).
775
776Key
777
778`features.smart_approvals`
779
780Type / Values
781
782`boolean`
783
784Details
785
786Route eligible approval requests through the guardian reviewer subagent (experimental; off by default).
787
788Key
789
790`features.undo`
791
792Type / Values
793
794`boolean`
795
796Details
797
798Enable undo support (stable; off by default).
799
800Key
801
802`features.unified_exec`
803
804Type / Values
805
806`boolean`
807
808Details
809
810Use the unified PTY-backed exec tool (stable; enabled by default except on Windows).
811
812Key
813
814`features.web_search`
815
816Type / Values
817
818`boolean`
819
820Details
821
822Deprecated legacy toggle; prefer the top-level `web_search` setting.
823
824Key
825
826`features.web_search_cached`
827
828Type / Values
829
830`boolean`
831
832Details
833
834Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`.
835
836Key
837
838`features.web_search_request`
839
840Type / Values
841
842`boolean`
843
844Details
845
846Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`.
847
848Key
849
850`feedback.enabled`
851
852Type / Values
853
854`boolean`
855
856Details
857
858Enable feedback submission via `/feedback` across Codex surfaces (default: true).
859
860Key
861
862`file_opener`
863
864Type / Values
865
866`vscode | vscode-insiders | windsurf | cursor | none`
867
868Details
869
870URI scheme used to open citations from Codex output (default: `vscode`).
871
872Key
873
874`forced_chatgpt_workspace_id`
875
876Type / Values
877
878`string (uuid)`
879
880Details
881
882Limit ChatGPT logins to a specific workspace identifier.
883
884Key
885
886`forced_login_method`
887
888Type / Values
889
890`chatgpt | api`
891
892Details
893
894Restrict Codex to a specific authentication method.
895
896Key
897
898`hide_agent_reasoning`
899
900Type / Values
901
902`boolean`
903
904Details
905
906Suppress reasoning events in both the TUI and `codex exec` output.
907
908Key
909
910`history.max_bytes`
911
912Type / Values
913
914`number`
915
916Details
917
918If set, caps the history file size in bytes by dropping oldest entries.
919
920Key
921
922`history.persistence`
923
924Type / Values
925
926`save-all | none`
927
928Details
929
930Control whether Codex saves session transcripts to history.jsonl.
931
932Key
933
934`instructions`
935
936Type / Values
937
938`string`
939
940Details
941
942Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`.
943
944Key
945
946`log_dir`
947
948Type / Values
949
950`string (path)`
951
952Details
953
954Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`.
955
956Key
957
958`mcp_oauth_callback_port`
959
960Type / Values
961
962`integer`
963
964Details
965
966Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS.
967
968Key
969
970`mcp_oauth_callback_url`
971
972Type / Values
973
974`string`
975
976Details
977
978Optional redirect URI override for MCP OAuth login (for example, a devbox ingress URL). `mcp_oauth_callback_port` still controls the callback listener port.
979
980Key
981
982`mcp_oauth_credentials_store`
983
984Type / Values
985
986`auto | file | keyring`
987
988Details
989
990Preferred store for MCP OAuth credentials.
991
992Key
993
994`mcp_servers.<id>.args`
995
996Type / Values
997
998`array<string>`
999
1000Details
1001
1002Arguments passed to the MCP stdio server command.
1003
1004Key
1005
1006`mcp_servers.<id>.bearer_token_env_var`
1007
1008Type / Values
1009
1010`string`
1011
1012Details
1013
1014Environment variable sourcing the bearer token for an MCP HTTP server.
1015
1016Key
1017
1018`mcp_servers.<id>.command`
1019
1020Type / Values
1021
1022`string`
1023
1024Details
1025
1026Launcher command for an MCP stdio server.
1027
1028Key
1029
1030`mcp_servers.<id>.cwd`
1031
1032Type / Values
1033
1034`string`
1035
1036Details
1037
1038Working directory for the MCP stdio server process.
1039
1040Key
1041
1042`mcp_servers.<id>.disabled_tools`
1043
1044Type / Values
1045
1046`array<string>`
1047
1048Details
1049
1050Deny list applied after `enabled_tools` for the MCP server.
1051
1052Key
1053
1054`mcp_servers.<id>.enabled`
1055
1056Type / Values
1057
1058`boolean`
1059
1060Details
1061
1062Disable an MCP server without removing its configuration.
1063
1064Key
1065
1066`mcp_servers.<id>.enabled_tools`
1067
1068Type / Values
1069
1070`array<string>`
1071
1072Details
1073
1074Allow list of tool names exposed by the MCP server.
1075
1076Key
1077
1078`mcp_servers.<id>.env`
1079
1080Type / Values
1081
1082`map<string,string>`
1083
1084Details
1085
1086Environment variables forwarded to the MCP stdio server.
1087
1088Key
1089
1090`mcp_servers.<id>.env_http_headers`
1091
1092Type / Values
1093
1094`map<string,string>`
1095
1096Details
1097
1098HTTP headers populated from environment variables for an MCP HTTP server.
1099
1100Key
1101
1102`mcp_servers.<id>.env_vars`
1103
1104Type / Values
1105
1106`array<string>`
1107
1108Details
1109
1110Additional environment variables to whitelist for an MCP stdio server.
1111
1112Key
1113
1114`mcp_servers.<id>.http_headers`
1115
1116Type / Values
1117
1118`map<string,string>`
1119
1120Details
1121
1122Static HTTP headers included with each MCP HTTP request.
1123
1124Key
1125
1126`mcp_servers.<id>.oauth_resource`
1127
1128Type / Values
1129
1130`string`
1131
1132Details
1133
1134Optional RFC 8707 OAuth resource parameter to include during MCP login.
1135
1136Key
1137
1138`mcp_servers.<id>.required`
1139
1140Type / Values
1141
1142`boolean`
1143
1144Details
1145
1146When true, fail startup/resume if this enabled MCP server cannot initialize.
1147
1148Key
1149
1150`mcp_servers.<id>.scopes`
1151
1152Type / Values
1153
1154`array<string>`
1155
1156Details
1157
1158OAuth scopes to request when authenticating to that MCP server.
1159
1160Key
1161
1162`mcp_servers.<id>.startup_timeout_ms`
1163
1164Type / Values
1165
1166`number`
1167
1168Details
1169
1170Alias for `startup_timeout_sec` in milliseconds.
1171
1172Key
1173
1174`mcp_servers.<id>.startup_timeout_sec`
1175
1176Type / Values
1177
1178`number`
1179
1180Details
1181
1182Override the default 10s startup timeout for an MCP server.
1183
1184Key
1185
1186`mcp_servers.<id>.tool_timeout_sec`
1187
1188Type / Values
1189
1190`number`
1191
1192Details
1193
1194Override the default 60s per-tool timeout for an MCP server.
1195
1196Key
1197
1198`mcp_servers.<id>.url`
1199
1200Type / Values
1201
1202`string`
1203
1204Details
1205
1206Endpoint for an MCP streamable HTTP server.
1207
1208Key
1209
1210`model`
1211
1212Type / Values
1213
1214`string`
1215
1216Details
1217
1218Model to use (e.g., `gpt-5.4`).
1219
1220Key
1221
1222`model_auto_compact_token_limit`
1223
1224Type / Values
1225
1226`number`
1227
1228Details
1229
1230Token threshold that triggers automatic history compaction (unset uses model defaults).
1231
1232Key
1233
1234`model_catalog_json`
1235
1236Type / Values
1237
1238`string (path)`
1239
1240Details
1241
1242Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile.
1243
1244Key
1245
1246`model_context_window`
1247
1248Type / Values
1249
1250`number`
1251
1252Details
1253
1254Context window tokens available to the active model.
1255
1256Key
1257
1258`model_instructions_file`
1259
1260Type / Values
1261
1262`string (path)`
1263
1264Details
1265
1266Replacement for built-in instructions instead of `AGENTS.md`.
1267
1268Key
1269
1270`model_provider`
1271
1272Type / Values
1273
1274`string`
1275
1276Details
1277
1278Provider id from `model_providers` (default: `openai`).
1279
1280Key
1281
1282`model_providers.<id>`
1283
1284Type / Values
1285
1286`table`
1287
1288Details
1289
1290Custom provider definition. Built-in provider IDs (`openai`, `ollama`, and `lmstudio`) are reserved and cannot be overridden.
1291
1292Key
1293
1294`model_providers.<id>.auth`
1295
1296Type / Values
1297
1298`table`
1299
1300Details
1301
1302Command-backed bearer token configuration for a custom provider. Do not combine with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`.
1303
1304Key
1305
1306`model_providers.<id>.auth.args`
1307
1308Type / Values
1309
1310`array<string>`
1311
1312Details
1313
1314Arguments passed to the token command.
1315
1316Key
1317
1318`model_providers.<id>.auth.command`
1319
1320Type / Values
1321
1322`string`
1323
1324Details
1325
1326Command to run when Codex needs a bearer token. The command must print the token to stdout.
1327
1328Key
1329
1330`model_providers.<id>.auth.cwd`
1331
1332Type / Values
1333
1334`string (path)`
1335
1336Details
1337
1338Working directory for the token command.
1339
1340Key
1341
1342`model_providers.<id>.auth.refresh_interval_ms`
1343
1344Type / Values
1345
1346`number`
1347
1348Details
1349
1350How often Codex proactively refreshes the token in milliseconds (default: 300000). Set to `0` to refresh only after an authentication retry.
1351
1352Key
1353
1354`model_providers.<id>.auth.timeout_ms`
1355
1356Type / Values
1357
1358`number`
1359
1360Details
1361
1362Maximum token command runtime in milliseconds (default: 5000).
1363
1364Key
1365
1366`model_providers.<id>.base_url`
1367
1368Type / Values
1369
1370`string`
1371
1372Details
1373
1374API base URL for the model provider.
1375
1376Key
1377
1378`model_providers.<id>.env_http_headers`
1379
1380Type / Values
1381
1382`map<string,string>`
1383
1384Details
1385
1386HTTP headers populated from environment variables when present.
1387
1388Key
1389
1390`model_providers.<id>.env_key`
1391
1392Type / Values
1393
1394`string`
1395
1396Details
1397
1398Environment variable supplying the provider API key.
1399
1400Key
1401
1402`model_providers.<id>.env_key_instructions`
1403
1404Type / Values
1405
1406`string`
1407
1408Details
1409
1410Optional setup guidance for the provider API key.
1411
1412Key
1413
1414`model_providers.<id>.experimental_bearer_token`
1415
1416Type / Values
1417
1418`string`
1419
1420Details
1421
1422Direct bearer token for the provider (discouraged; use `env_key`).
1423
1424Key
1425
1426`model_providers.<id>.http_headers`
1427
1428Type / Values
1429
1430`map<string,string>`
1431
1432Details
1433
1434Static HTTP headers added to provider requests.
1435
1436Key
1437
1438`model_providers.<id>.name`
1439
1440Type / Values
1441
1442`string`
1443
1444Details
1445
1446Display name for a custom model provider.
1447
1448Key
1449
1450`model_providers.<id>.query_params`
1451
1452Type / Values
1453
1454`map<string,string>`
1455
1456Details
1457
1458Extra query parameters appended to provider requests.
1459
1460Key
1461
1462`model_providers.<id>.request_max_retries`
1463
1464Type / Values
1465
1466`number`
1467
1468Details
1469
1470Retry count for HTTP requests to the provider (default: 4).
1471
1472Key
1473
1474`model_providers.<id>.requires_openai_auth`
1475
1476Type / Values
1477
1478`boolean`
1479
1480Details
1481
1482The provider uses OpenAI authentication (defaults to false).
1483
1484Key
1485
1486`model_providers.<id>.stream_idle_timeout_ms`
1487
1488Type / Values
1489
1490`number`
1491
1492Details
1493
1494Idle timeout for SSE streams in milliseconds (default: 300000).
1495
1496Key
1497
1498`model_providers.<id>.stream_max_retries`
1499
1500Type / Values
1501
1502`number`
1503
1504Details
1505
1506Retry count for SSE streaming interruptions (default: 5).
1507
1508Key
1509
1510`model_providers.<id>.supports_websockets`
1511
1512Type / Values
1513
1514`boolean`
1515
1516Details
1517
1518Whether that provider supports the Responses API WebSocket transport.
1519
1520Key
1521
1522`model_providers.<id>.wire_api`
1523
1524Type / Values
1525
1526`responses`
1527
1528Details
1529
1530Protocol used by the provider. `responses` is the only supported value, and it is the default when omitted.
1531
1532Key
1533
1534`model_reasoning_effort`
1535
1536Type / Values
1537
1538`minimal | low | medium | high | xhigh`
1539
1540Details
1541
1542Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent).
1543
1544Key
1545
1546`model_reasoning_summary`
1547
1548Type / Values
1549
1550`auto | concise | detailed | none`
1551
1552Details
1553
1554Select reasoning summary detail or disable summaries entirely.
1555
1556Key
1557
1558`model_supports_reasoning_summaries`
1559
1560Type / Values
1561
1562`boolean`
1563
1564Details
1565
1566Force Codex to send or not send reasoning metadata.
1567
1568Key
1569
1570`model_verbosity`
1571
1572Type / Values
1573
1574`low | medium | high`
1575
1576Details
1577
1578Optional GPT-5 Responses API verbosity override; when unset, the selected model/preset default is used.
1579
1580Key
1581
1582`notice.hide_full_access_warning`
1583
1584Type / Values
1585
1586`boolean`
1587
1588Details
1589
1590Track acknowledgement of the full access warning prompt.
1591
1592Key
1593
1594`notice.hide_gpt-5.1-codex-max_migration_prompt`
1595
1596Type / Values
1597
1598`boolean`
1599
1600Details
1601
1602Track acknowledgement of the gpt-5.1-codex-max migration prompt.
1603
1604Key
1605
1606`notice.hide_gpt5_1_migration_prompt`
1607
1608Type / Values
1609
1610`boolean`
1611
1612Details
1613
1614Track acknowledgement of the GPT-5.1 migration prompt.
1615
1616Key
1617
1618`notice.hide_rate_limit_model_nudge`
1619
1620Type / Values
1621
1622`boolean`
1623
1624Details
1625
1626Track opt-out of the rate limit model switch reminder.
1627
1628Key
1629
1630`notice.hide_world_writable_warning`
1631
1632Type / Values
1633
1634`boolean`
1635
1636Details
1637
1638Track acknowledgement of the Windows world-writable directories warning.
1639
1640Key
1641
1642`notice.model_migrations`
1643
1644Type / Values
1645
1646`map<string,string>`
1647
1648Details
1649
1650Track acknowledged model migrations as old->new mappings.
1651
1652Key
1653
1654`notify`
1655
1656Type / Values
1657
1658`array<string>`
1659
1660Details
1661
1662Command invoked for notifications; receives a JSON payload from Codex.
1663
1664Key
1665
1666`openai_base_url`
1667
1668Type / Values
1669
1670`string`
1671
1672Details
1673
1674Base URL override for the built-in `openai` model provider.
1675
1676Key
1677
1678`oss_provider`
1679
1680Type / Values
1681
1682`lmstudio | ollama`
1683
1684Details
1685
1686Default local provider used when running with `--oss` (defaults to prompting if unset).
1687
1688Key
1689
1690`otel.environment`
1691
1692Type / Values
1693
1694`string`
1695
1696Details
1697
1698Environment tag applied to emitted OpenTelemetry events (default: `dev`).
1699
1700Key
1701
1702`otel.exporter`
1703
1704Type / Values
1705
1706`none | otlp-http | otlp-grpc`
1707
1708Details
1709
1710Select the OpenTelemetry exporter and provide any endpoint metadata.
1711
1712Key
1713
1714`otel.exporter.<id>.endpoint`
1715
1716Type / Values
1717
1718`string`
1719
1720Details
1721
1722Exporter endpoint for OTEL logs.
1723
1724Key
1725
1726`otel.exporter.<id>.headers`
1727
1728Type / Values
1729
1730`map<string,string>`
1731
1732Details
1733
1734Static headers included with OTEL exporter requests.
1735
1736Key
1737
1738`otel.exporter.<id>.protocol`
1739
1740Type / Values
1741
1742`binary | json`
1743
1744Details
1745
1746Protocol used by the OTLP/HTTP exporter.
1747
1748Key
1749
1750`otel.exporter.<id>.tls.ca-certificate`
1751
1752Type / Values
1753
1754`string`
1755
1756Details
1757
1758CA certificate path for OTEL exporter TLS.
1759
1760Key
1761
1762`otel.exporter.<id>.tls.client-certificate`
1763
1764Type / Values
1765
1766`string`
1767
1768Details
1769
1770Client certificate path for OTEL exporter TLS.
1771
1772Key
1773
1774`otel.exporter.<id>.tls.client-private-key`
1775
1776Type / Values
1777
1778`string`
1779
1780Details
1781
1782Client private key path for OTEL exporter TLS.
1783
1784Key
1785
1786`otel.log_user_prompt`
1787
1788Type / Values
1789
1790`boolean`
1791
1792Details
1793
1794Opt in to exporting raw user prompts with OpenTelemetry logs.
1795
1796Key
1797
1798`otel.metrics_exporter`
1799
1800Type / Values
1801
1802`none | statsig | otlp-http | otlp-grpc`
1803
1804Details
1805
1806Select the OpenTelemetry metrics exporter (defaults to `statsig`).
1807
1808Key
1809
1810`otel.trace_exporter`
1811
1812Type / Values
1813
1814`none | otlp-http | otlp-grpc`
1815
1816Details
1817
1818Select the OpenTelemetry trace exporter and provide any endpoint metadata.
1819
1820Key
1821
1822`otel.trace_exporter.<id>.endpoint`
1823
1824Type / Values
1825
1826`string`
1827
1828Details
1829
1830Trace exporter endpoint for OTEL logs.
1831
1832Key
1833
1834`otel.trace_exporter.<id>.headers`
1835
1836Type / Values
1837
1838`map<string,string>`
1839
1840Details
1841
1842Static headers included with OTEL trace exporter requests.
1843
1844Key
1845
1846`otel.trace_exporter.<id>.protocol`
1847
1848Type / Values
1849
1850`binary | json`
1851
1852Details
1853
1854Protocol used by the OTLP/HTTP trace exporter.
1855
1856Key
1857
1858`otel.trace_exporter.<id>.tls.ca-certificate`
1859
1860Type / Values
1861
1862`string`
1863
1864Details
1865
1866CA certificate path for OTEL trace exporter TLS.
1867
1868Key
1869
1870`otel.trace_exporter.<id>.tls.client-certificate`
1871
1872Type / Values
1873
1874`string`
1875
1876Details
1877
1878Client certificate path for OTEL trace exporter TLS.
1879
1880Key
1881
1882`otel.trace_exporter.<id>.tls.client-private-key`
1883
1884Type / Values
1885
1886`string`
1887
1888Details
1889
1890Client private key path for OTEL trace exporter TLS.
1891
1892Key
1893
1894`permissions.<name>.filesystem`
1895
1896Type / Values
1897
1898`table`
1899
1900Details
1901
1902Named filesystem permission profile. Each key is an absolute path or special token such as `:minimal` or `:project_roots`.
1903
1904Key
1905
1906`permissions.<name>.filesystem.":project_roots".<subpath>`
1907
1908Type / Values
1909
1910`"read" | "write" | "none"`
1911
1912Details
1913
1914Scoped filesystem access relative to the detected project roots. Use `"."` for the root itself.
1915
1916Key
1917
1918`permissions.<name>.filesystem.<path>`
1919
1920Type / Values
1921
1922`"read" | "write" | "none" | table`
1923
1924Details
1925
1926Grant direct access for a path or special token, or scope nested entries under that root.
1927
1928Key
1929
1930`permissions.<name>.network.allow_local_binding`
1931
1932Type / Values
1933
1934`boolean`
1935
1936Details
1937
1938Permit local bind/listen operations through the managed proxy.
1939
1940Key
1941
1942`permissions.<name>.network.allow_upstream_proxy`
1943
1944Type / Values
1945
1946`boolean`
1947
1948Details
1949
1950Allow the managed proxy to chain to another upstream proxy.
1951
1952Key
1953
1954`permissions.<name>.network.dangerously_allow_all_unix_sockets`
1955
1956Type / Values
1957
1958`boolean`
1959
1960Details
1961
1962Allow the proxy to use arbitrary Unix sockets instead of the default restricted set.
1963
1964Key
1965
1966`permissions.<name>.network.dangerously_allow_non_loopback_proxy`
1967
1968Type / Values
1969
1970`boolean`
1971
1972Details
1973
1974Permit non-loopback bind addresses for the managed proxy listener.
1975
1976Key
1977
1978`permissions.<name>.network.domains`
1979
1980Type / Values
1981
1982`map<string, allow | deny>`
1983
1984Details
1985
1986Domain rules for the managed proxy. Use domain names or wildcard patterns as keys, with `allow` or `deny` values.
1987
1988Key
1989
1990`permissions.<name>.network.enable_socks5`
1991
1992Type / Values
1993
1994`boolean`
1995
1996Details
1997
1998Expose a SOCKS5 listener when this permissions profile enables the managed network proxy.
1999
2000Key
2001
2002`permissions.<name>.network.enable_socks5_udp`
2003
2004Type / Values
2005
2006`boolean`
2007
2008Details
2009
2010Allow UDP over the SOCKS5 listener when enabled.
2011
2012Key
2013
2014`permissions.<name>.network.enabled`
2015
2016Type / Values
2017
2018`boolean`
2019
2020Details
2021
2022Enable network access for this named permissions profile.
2023
2024Key
2025
2026`permissions.<name>.network.mode`
2027
2028Type / Values
2029
2030`limited | full`
2031
2032Details
2033
2034Network proxy mode used for subprocess traffic.
2035
2036Key
2037
2038`permissions.<name>.network.proxy_url`
2039
2040Type / Values
2041
2042`string`
2043
2044Details
2045
2046HTTP proxy endpoint used when this permissions profile enables the managed network proxy.
2047
2048Key
2049
2050`permissions.<name>.network.socks_url`
2051
2052Type / Values
2053
2054`string`
2055
2056Details
2057
2058SOCKS5 proxy endpoint used by this permissions profile.
2059
2060Key
2061
2062`permissions.<name>.network.unix_sockets`
2063
2064Type / Values
2065
2066`map<string, allow | none>`
2067
2068Details
2069
2070Unix socket rules for the managed proxy. Use socket paths as keys, with `allow` or `none` values.
2071
2072Key
2073
2074`personality`
2075
2076Type / Values
2077
2078`none | friendly | pragmatic`
2079
2080Details
2081
2082Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`.
2083
2084Key
2085
2086`plan_mode_reasoning_effort`
2087
2088Type / Values
2089
2090`none | minimal | low | medium | high | xhigh`
2091
2092Details
2093
2094Plan-mode-specific reasoning override. When unset, Plan mode uses its built-in preset default.
2095
2096Key
2097
2098`profile`
2099
2100Type / Values
2101
2102`string`
2103
2104Details
2105
2106Default profile applied at startup (equivalent to `--profile`).
2107
2108Key
2109
2110`profiles.<name>.*`
2111
2112Type / Values
2113
2114`various`
2115
2116Details
2117
2118Profile-scoped overrides for any of the supported configuration keys.
2119
2120Key
2121
2122`profiles.<name>.analytics.enabled`
2123
2124Type / Values
2125
2126`boolean`
2127
2128Details
2129
2130Profile-scoped analytics enablement override.
2131
2132Key
2133
2134`profiles.<name>.experimental_use_unified_exec_tool`
2135
2136Type / Values
2137
2138`boolean`
2139
2140Details
2141
2142Legacy name for enabling unified exec; prefer `[features].unified_exec`.
2143
2144Key
2145
2146`profiles.<name>.model_catalog_json`
2147
2148Type / Values
2149
2150`string (path)`
2151
2152Details
2153
2154Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile).
2155
2156Key
2157
2158`profiles.<name>.model_instructions_file`
2159
2160Type / Values
2161
2162`string (path)`
2163
2164Details
2165
2166Profile-scoped replacement for the built-in instruction file.
2167
2168Key
2169
2170`profiles.<name>.oss_provider`
2171
2172Type / Values
2173
2174`lmstudio | ollama`
2175
2176Details
2177
2178Profile-scoped OSS provider for `--oss` sessions.
2179
2180Key
2181
2182`profiles.<name>.personality`
2183
2184Type / Values
2185
2186`none | friendly | pragmatic`
2187
2188Details
2189
2190Profile-scoped communication style override for supported models.
2191
2192Key
2193
2194`profiles.<name>.plan_mode_reasoning_effort`
2195
2196Type / Values
2197
2198`none | minimal | low | medium | high | xhigh`
2199
2200Details
2201
2202Profile-scoped Plan-mode reasoning override.
2203
2204Key
2205
2206`profiles.<name>.service_tier`
2207
2208Type / Values
2209
2210`flex | fast`
2211
2212Details
2213
2214Profile-scoped service tier preference for new turns.
2215
2216Key
2217
2218`profiles.<name>.tools_view_image`
2219
2220Type / Values
2221
2222`boolean`
2223
2224Details
2225
2226Enable or disable the `view_image` tool in that profile.
2227
2228Key
2229
2230`profiles.<name>.web_search`
2231
2232Type / Values
2233
2234`disabled | cached | live`
2235
2236Details
2237
2238Profile-scoped web search mode override (default: `"cached"`).
2239
2240Key
2241
2242`profiles.<name>.windows.sandbox`
2243
2244Type / Values
2245
2246`unelevated | elevated`
2247
2248Details
2249
2250Profile-scoped Windows sandbox mode override.
2251
2252Key
2253
2254`project_doc_fallback_filenames`
2255
2256Type / Values
2257
2258`array<string>`
2259
2260Details
2261
2262Additional filenames to try when `AGENTS.md` is missing.
2263
2264Key
2265
2266`project_doc_max_bytes`
2267
2268Type / Values
2269
2270`number`
2271
2272Details
2273
2274Maximum bytes read from `AGENTS.md` when building project instructions.
2275
2276Key
2277
2278`project_root_markers`
2279
2280Type / Values
2281
2282`array<string>`
2283
2284Details
2285
2286List of project root marker filenames; used when searching parent directories for the project root.
2287
2288Key
2289
2290`projects.<path>.trust_level`
2291
2292Type / Values
2293
2294`string`
2295
2296Details
2297
2298Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers.
2299
2300Key
2301
2302`review_model`
2303
2304Type / Values
2305
2306`string`
2307
2308Details
2309
2310Optional model override used by `/review` (defaults to the current session model).
2311
2312Key
2313
2314`sandbox_mode`
2315
2316Type / Values
2317
2318`read-only | workspace-write | danger-full-access`
2319
2320Details
2321
2322Sandbox policy for filesystem and network access during command execution.
2323
2324Key
2325
2326`sandbox_workspace_write.exclude_slash_tmp`
2327
2328Type / Values
2329
2330`boolean`
2331
2332Details
2333
2334Exclude `/tmp` from writable roots in workspace-write mode.
2335
2336Key
2337
2338`sandbox_workspace_write.exclude_tmpdir_env_var`
2339
2340Type / Values
2341
2342`boolean`
2343
2344Details
2345
2346Exclude `$TMPDIR` from writable roots in workspace-write mode.
2347
2348Key
2349
2350`sandbox_workspace_write.network_access`
2351
2352Type / Values
2353
2354`boolean`
2355
2356Details
2357
2358Allow outbound network access inside the workspace-write sandbox.
2359
2360Key
2361
2362`sandbox_workspace_write.writable_roots`
2363
2364Type / Values
2365
2366`array<string>`
2367
2368Details
2369
2370Additional writable roots when `sandbox_mode = "workspace-write"`.
2371
2372Key
2373
2374`service_tier`
2375
2376Type / Values
2377
2378`flex | fast`
2379
2380Details
2381
2382Preferred service tier for new turns.
2383
2384Key
2385
2386`shell_environment_policy.exclude`
2387
2388Type / Values
2389
2390`array<string>`
2391
2392Details
2393
2394Glob patterns for removing environment variables after the defaults.
2395
2396Key
2397
2398`shell_environment_policy.experimental_use_profile`
2399
2400Type / Values
2401
2402`boolean`
2403
2404Details
2405
2406Use the user shell profile when spawning subprocesses.
2407
2408Key
2409
2410`shell_environment_policy.ignore_default_excludes`
2411
2412Type / Values
2413
2414`boolean`
2415
2416Details
2417
2418Keep variables containing KEY/SECRET/TOKEN before other filters run.
2419
2420Key
2421
2422`shell_environment_policy.include_only`
2423
2424Type / Values
2425
2426`array<string>`
2427
2428Details
2429
2430Whitelist of patterns; when set only matching variables are kept.
2431
2432Key
2433
2434`shell_environment_policy.inherit`
2435
2436Type / Values
2437 15
243816`all | core | none`For sandbox and approval keys (`approval_policy`, `sandbox_mode`, and `sandbox_workspace_write.*`), pair this reference with [Sandbox and approvals](https://developers.openai.com/codex/agent-approvals-security#sandbox-and-approvals), [Protected paths in writable roots](https://developers.openai.com/codex/agent-approvals-security#protected-paths-in-writable-roots), and [Network access](https://developers.openai.com/codex/agent-approvals-security#network-access).
2439
2440Details
2441
2442Baseline environment inheritance when spawning subprocesses.
2443
2444Key
2445
2446`shell_environment_policy.set`
2447
2448Type / Values
2449
2450`map<string,string>`
2451
2452Details
2453
2454Explicit environment overrides injected into every subprocess.
2455
2456Key
2457
2458`show_raw_agent_reasoning`
2459
2460Type / Values
2461
2462`boolean`
2463
2464Details
2465
2466Surface raw reasoning content when the active model emits it.
2467
2468Key
2469
2470`skills.config`
2471
2472Type / Values
2473
2474`array<object>`
2475
2476Details
2477
2478Per-skill enablement overrides stored in config.toml.
2479
2480Key
2481
2482`skills.config.<index>.enabled`
2483
2484Type / Values
2485
2486`boolean`
2487
2488Details
2489
2490Enable or disable the referenced skill.
2491
2492Key
2493
2494`skills.config.<index>.path`
2495
2496Type / Values
2497
2498`string (path)`
2499
2500Details
2501
2502Path to a skill folder containing `SKILL.md`.
2503
2504Key
2505
2506`sqlite_home`
2507
2508Type / Values
2509
2510`string (path)`
2511
2512Details
2513
2514Directory where Codex stores the SQLite-backed state DB used by agent jobs and other resumable runtime state.
2515
2516Key
2517
2518`suppress_unstable_features_warning`
2519
2520Type / Values
2521
2522`boolean`
2523
2524Details
2525
2526Suppress the warning that appears when under-development feature flags are enabled.
2527
2528Key
2529
2530`tool_output_token_limit`
2531
2532Type / Values
2533
2534`number`
2535
2536Details
2537
2538Token budget for storing individual tool/function outputs in history.
2539
2540Key
2541
2542`tool_suggest.discoverables`
2543
2544Type / Values
2545
2546`array<table>`
2547
2548Details
2549
2550Allow tool suggestions for additional discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`.
2551
2552Key
2553
2554`tools.view_image`
2555
2556Type / Values
2557
2558`boolean`
2559
2560Details
2561
2562Enable the local-image attachment tool `view_image`.
2563
2564Key
2565
2566`tools.web_search`
2567
2568Type / Values
2569
2570`boolean | { context_size = "low|medium|high", allowed_domains = [string], location = { country, region, city, timezone } }`
2571
2572Details
2573
2574Optional web search tool configuration. The legacy boolean form is still accepted, but the object form lets you set search context size, allowed domains, and approximate user location.
2575
2576Key
2577
2578`tui`
2579
2580Type / Values
2581
2582`table`
2583
2584Details
2585
2586TUI-specific options such as enabling inline desktop notifications.
2587
2588Key
2589
2590`tui.alternate_screen`
2591
2592Type / Values
2593
2594`auto | always | never`
2595
2596Details
2597
2598Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback).
2599
2600Key
2601
2602`tui.animations`
2603
2604Type / Values
2605
2606`boolean`
2607
2608Details
2609
2610Enable terminal animations (welcome screen, shimmer, spinner) (default: true).
2611
2612Key
2613
2614`tui.model_availability_nux.<model>`
2615
2616Type / Values
2617
2618`integer`
2619
2620Details
2621
2622Internal startup-tooltip state keyed by model slug.
2623
2624Key
2625
2626`tui.notification_method`
2627
2628Type / Values
2629
2630`auto | osc9 | bel`
2631
2632Details
2633
2634Notification method for unfocused terminal notifications (default: auto).
2635
2636Key
2637
2638`tui.notifications`
2639
2640Type / Values
2641
2642`boolean | array<string>`
2643
2644Details
2645
2646Enable TUI notifications; optionally restrict to specific event types.
2647
2648Key
2649
2650`tui.show_tooltips`
2651
2652Type / Values
2653
2654`boolean`
2655
2656Details
2657
2658Show onboarding tooltips in the TUI welcome screen (default: true).
2659
2660Key
2661
2662`tui.status_line`
2663
2664Type / Values
2665
2666`array<string> | null`
2667
2668Details
2669
2670Ordered list of TUI footer status-line item identifiers. `null` disables the status line.
2671
2672Key
2673
2674`tui.terminal_title`
2675
2676Type / Values
2677
2678`array<string> | null`
2679
2680Details
2681
2682Ordered list of terminal window/tab title item identifiers. Defaults to `["spinner", "project"]`; `null` disables title updates.
2683
2684Key
2685
2686`tui.theme`
2687
2688Type / Values
2689
2690`string`
2691
2692Details
2693
2694Syntax-highlighting theme override (kebab-case theme name).
2695
2696Key
2697
2698`web_search`
2699
2700Type / Values
2701
2702`disabled | cached | live`
2703
2704Details
2705
2706Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool.
2707
2708Key
2709
2710`windows_wsl_setup_acknowledged`
2711
2712Type / Values
2713
2714`boolean`
2715
2716Details
2717
2718Track Windows onboarding acknowledgement (Windows only).
2719
2720Key
2721
2722`windows.sandbox`
2723
2724Type / Values
2725
2726`unelevated | elevated`
2727
2728Details
2729
2730Windows-only native sandbox mode when running Codex natively on Windows.
2731
2732Key
2733
2734`windows.sandbox_private_desktop`
2735
2736Type / Values
2737
2738`boolean`
2739
2740Details
2741
2742Run the final sandboxed child process on a private desktop by default on native Windows. Set `false` only for compatibility with the older `Winsta0\\Default` behavior.
2743 17
274418Expand to view all<ConfigTable
19 options={[
20 {
21 key: "model",
22 type: "string",
23 description: "Model to use (e.g., `gpt-5.5`).",
24 },
25 {
26 key: "review_model",
27 type: "string",
28 description:
29 "Optional model override used by `/review` (defaults to the current session model).",
30 },
31 {
32 key: "model_provider",
33 type: "string",
34 description: "Provider id from `model_providers` (default: `openai`).",
35 },
36 {
37 key: "openai_base_url",
38 type: "string",
39 description:
40 "Base URL override for the built-in `openai` model provider.",
41 },
42 {
43 key: "model_context_window",
44 type: "number",
45 description: "Context window tokens available to the active model.",
46 },
47 {
48 key: "model_auto_compact_token_limit",
49 type: "number",
50 description:
51 "Token threshold that triggers automatic history compaction (unset uses model defaults).",
52 },
53 {
54 key: "model_catalog_json",
55 type: "string (path)",
56 description:
57 "Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile.",
58 },
59 {
60 key: "oss_provider",
61 type: "lmstudio | ollama",
62 description:
63 "Default local provider used when running with `--oss` (defaults to prompting if unset).",
64 },
65 {
66 key: "approval_policy",
67 type: "untrusted | on-request | never | { granular = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool, request_permissions = bool, skill_approval = bool } }",
68 description:
69 "Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { granular = { ... } }` to allow or auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs.",
70 },
71 {
72 key: "approval_policy.granular.sandbox_approval",
73 type: "boolean",
74 description:
75 "When `true`, sandbox escalation approval prompts are allowed to surface.",
76 },
77 {
78 key: "approval_policy.granular.rules",
79 type: "boolean",
80 description:
81 "When `true`, approvals triggered by execpolicy `prompt` rules are allowed to surface.",
82 },
83 {
84 key: "approval_policy.granular.mcp_elicitations",
85 type: "boolean",
86 description:
87 "When `true`, MCP elicitation prompts are allowed to surface instead of being auto-rejected.",
88 },
89 {
90 key: "approval_policy.granular.request_permissions",
91 type: "boolean",
92 description:
93 "When `true`, prompts from the `request_permissions` tool are allowed to surface.",
94 },
95 {
96 key: "approval_policy.granular.skill_approval",
97 type: "boolean",
98 description:
99 "When `true`, skill-script approval prompts are allowed to surface.",
100 },
101 {
102 key: "approvals_reviewer",
103 type: "user | auto_review",
104 description:
105 "Who reviews eligible approval prompts under `on-request` or granular approval policies. Defaults to `user`; `auto_review` uses the reviewer subagent. This setting doesn't change sandboxing or review actions already allowed inside the sandbox.",
106 },
107 {
108 key: "auto_review.policy",
109 type: "string",
110 description:
111 "Local Markdown policy instructions for automatic review. Managed `guardian_policy_config` takes precedence. Blank values are ignored.",
112 },
113 {
114 key: "allow_login_shell",
115 type: "boolean",
116 description:
117 "Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells.",
118 },
119 {
120 key: "sandbox_mode",
121 type: "read-only | workspace-write | danger-full-access",
122 description:
123 "Sandbox policy for filesystem and network access during command execution.",
124 },
125 {
126 key: "sandbox_workspace_write.writable_roots",
127 type: "array<string>",
128 description:
129 'Additional writable roots when `sandbox_mode = "workspace-write"`.',
130 },
131 {
132 key: "sandbox_workspace_write.network_access",
133 type: "boolean",
134 description:
135 "Allow outbound network access inside the workspace-write sandbox.",
136 },
137 {
138 key: "sandbox_workspace_write.exclude_tmpdir_env_var",
139 type: "boolean",
140 description:
141 "Exclude `$TMPDIR` from writable roots in workspace-write mode.",
142 },
143 {
144 key: "sandbox_workspace_write.exclude_slash_tmp",
145 type: "boolean",
146 description:
147 "Exclude `/tmp` from writable roots in workspace-write mode.",
148 },
149 {
150 key: "windows.sandbox",
151 type: "unelevated | elevated",
152 description:
153 "Windows-only native sandbox mode when running Codex natively on Windows.",
154 },
155 {
156 key: "windows.sandbox_private_desktop",
157 type: "boolean",
158 description:
159 "Run the final sandboxed child process on a private desktop by default on native Windows. Set `false` only for compatibility with the older `Winsta0\\\\Default` behavior.",
160 },
161 {
162 key: "notify",
163 type: "array<string>",
164 description:
165 "Command invoked for notifications; receives a JSON payload from Codex.",
166 },
167 {
168 key: "check_for_update_on_startup",
169 type: "boolean",
170 description:
171 "Check for Codex updates on startup (set to false only when updates are centrally managed).",
172 },
173 {
174 key: "feedback.enabled",
175 type: "boolean",
176 description:
177 "Enable feedback submission via `/feedback` across Codex surfaces (default: true).",
178 },
179 {
180 key: "analytics.enabled",
181 type: "boolean",
182 description:
183 "Enable or disable analytics for this machine/profile. When unset, the client default applies.",
184 },
185 {
186 key: "instructions",
187 type: "string",
188 description:
189 "Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`.",
190 },
191 {
192 key: "developer_instructions",
193 type: "string",
194 description:
195 "Additional developer instructions injected into the session (optional).",
196 },
197 {
198 key: "log_dir",
199 type: "string (path)",
200 description:
201 "Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`.",
202 },
203 {
204 key: "sqlite_home",
205 type: "string (path)",
206 description:
207 "Directory where Codex stores the SQLite-backed state DB used by agent jobs and other resumable runtime state.",
208 },
209 {
210 key: "compact_prompt",
211 type: "string",
212 description: "Inline override for the history compaction prompt.",
213 },
214 {
215 key: "commit_attribution",
216 type: "string",
217 description:
218 'Commit co-author trailer used when `[features].codex_git_commit` is enabled. Defaults to `Codex <noreply@openai.com>`; set `""` to disable.',
219 },
220 {
221 key: "model_instructions_file",
222 type: "string (path)",
223 description:
224 "Replacement for built-in instructions instead of `AGENTS.md`.",
225 },
226 {
227 key: "personality",
228 type: "none | friendly | pragmatic",
229 description:
230 "Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`.",
231 },
232 {
233 key: "service_tier",
234 type: "string",
235 description:
236 "Preferred service tier for new turns. Built-in values include `flex` and `fast`; legacy `fast` config maps to the request value `priority`, and catalog-provided tier IDs can also be stored.",
237 },
238 {
239 key: "experimental_compact_prompt_file",
240 type: "string (path)",
241 description:
242 "Load the compaction prompt override from a file (experimental).",
243 },
244 {
245 key: "skills.config",
246 type: "array<object>",
247 description: "Per-skill enablement overrides stored in config.toml.",
248 },
249 {
250 key: "skills.config.<index>.path",
251 type: "string (path)",
252 description: "Path to a skill folder containing `SKILL.md`.",
253 },
254 {
255 key: "skills.config.<index>.enabled",
256 type: "boolean",
257 description: "Enable or disable the referenced skill.",
258 },
259 {
260 key: "apps.<id>.enabled",
261 type: "boolean",
262 description:
263 "Enable or disable a specific app/connector by id (default: true).",
264 },
265 {
266 key: "apps._default.enabled",
267 type: "boolean",
268 description:
269 "Default app enabled state for all apps unless overridden per app.",
270 },
271 {
272 key: "apps._default.destructive_enabled",
273 type: "boolean",
274 description:
275 "Default allow/deny for app tools with `destructive_hint = true`.",
276 },
277 {
278 key: "apps._default.open_world_enabled",
279 type: "boolean",
280 description:
281 "Default allow/deny for app tools with `open_world_hint = true`.",
282 },
283 {
284 key: "apps.<id>.destructive_enabled",
285 type: "boolean",
286 description:
287 "Allow or block tools in this app that advertise `destructive_hint = true`.",
288 },
289 {
290 key: "apps.<id>.open_world_enabled",
291 type: "boolean",
292 description:
293 "Allow or block tools in this app that advertise `open_world_hint = true`.",
294 },
295 {
296 key: "apps.<id>.default_tools_enabled",
297 type: "boolean",
298 description:
299 "Default enabled state for tools in this app unless a per-tool override exists.",
300 },
301 {
302 key: "apps.<id>.default_tools_approval_mode",
303 type: "auto | prompt | approve",
304 description:
305 "Default approval behavior for tools in this app unless a per-tool override exists.",
306 },
307 {
308 key: "apps.<id>.tools.<tool>.enabled",
309 type: "boolean",
310 description:
311 "Per-tool enabled override for an app tool (for example `repos/list`).",
312 },
313 {
314 key: "apps.<id>.tools.<tool>.approval_mode",
315 type: "auto | prompt | approve",
316 description: "Per-tool approval behavior override for a single app tool.",
317 },
318 {
319 key: "tool_suggest.discoverables",
320 type: "array<table>",
321 description:
322 'Allow tool suggestions for additional discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`.',
323 },
324 {
325 key: "tool_suggest.disabled_tools",
326 type: "array<table>",
327 description:
328 'Disable suggestions for specific discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`.',
329 },
330 {
331 key: "features.apps",
332 type: "boolean",
333 description: "Enable ChatGPT Apps/connectors support (experimental).",
334 },
335 {
336 key: "features.hooks",
337 type: "boolean",
338 description:
339 "Enable lifecycle hooks loaded from `hooks.json` or inline `[hooks]` config. `features.codex_hooks` is a deprecated alias.",
340 },
341 {
342 key: "features.codex_git_commit",
343 type: "boolean",
344 description:
345 "Enable Codex-generated git commits. When enabled, Codex uses `commit_attribution` to append a `Co-authored-by:` trailer to generated commit messages.",
346 },
347 {
348 key: "hooks",
349 type: "table",
350 description:
351 "Lifecycle hooks configured inline in `config.toml`. Uses the same event schema as `hooks.json`; see the Hooks guide for examples and supported events.",
352 },
353 {
354 key: "features.plugin_hooks",
355 type: "boolean",
356 description:
357 "Opt into lifecycle hooks bundled with enabled plugins. Off by default in this release; set to `true` to opt in.",
358 },
359 {
360 key: "features.memories",
361 type: "boolean",
362 description: "Enable [Memories](https://developers.openai.com/codex/memories) (off by default).",
363 },
364 {
365 key: "mcp_servers.<id>.command",
366 type: "string",
367 description: "Launcher command for an MCP stdio server.",
368 },
369 {
370 key: "mcp_servers.<id>.args",
371 type: "array<string>",
372 description: "Arguments passed to the MCP stdio server command.",
373 },
374 {
375 key: "mcp_servers.<id>.env",
376 type: "map<string,string>",
377 description: "Environment variables forwarded to the MCP stdio server.",
378 },
379 {
380 key: "mcp_servers.<id>.env_vars",
381 type: 'array<string | { name = string, source = "local" | "remote" }>',
382 description:
383 'Additional environment variables to whitelist for an MCP stdio server. String entries default to `source = "local"`; use `source = "remote"` only with executor-backed remote stdio.',
384 },
385 {
386 key: "mcp_servers.<id>.cwd",
387 type: "string",
388 description: "Working directory for the MCP stdio server process.",
389 },
390 {
391 key: "mcp_servers.<id>.url",
392 type: "string",
393 description: "Endpoint for an MCP streamable HTTP server.",
394 },
395 {
396 key: "mcp_servers.<id>.bearer_token_env_var",
397 type: "string",
398 description:
399 "Environment variable sourcing the bearer token for an MCP HTTP server.",
400 },
401 {
402 key: "mcp_servers.<id>.http_headers",
403 type: "map<string,string>",
404 description: "Static HTTP headers included with each MCP HTTP request.",
405 },
406 {
407 key: "mcp_servers.<id>.env_http_headers",
408 type: "map<string,string>",
409 description:
410 "HTTP headers populated from environment variables for an MCP HTTP server.",
411 },
412 {
413 key: "mcp_servers.<id>.enabled",
414 type: "boolean",
415 description: "Disable an MCP server without removing its configuration.",
416 },
417 {
418 key: "mcp_servers.<id>.required",
419 type: "boolean",
420 description:
421 "When true, fail startup/resume if this enabled MCP server cannot initialize.",
422 },
423 {
424 key: "mcp_servers.<id>.startup_timeout_sec",
425 type: "number",
426 description:
427 "Override the default 10s startup timeout for an MCP server.",
428 },
429 {
430 key: "mcp_servers.<id>.startup_timeout_ms",
431 type: "number",
432 description: "Alias for `startup_timeout_sec` in milliseconds.",
433 },
434 {
435 key: "mcp_servers.<id>.tool_timeout_sec",
436 type: "number",
437 description:
438 "Override the default 60s per-tool timeout for an MCP server.",
439 },
440 {
441 key: "mcp_servers.<id>.enabled_tools",
442 type: "array<string>",
443 description: "Allow list of tool names exposed by the MCP server.",
444 },
445 {
446 key: "mcp_servers.<id>.disabled_tools",
447 type: "array<string>",
448 description:
449 "Deny list applied after `enabled_tools` for the MCP server.",
450 },
451 {
452 key: "mcp_servers.<id>.default_tools_approval_mode",
453 type: "auto | prompt | approve",
454 description:
455 "Default approval behavior for MCP tools on this server unless a per-tool override exists.",
456 },
457 {
458 key: "mcp_servers.<id>.tools.<tool>.approval_mode",
459 type: "auto | prompt | approve",
460 description:
461 "Per-tool approval behavior override for one MCP tool on this server.",
462 },
463 {
464 key: "mcp_servers.<id>.scopes",
465 type: "array<string>",
466 description:
467 "OAuth scopes to request when authenticating to that MCP server.",
468 },
469 {
470 key: "mcp_servers.<id>.oauth_resource",
471 type: "string",
472 description:
473 "Optional RFC 8707 OAuth resource parameter to include during MCP login.",
474 },
475 {
476 key: "mcp_servers.<id>.experimental_environment",
477 type: "local | remote",
478 description:
479 "Experimental placement for an MCP server. `remote` starts stdio servers through a remote executor environment; streamable HTTP remote placement is not implemented.",
480 },
481 {
482 key: "agents.max_threads",
483 type: "number",
484 description:
485 "Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset.",
486 },
487 {
488 key: "agents.max_depth",
489 type: "number",
490 description:
491 "Maximum nesting depth allowed for spawned agent threads (root sessions start at depth 0; default: 1).",
492 },
493 {
494 key: "agents.job_max_runtime_seconds",
495 type: "number",
496 description:
497 "Default per-worker timeout for `spawn_agents_on_csv` jobs. When unset, the tool falls back to 1800 seconds per worker.",
498 },
499 {
500 key: "agents.<name>.description",
501 type: "string",
502 description:
503 "Role guidance shown to Codex when choosing and spawning that agent type.",
504 },
505 {
506 key: "agents.<name>.config_file",
507 type: "string (path)",
508 description:
509 "Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role.",
510 },
511 {
512 key: "agents.<name>.nickname_candidates",
513 type: "array<string>",
514 description:
515 "Optional pool of display nicknames for spawned agents in that role.",
516 },
517 {
518 key: "memories.generate_memories",
519 type: "boolean",
520 description:
521 "When `false`, newly created threads are not stored as memory-generation inputs. Defaults to `true`.",
522 },
523 {
524 key: "memories.use_memories",
525 type: "boolean",
526 description:
527 "When `false`, Codex skips injecting existing memories into future sessions. Defaults to `true`.",
528 },
529 {
530 key: "memories.disable_on_external_context",
531 type: "boolean",
532 description:
533 "When `true`, threads that use external context such as MCP tool calls, web search, or tool search are kept out of memory generation. Defaults to `false`. Legacy alias: `memories.no_memories_if_mcp_or_web_search`.",
534 },
535 {
536 key: "memories.max_raw_memories_for_consolidation",
537 type: "number",
538 description:
539 "Maximum recent raw memories retained for global consolidation. Defaults to `256` and is capped at `4096`.",
540 },
541 {
542 key: "memories.max_unused_days",
543 type: "number",
544 description:
545 "Maximum days since a memory was last used before it becomes ineligible for consolidation. Defaults to `30` and is clamped to `0`-`365`.",
546 },
547 {
548 key: "memories.max_rollout_age_days",
549 type: "number",
550 description:
551 "Maximum age of threads considered for memory generation. Defaults to `30` and is clamped to `0`-`90`.",
552 },
553 {
554 key: "memories.max_rollouts_per_startup",
555 type: "number",
556 description:
557 "Maximum rollout candidates processed per startup pass. Defaults to `16` and is capped at `128`.",
558 },
559 {
560 key: "memories.min_rollout_idle_hours",
561 type: "number",
562 description:
563 "Minimum idle time before a thread is considered for memory generation. Defaults to `6` and is clamped to `1`-`48`.",
564 },
565 {
566 key: "memories.min_rate_limit_remaining_percent",
567 type: "number",
568 description:
569 "Minimum remaining percentage required in Codex rate-limit windows before memory generation starts. Defaults to `25` and is clamped to `0`-`100`.",
570 },
571 {
572 key: "memories.extract_model",
573 type: "string",
574 description: "Optional model override for per-thread memory extraction.",
575 },
576 {
577 key: "memories.consolidation_model",
578 type: "string",
579 description: "Optional model override for global memory consolidation.",
580 },
581 {
582 key: "features.unified_exec",
583 type: "boolean",
584 description:
585 "Use the unified PTY-backed exec tool (stable; enabled by default except on Windows).",
586 },
587 {
588 key: "features.shell_snapshot",
589 type: "boolean",
590 description:
591 "Snapshot shell environment to speed up repeated commands (stable; on by default).",
592 },
593 {
594 key: "features.undo",
595 type: "boolean",
596 description: "Enable undo support (stable; off by default).",
597 },
598 {
599 key: "features.multi_agent",
600 type: "boolean",
601 description:
602 "Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait_agent`, and `close_agent`) (stable; on by default).",
603 },
604 {
605 key: "features.personality",
606 type: "boolean",
607 description:
608 "Enable personality selection controls (stable; on by default).",
609 },
610 {
611 key: "features.network_proxy",
612 type: "boolean | table",
613 description:
614 "Enable sandboxed networking. Use a table form when setting network policy options such as `domains` (experimental; off by default).",
615 },
616 {
617 key: "features.network_proxy.enabled",
618 type: "boolean",
619 description: "Enable sandboxed networking. Defaults to `false`.",
620 },
621 {
622 key: "features.network_proxy.domains",
623 type: "map<string, allow | deny>",
624 description:
625 "Domain policy for sandboxed networking. Unset by default, which means no external destinations are allowed until you add `allow` rules. Supports exact hosts, `*.example.com` for subdomains only, `**.example.com` for apex plus subdomains, and global `*` allow rules; prefer scoped rules because `*` broadly opens public outbound access. Add `deny` rules for blocked destinations; `deny` wins on conflicts.",
626 },
627 {
628 key: "features.network_proxy.unix_sockets",
629 type: "map<string, allow | none>",
630 description:
631 "Unix socket policy for sandboxed networking. Unset by default; add `allow` entries for permitted sockets.",
632 },
633 {
634 key: "features.network_proxy.allow_local_binding",
635 type: "boolean",
636 description:
637 "Allow broader local/private-network access. Defaults to `false`; exact local IP literal or `localhost` allow rules can still permit specific local targets.",
638 },
639 {
640 key: "features.network_proxy.enable_socks5",
641 type: "boolean",
642 description: "Expose SOCKS5 support. Defaults to `true`.",
643 },
644 {
645 key: "features.network_proxy.enable_socks5_udp",
646 type: "boolean",
647 description: "Allow UDP over SOCKS5. Defaults to `true`.",
648 },
649 {
650 key: "features.network_proxy.allow_upstream_proxy",
651 type: "boolean",
652 description:
653 "Allow chaining through an upstream proxy from the environment. Defaults to `true`.",
654 },
655 {
656 key: "features.network_proxy.dangerously_allow_non_loopback_proxy",
657 type: "boolean",
658 description:
659 "Permit non-loopback listener addresses. Defaults to `false`; enabling it can expose proxy listeners beyond localhost.",
660 },
661 {
662 key: "features.network_proxy.dangerously_allow_all_unix_sockets",
663 type: "boolean",
664 description:
665 "Permit arbitrary Unix socket destinations instead of allowlist-only access. Defaults to `false`; use only in tightly controlled environments.",
666 },
667 {
668 key: "features.network_proxy.proxy_url",
669 type: "string",
670 description:
671 'HTTP listener URL for sandboxed networking. Defaults to `"http://127.0.0.1:3128"`.',
672 },
673 {
674 key: "features.network_proxy.socks_url",
675 type: "string",
676 description:
677 'SOCKS5 listener URL. Defaults to `"http://127.0.0.1:8081"`.',
678 },
679 {
680 key: "features.web_search",
681 type: "boolean",
682 description:
683 "Deprecated legacy toggle; prefer the top-level `web_search` setting.",
684 },
685 {
686 key: "features.web_search_cached",
687 type: "boolean",
688 description:
689 'Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`.',
690 },
691 {
692 key: "features.web_search_request",
693 type: "boolean",
694 description:
695 'Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`.',
696 },
697 {
698 key: "features.shell_tool",
699 type: "boolean",
700 description:
701 "Enable the default `shell` tool for running commands (stable; on by default).",
702 },
703 {
704 key: "features.enable_request_compression",
705 type: "boolean",
706 description:
707 "Compress streaming request bodies with zstd when supported (stable; on by default).",
708 },
709 {
710 key: "features.skill_mcp_dependency_install",
711 type: "boolean",
712 description:
713 "Allow prompting and installing missing MCP dependencies for skills (stable; on by default).",
714 },
715 {
716 key: "features.fast_mode",
717 type: "boolean",
718 description:
719 "Enable model-catalog service tier selection in the TUI, including Fast-tier commands when the active model advertises them (stable; on by default).",
720 },
721 {
722 key: "features.prevent_idle_sleep",
723 type: "boolean",
724 description:
725 "Prevent the machine from sleeping while a turn is actively running (experimental; off by default).",
726 },
727 {
728 key: "suppress_unstable_features_warning",
729 type: "boolean",
730 description:
731 "Suppress the warning that appears when under-development feature flags are enabled.",
732 },
733 {
734 key: "model_providers.<id>",
735 type: "table",
736 description:
737 "Custom provider definition. Built-in provider IDs (`openai`, `ollama`, and `lmstudio`) are reserved and cannot be overridden.",
738 },
739 {
740 key: "model_providers.<id>.name",
741 type: "string",
742 description: "Display name for a custom model provider.",
743 },
744 {
745 key: "model_providers.<id>.base_url",
746 type: "string",
747 description: "API base URL for the model provider.",
748 },
749 {
750 key: "model_providers.<id>.env_key",
751 type: "string",
752 description: "Environment variable supplying the provider API key.",
753 },
754 {
755 key: "model_providers.<id>.env_key_instructions",
756 type: "string",
757 description: "Optional setup guidance for the provider API key.",
758 },
759 {
760 key: "model_providers.<id>.experimental_bearer_token",
761 type: "string",
762 description:
763 "Direct bearer token for the provider (discouraged; use `env_key`).",
764 },
765 {
766 key: "model_providers.<id>.requires_openai_auth",
767 type: "boolean",
768 description:
769 "The provider uses OpenAI authentication (defaults to false).",
770 },
771 {
772 key: "model_providers.<id>.wire_api",
773 type: "responses",
774 description:
775 "Protocol used by the provider. `responses` is the only supported value, and it is the default when omitted.",
776 },
777 {
778 key: "model_providers.<id>.query_params",
779 type: "map<string,string>",
780 description: "Extra query parameters appended to provider requests.",
781 },
782 {
783 key: "model_providers.<id>.http_headers",
784 type: "map<string,string>",
785 description: "Static HTTP headers added to provider requests.",
786 },
787 {
788 key: "model_providers.<id>.env_http_headers",
789 type: "map<string,string>",
790 description:
791 "HTTP headers populated from environment variables when present.",
792 },
793 {
794 key: "model_providers.<id>.request_max_retries",
795 type: "number",
796 description:
797 "Retry count for HTTP requests to the provider (default: 4).",
798 },
799 {
800 key: "model_providers.<id>.stream_max_retries",
801 type: "number",
802 description: "Retry count for SSE streaming interruptions (default: 5).",
803 },
804 {
805 key: "model_providers.<id>.stream_idle_timeout_ms",
806 type: "number",
807 description:
808 "Idle timeout for SSE streams in milliseconds (default: 300000).",
809 },
810 {
811 key: "model_providers.<id>.supports_websockets",
812 type: "boolean",
813 description:
814 "Whether that provider supports the Responses API WebSocket transport.",
815 },
816 {
817 key: "model_providers.<id>.auth",
818 type: "table",
819 description:
820 "Command-backed bearer token configuration for a custom provider. Do not combine with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`.",
821 },
822 {
823 key: "model_providers.<id>.auth.command",
824 type: "string",
825 description:
826 "Command to run when Codex needs a bearer token. The command must print the token to stdout.",
827 },
828 {
829 key: "model_providers.<id>.auth.args",
830 type: "array<string>",
831 description: "Arguments passed to the token command.",
832 },
833 {
834 key: "model_providers.<id>.auth.timeout_ms",
835 type: "number",
836 description:
837 "Maximum token command runtime in milliseconds (default: 5000).",
838 },
839 {
840 key: "model_providers.<id>.auth.refresh_interval_ms",
841 type: "number",
842 description:
843 "How often Codex proactively refreshes the token in milliseconds (default: 300000). Set to `0` to refresh only after an authentication retry.",
844 },
845 {
846 key: "model_providers.<id>.auth.cwd",
847 type: "string (path)",
848 description: "Working directory for the token command.",
849 },
850 {
851 key: "model_providers.amazon-bedrock.aws.profile",
852 type: "string",
853 description:
854 "AWS profile name used by the built-in `amazon-bedrock` provider.",
855 },
856 {
857 key: "model_providers.amazon-bedrock.aws.region",
858 type: "string",
859 description: "AWS region used by the built-in `amazon-bedrock` provider.",
860 },
861 {
862 key: "model_reasoning_effort",
863 type: "minimal | low | medium | high | xhigh",
864 description:
865 "Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent).",
866 },
867 {
868 key: "plan_mode_reasoning_effort",
869 type: "none | minimal | low | medium | high | xhigh",
870 description:
871 "Plan-mode-specific reasoning override. When unset, Plan mode uses its built-in preset default.",
872 },
873 {
874 key: "model_reasoning_summary",
875 type: "auto | concise | detailed | none",
876 description:
877 "Select reasoning summary detail or disable summaries entirely.",
878 },
879 {
880 key: "model_verbosity",
881 type: "low | medium | high",
882 description:
883 "Optional GPT-5 Responses API verbosity override; when unset, the selected model/preset default is used.",
884 },
885 {
886 key: "model_supports_reasoning_summaries",
887 type: "boolean",
888 description: "Force Codex to send or not send reasoning metadata.",
889 },
890 {
891 key: "shell_environment_policy.inherit",
892 type: "all | core | none",
893 description:
894 "Baseline environment inheritance when spawning subprocesses.",
895 },
896 {
897 key: "shell_environment_policy.ignore_default_excludes",
898 type: "boolean",
899 description:
900 "Keep variables containing KEY/SECRET/TOKEN before other filters run.",
901 },
902 {
903 key: "shell_environment_policy.exclude",
904 type: "array<string>",
905 description:
906 "Glob patterns for removing environment variables after the defaults.",
907 },
908 {
909 key: "shell_environment_policy.include_only",
910 type: "array<string>",
911 description:
912 "Whitelist of patterns; when set only matching variables are kept.",
913 },
914 {
915 key: "shell_environment_policy.set",
916 type: "map<string,string>",
917 description:
918 "Explicit environment overrides injected into every subprocess.",
919 },
920 {
921 key: "shell_environment_policy.experimental_use_profile",
922 type: "boolean",
923 description: "Use the user shell profile when spawning subprocesses.",
924 },
925 {
926 key: "project_root_markers",
927 type: "array<string>",
928 description:
929 "List of project root marker filenames; used when searching parent directories for the project root.",
930 },
931 {
932 key: "project_doc_max_bytes",
933 type: "number",
934 description:
935 "Maximum bytes read from `AGENTS.md` when building project instructions.",
936 },
937 {
938 key: "project_doc_fallback_filenames",
939 type: "array<string>",
940 description: "Additional filenames to try when `AGENTS.md` is missing.",
941 },
942 {
943 key: "profile",
944 type: "string",
945 description:
946 "Default profile applied at startup (equivalent to `--profile`).",
947 },
948 {
949 key: "profiles.<name>.*",
950 type: "various",
951 description:
952 "Profile-scoped overrides for any of the supported configuration keys.",
953 },
954 {
955 key: "profiles.<name>.service_tier",
956 type: "string",
957 description: "Profile-scoped service tier preference for new turns.",
958 },
959 {
960 key: "profiles.<name>.plan_mode_reasoning_effort",
961 type: "none | minimal | low | medium | high | xhigh",
962 description: "Profile-scoped Plan-mode reasoning override.",
963 },
964 {
965 key: "profiles.<name>.web_search",
966 type: "disabled | cached | live",
967 description:
968 'Profile-scoped web search mode override (default: `"cached"`).',
969 },
970 {
971 key: "profiles.<name>.personality",
972 type: "none | friendly | pragmatic",
973 description:
974 "Profile-scoped communication style override for supported models.",
975 },
976 {
977 key: "profiles.<name>.model_catalog_json",
978 type: "string (path)",
979 description:
980 "Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile).",
981 },
982 {
983 key: "profiles.<name>.model_instructions_file",
984 type: "string (path)",
985 description:
986 "Profile-scoped replacement for the built-in instruction file.",
987 },
988 {
989 key: "profiles.<name>.experimental_use_unified_exec_tool",
990 type: "boolean",
991 description:
992 "Legacy name for enabling unified exec; prefer `[features].unified_exec`.",
993 },
994 {
995 key: "profiles.<name>.oss_provider",
996 type: "lmstudio | ollama",
997 description: "Profile-scoped OSS provider for `--oss` sessions.",
998 },
999 {
1000 key: "profiles.<name>.tools_view_image",
1001 type: "boolean",
1002 description: "Enable or disable the `view_image` tool in that profile.",
1003 },
1004 {
1005 key: "profiles.<name>.analytics.enabled",
1006 type: "boolean",
1007 description: "Profile-scoped analytics enablement override.",
1008 },
1009 {
1010 key: "profiles.<name>.windows.sandbox",
1011 type: "unelevated | elevated",
1012 description: "Profile-scoped Windows sandbox mode override.",
1013 },
1014 {
1015 key: "history.persistence",
1016 type: "save-all | none",
1017 description:
1018 "Control whether Codex saves session transcripts to history.jsonl.",
1019 },
1020 {
1021 key: "tool_output_token_limit",
1022 type: "number",
1023 description:
1024 "Token budget for storing individual tool/function outputs in history.",
1025 },
1026 {
1027 key: "background_terminal_max_timeout",
1028 type: "number",
1029 description:
1030 "Maximum poll window in milliseconds for empty `write_stdin` polls (background terminal polling). Default: `300000` (5 minutes). Replaces the older `background_terminal_timeout` key.",
1031 },
1032 {
1033 key: "history.max_bytes",
1034 type: "number",
1035 description:
1036 "If set, caps the history file size in bytes by dropping oldest entries.",
1037 },
1038 {
1039 key: "file_opener",
1040 type: "vscode | vscode-insiders | windsurf | cursor | none",
1041 description:
1042 "URI scheme used to open citations from Codex output (default: `vscode`).",
1043 },
1044 {
1045 key: "otel.environment",
1046 type: "string",
1047 description:
1048 "Environment tag applied to emitted OpenTelemetry events (default: `dev`).",
1049 },
1050 {
1051 key: "otel.exporter",
1052 type: "none | otlp-http | otlp-grpc",
1053 description:
1054 "Select the OpenTelemetry exporter and provide any endpoint metadata.",
1055 },
1056 {
1057 key: "otel.trace_exporter",
1058 type: "none | otlp-http | otlp-grpc",
1059 description:
1060 "Select the OpenTelemetry trace exporter and provide any endpoint metadata.",
1061 },
1062 {
1063 key: "otel.metrics_exporter",
1064 type: "none | statsig | otlp-http | otlp-grpc",
1065 description:
1066 "Select the OpenTelemetry metrics exporter (defaults to `statsig`).",
1067 },
1068 {
1069 key: "otel.log_user_prompt",
1070 type: "boolean",
1071 description:
1072 "Opt in to exporting raw user prompts with OpenTelemetry logs.",
1073 },
1074 {
1075 key: "otel.exporter.<id>.endpoint",
1076 type: "string",
1077 description: "Exporter endpoint for OTEL logs.",
1078 },
1079 {
1080 key: "otel.exporter.<id>.protocol",
1081 type: "binary | json",
1082 description: "Protocol used by the OTLP/HTTP exporter.",
1083 },
1084 {
1085 key: "otel.exporter.<id>.headers",
1086 type: "map<string,string>",
1087 description: "Static headers included with OTEL exporter requests.",
1088 },
1089 {
1090 key: "otel.trace_exporter.<id>.endpoint",
1091 type: "string",
1092 description: "Trace exporter endpoint for OTEL logs.",
1093 },
1094 {
1095 key: "otel.trace_exporter.<id>.protocol",
1096 type: "binary | json",
1097 description: "Protocol used by the OTLP/HTTP trace exporter.",
1098 },
1099 {
1100 key: "otel.trace_exporter.<id>.headers",
1101 type: "map<string,string>",
1102 description: "Static headers included with OTEL trace exporter requests.",
1103 },
1104 {
1105 key: "otel.exporter.<id>.tls.ca-certificate",
1106 type: "string",
1107 description: "CA certificate path for OTEL exporter TLS.",
1108 },
1109 {
1110 key: "otel.exporter.<id>.tls.client-certificate",
1111 type: "string",
1112 description: "Client certificate path for OTEL exporter TLS.",
1113 },
1114 {
1115 key: "otel.exporter.<id>.tls.client-private-key",
1116 type: "string",
1117 description: "Client private key path for OTEL exporter TLS.",
1118 },
1119 {
1120 key: "otel.trace_exporter.<id>.tls.ca-certificate",
1121 type: "string",
1122 description: "CA certificate path for OTEL trace exporter TLS.",
1123 },
1124 {
1125 key: "otel.trace_exporter.<id>.tls.client-certificate",
1126 type: "string",
1127 description: "Client certificate path for OTEL trace exporter TLS.",
1128 },
1129 {
1130 key: "otel.trace_exporter.<id>.tls.client-private-key",
1131 type: "string",
1132 description: "Client private key path for OTEL trace exporter TLS.",
1133 },
1134 {
1135 key: "tui",
1136 type: "table",
1137 description:
1138 "TUI-specific options such as enabling inline desktop notifications.",
1139 },
1140 {
1141 key: "tui.notifications",
1142 type: "boolean | array<string>",
1143 description:
1144 "Enable TUI notifications; optionally restrict to specific event types.",
1145 },
1146 {
1147 key: "tui.notification_method",
1148 type: "auto | osc9 | bel",
1149 description:
1150 "Notification method for terminal notifications (default: auto).",
1151 },
1152 {
1153 key: "tui.notification_condition",
1154 type: "unfocused | always",
1155 description:
1156 "Control whether TUI notifications fire only when the terminal is unfocused or regardless of focus. Defaults to `unfocused`.",
1157 },
1158 {
1159 key: "tui.animations",
1160 type: "boolean",
1161 description:
1162 "Enable terminal animations (welcome screen, shimmer, spinner) (default: true).",
1163 },
1164 {
1165 key: "tui.alternate_screen",
1166 type: "auto | always | never",
1167 description:
1168 "Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback).",
1169 },
1170 {
1171 key: "tui.vim_mode_default",
1172 type: "boolean",
1173 description:
1174 "Start the composer in Vim normal mode instead of insert mode (default: false). You can still toggle it per session with `/vim`.",
1175 },
1176 {
1177 key: "tui.raw_output_mode",
1178 type: "boolean",
1179 description:
1180 "Start the TUI in raw scrollback mode for copy-friendly terminal selection (default: false). You can toggle it with `/raw` or the default `alt-r` key binding.",
1181 },
1182 {
1183 key: "tui.show_tooltips",
1184 type: "boolean",
1185 description:
1186 "Show onboarding tooltips in the TUI welcome screen (default: true).",
1187 },
1188 {
1189 key: "tui.status_line",
1190 type: "array<string> | null",
1191 description:
1192 "Ordered list of TUI footer status-line item identifiers. `null` disables the status line.",
1193 },
1194 {
1195 key: "tui.terminal_title",
1196 type: "array<string> | null",
1197 description:
1198 'Ordered list of terminal window/tab title item identifiers. Defaults to `["spinner", "project"]`; `null` disables title updates.',
1199 },
1200 {
1201 key: "tui.theme",
1202 type: "string",
1203 description:
1204 "Syntax-highlighting theme override (kebab-case theme name).",
1205 },
1206 {
1207 key: "tui.keymap.<context>.<action>",
1208 type: "string | array<string>",
1209 description:
1210 "Keyboard shortcut binding for a TUI action. Supported contexts include `global`, `chat`, `composer`, `editor`, `pager`, `list`, and `approval`; context-specific bindings override `tui.keymap.global`.",
1211 },
1212 {
1213 key: "tui.keymap.<context>.<action> = []",
1214 type: "empty array",
1215 description:
1216 "Unbind the action in that keymap context. Key names use normalized strings such as `ctrl-a`, `shift-enter`, `page-down`, or `minus`.",
1217 },
1218 {
1219 key: "plugins.<plugin>.mcp_servers.<server>.enabled",
1220 type: "boolean",
1221 description:
1222 "Enable or disable an MCP server bundled by an installed plugin without changing the plugin manifest.",
1223 },
1224 {
1225 key: "plugins.<plugin>.mcp_servers.<server>.default_tools_approval_mode",
1226 type: "auto | prompt | approve",
1227 description:
1228 "Default approval behavior for tools on a plugin-provided MCP server.",
1229 },
1230 {
1231 key: "plugins.<plugin>.mcp_servers.<server>.enabled_tools",
1232 type: "array<string>",
1233 description:
1234 "Allow list of tools exposed from a plugin-provided MCP server.",
1235 },
1236 {
1237 key: "plugins.<plugin>.mcp_servers.<server>.disabled_tools",
1238 type: "array<string>",
1239 description:
1240 "Deny list applied after `enabled_tools` for a plugin-provided MCP server.",
1241 },
1242 {
1243 key: "plugins.<plugin>.mcp_servers.<server>.tools.<tool>.approval_mode",
1244 type: "auto | prompt | approve",
1245 description:
1246 "Per-tool approval behavior override for a plugin-provided MCP tool.",
1247 },
1248 {
1249 key: "tui.model_availability_nux.<model>",
1250 type: "integer",
1251 description: "Internal startup-tooltip state keyed by model slug.",
1252 },
1253 {
1254 key: "hide_agent_reasoning",
1255 type: "boolean",
1256 description:
1257 "Suppress reasoning events in both the TUI and `codex exec` output.",
1258 },
1259 {
1260 key: "show_raw_agent_reasoning",
1261 type: "boolean",
1262 description:
1263 "Surface raw reasoning content when the active model emits it.",
1264 },
1265 {
1266 key: "disable_paste_burst",
1267 type: "boolean",
1268 description: "Disable burst-paste detection in the TUI.",
1269 },
1270 {
1271 key: "windows_wsl_setup_acknowledged",
1272 type: "boolean",
1273 description: "Track Windows onboarding acknowledgement (Windows only).",
1274 },
1275 {
1276 key: "chatgpt_base_url",
1277 type: "string",
1278 description: "Override the base URL used during the ChatGPT login flow.",
1279 },
1280 {
1281 key: "cli_auth_credentials_store",
1282 type: "file | keyring | auto",
1283 description:
1284 "Control where the CLI stores cached credentials (file-based auth.json vs OS keychain).",
1285 },
1286 {
1287 key: "mcp_oauth_credentials_store",
1288 type: "auto | file | keyring",
1289 description: "Preferred store for MCP OAuth credentials.",
1290 },
1291 {
1292 key: "mcp_oauth_callback_port",
1293 type: "integer",
1294 description:
1295 "Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS.",
1296 },
1297 {
1298 key: "mcp_oauth_callback_url",
1299 type: "string",
1300 description:
1301 "Optional redirect URI override for MCP OAuth login (for example, a devbox ingress URL). `mcp_oauth_callback_port` still controls the callback listener port.",
1302 },
1303 {
1304 key: "experimental_use_unified_exec_tool",
1305 type: "boolean",
1306 description:
1307 "Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`.",
1308 },
1309 {
1310 key: "tools.web_search",
1311 type: 'boolean | { context_size = "low|medium|high", allowed_domains = [string], location = { country, region, city, timezone } }',
1312 description:
1313 "Optional web search tool configuration. The legacy boolean form is still accepted, but the object form lets you set search context size, allowed domains, and approximate user location.",
1314 },
1315 {
1316 key: "tools.view_image",
1317 type: "boolean",
1318 description: "Enable the local-image attachment tool `view_image`.",
1319 },
1320 {
1321 key: "web_search",
1322 type: "disabled | cached | live",
1323 description:
1324 'Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool.',
1325 },
1326 {
1327 key: "default_permissions",
1328 type: "string",
1329 description:
1330 "Name of the default permissions profile to apply to sandboxed tool calls. Built-ins are `:read-only`, `:workspace`, and `:danger-no-sandbox`; custom profile names require matching `[permissions.<name>]` tables.",
1331 },
1332 {
1333 key: "permissions.<name>.filesystem",
1334 type: "table",
1335 description:
1336 "Named filesystem permission profile. Each key is an absolute path or special token such as `:minimal` or `:project_roots`.",
1337 },
1338 {
1339 key: "permissions.<name>.filesystem.glob_scan_max_depth",
1340 type: "number",
1341 description:
1342 "Maximum depth for expanding deny-read glob patterns on platforms that snapshot matches before sandbox startup. Must be at least `1` when set.",
1343 },
1344 {
1345 key: "permissions.<name>.filesystem.<path-or-glob>",
1346 type: '"read" | "write" | "none" | table',
1347 description:
1348 'Grant direct access for a path, glob pattern, or special token, or scope nested entries under that root. Use `"none"` to deny reads for matching paths.',
1349 },
1350 {
1351 key: 'permissions.<name>.filesystem.":project_roots".<subpath-or-glob>',
1352 type: '"read" | "write" | "none"',
1353 description:
1354 'Scoped filesystem access relative to the detected project roots. Use `"."` for the root itself; glob subpaths such as `"**/*.env"` can deny reads with `"none"`.',
1355 },
1356 {
1357 key: "permissions.<name>.network.enabled",
1358 type: "boolean",
1359 description: "Enable network access for this named permissions profile.",
1360 },
1361 {
1362 key: "permissions.<name>.network.proxy_url",
1363 type: "string",
1364 description:
1365 "HTTP listener URL used when this permissions profile enables sandboxed networking.",
1366 },
1367 {
1368 key: "permissions.<name>.network.enable_socks5",
1369 type: "boolean",
1370 description:
1371 "Expose SOCKS5 support when this permissions profile enables sandboxed networking.",
1372 },
1373 {
1374 key: "permissions.<name>.network.socks_url",
1375 type: "string",
1376 description: "SOCKS5 proxy endpoint used by this permissions profile.",
1377 },
1378 {
1379 key: "permissions.<name>.network.enable_socks5_udp",
1380 type: "boolean",
1381 description: "Allow UDP over the SOCKS5 listener when enabled.",
1382 },
1383 {
1384 key: "permissions.<name>.network.allow_upstream_proxy",
1385 type: "boolean",
1386 description:
1387 "Allow sandboxed networking to chain through another upstream proxy.",
1388 },
1389 {
1390 key: "permissions.<name>.network.dangerously_allow_non_loopback_proxy",
1391 type: "boolean",
1392 description:
1393 "Permit non-loopback bind addresses for sandboxed networking listeners. Enabling it can expose listeners beyond localhost.",
1394 },
1395 {
1396 key: "permissions.<name>.network.dangerously_allow_all_unix_sockets",
1397 type: "boolean",
1398 description:
1399 "Allow arbitrary Unix socket destinations instead of the default restricted set. Use only in tightly controlled environments.",
1400 },
1401 {
1402 key: "permissions.<name>.network.domains",
1403 type: "map<string, allow | deny>",
1404 description:
1405 "Domain rules for sandboxed networking. Supports exact hosts, `*.example.com` for subdomains only, `**.example.com` for apex plus subdomains, and global `*` allow rules. `deny` wins on conflicts.",
1406 },
1407 {
1408 key: "permissions.<name>.network.unix_sockets",
1409 type: "map<string, allow | none>",
1410 description:
1411 "Unix socket rules for sandboxed networking. Use socket paths as keys, with `allow` or `none` values.",
1412 },
1413 {
1414 key: "permissions.<name>.network.allow_local_binding",
1415 type: "boolean",
1416 description:
1417 "Permit broader local/private-network access through sandboxed networking. Exact local IP literal or `localhost` allow rules can still permit specific local targets when this stays `false`.",
1418 },
1419 {
1420 key: "projects.<path>.trust_level",
1421 type: "string",
1422 description:
1423 'Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers, including project-local config, hooks, and rules.',
1424 },
1425 {
1426 key: "notice.hide_full_access_warning",
1427 type: "boolean",
1428 description: "Track acknowledgement of the full access warning prompt.",
1429 },
1430 {
1431 key: "notice.hide_world_writable_warning",
1432 type: "boolean",
1433 description:
1434 "Track acknowledgement of the Windows world-writable directories warning.",
1435 },
1436 {
1437 key: "notice.hide_rate_limit_model_nudge",
1438 type: "boolean",
1439 description: "Track opt-out of the rate limit model switch reminder.",
1440 },
1441 {
1442 key: "notice.hide_gpt5_1_migration_prompt",
1443 type: "boolean",
1444 description: "Track acknowledgement of the GPT-5.1 migration prompt.",
1445 },
1446 {
1447 key: "notice.hide_gpt-5.1-codex-max_migration_prompt",
1448 type: "boolean",
1449 description:
1450 "Track acknowledgement of the gpt-5.1-codex-max migration prompt.",
1451 },
1452 {
1453 key: "notice.model_migrations",
1454 type: "map<string,string>",
1455 description: "Track acknowledged model migrations as old->new mappings.",
1456 },
1457 {
1458 key: "forced_login_method",
1459 type: "chatgpt | api",
1460 description: "Restrict Codex to a specific authentication method.",
1461 },
1462 {
1463 key: "forced_chatgpt_workspace_id",
1464 type: "string (uuid)",
1465 description: "Limit ChatGPT logins to a specific workspace identifier.",
1466 },
1467 ]}
1468 client:load
1469/>
2745 1470
2746You can find the latest JSON schema for `config.toml` [here](https://developers.openai.com/codex/config-schema.json).1471You can find the latest JSON schema for `config.toml` [here](https://developers.openai.com/codex/config-schema.json).
2747 1472
2763Use `[features]` in `requirements.toml` to pin feature flags by the same1488Use `[features]` in `requirements.toml` to pin feature flags by the same
2764canonical keys that `config.toml` uses. Omitted keys remain unconstrained.1489canonical keys that `config.toml` uses. Omitted keys remain unconstrained.
2765 1490
27661491| Key | Type / Values | Details |<ConfigTable
27671492| --- | --- | --- | options={[
27681493| `allowed_approval_policies` | `array<string>` | Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `granular`). | {
27691494| `allowed_approvals_reviewers` | `array<string>` | Allowed values for `approvals_reviewer` (for example `user` and `guardian_subagent`). | key: "allowed_approval_policies",
27701495| `allowed_sandbox_modes` | `array<string>` | Allowed values for `sandbox_mode`. | type: "array<string>",
27711496| `allowed_web_search_modes` | `array<string>` | Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`. | description:
27721497| `features` | `table` | Pinned feature values keyed by the canonical names from `config.toml`'s `[features]` table. | "Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `granular`).",
27731498| `features.<name>` | `boolean` | Require a specific canonical feature key to stay enabled or disabled. | },
27741499| `mcp_servers` | `table` | Allowlist of MCP servers that may be enabled. Both the server name (`<id>`) and its identity must match for the MCP server to be enabled. Any configured MCP server not in the allowlist (or with a mismatched identity) is disabled. | {
27751500| `mcp_servers.<id>.identity` | `table` | Identity rule for a single MCP server. Set either `command` (stdio) or `url` (streamable HTTP). | key: "allowed_approvals_reviewers",
27761501| `mcp_servers.<id>.identity.command` | `string` | Allow an MCP stdio server when its `mcp_servers.<id>.command` matches this command. | type: "array<string>",
27771502| `mcp_servers.<id>.identity.url` | `string` | Allow an MCP streamable HTTP server when its `mcp_servers.<id>.url` matches this URL. | description:
27781503| `rules` | `table` | Admin-enforced command rules merged with `.rules` files. Requirements rules must be restrictive. | "Allowed values for `approvals_reviewer`, such as `user` and `auto_review`.",
27791504| `rules.prefix_rules` | `array<table>` | List of enforced prefix rules. Each rule must include `pattern` and `decision`. | },
27801505| `rules.prefix_rules[].decision` | `prompt | forbidden` | Required. Requirements rules can only prompt or forbid (not allow). | {
27811506| `rules.prefix_rules[].justification` | `string` | Optional non-empty rationale surfaced in approval prompts or rejection messages. | key: "guardian_policy_config",
27821507| `rules.prefix_rules[].pattern` | `array<table>` | Command prefix expressed as pattern tokens. Each token sets either `token` or `any_of`. | type: "string",
27831508| `rules.prefix_rules[].pattern[].any_of` | `array<string>` | A list of allowed alternative tokens at this position. | description:
27841509| `rules.prefix_rules[].pattern[].token` | `string` | A single literal token at this position. | "Managed Markdown policy instructions for automatic review. This takes precedence over local `[auto_review].policy`. Blank values are ignored.",
27851510 },
27861511Key {
27871512 key: "allowed_sandbox_modes",
27881513`allowed_approval_policies` type: "array<string>",
27891514 description: "Allowed values for `sandbox_mode`.",
27901515Type / Values },
27911516 {
27921517`array<string>` key: "remote_sandbox_config",
27931518 type: "array<table>",
27941519Details description:
27951520 "Host-specific sandbox requirements. The first entry whose `hostname_patterns` match the resolved host name overrides top-level `allowed_sandbox_modes` for that requirements source. Host-specific entries currently override sandbox modes only.",
27961521Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `granular`). },
27971522 {
27981523Key key: "remote_sandbox_config[].hostname_patterns",
27991524 type: "array<string>",
28001525`allowed_approvals_reviewers` description:
28011526 "Case-insensitive host name patterns. Supports `*` for any sequence of characters and `?` for one character.",
28021527Type / Values },
28031528 {
28041529`array<string>` key: "remote_sandbox_config[].allowed_sandbox_modes",
28051530 type: "array<string>",
28061531Details description:
28071532 "Allowed sandbox modes to apply when this host-specific entry matches.",
28081533Allowed values for `approvals_reviewer` (for example `user` and `guardian_subagent`). },
28091534 {
28101535Key key: "allowed_web_search_modes",
28111536 type: "array<string>",
28121537`allowed_sandbox_modes` description:
28131538 "Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`.",
28141539Type / Values },
28151540 {
28161541`array<string>` key: "features",
28171542 type: "table",
28181543Details description:
28191544 "Pinned feature values keyed by the canonical names from `config.toml`'s `[features]` table.",
28201545Allowed values for `sandbox_mode`. },
28211546 {
28221547Key key: "features.<name>",
28231548 type: "boolean",
28241549`allowed_web_search_modes` description:
28251550 "Require a specific canonical feature key to stay enabled or disabled.",
28261551Type / Values },
28271552 {
28281553`array<string>` key: "features.in_app_browser",
28291554 type: "boolean",
28301555Details description:
28311556 "Set to `false` in `requirements.toml` to disable the in-app browser pane.",
28321557Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`. },
28331558 {
28341559Key key: "features.browser_use",
28351560 type: "boolean",
28361561`features` description:
28371562 "Set to `false` in `requirements.toml` to disable Browser Use and Browser Agent availability.",
28381563Type / Values },
28391564 {
28401565`table` key: "features.computer_use",
28411566 type: "boolean",
28421567Details description:
28431568 "Set to `false` in `requirements.toml` to disable Computer Use availability and related install or enablement flows.",
28441569Pinned feature values keyed by the canonical names from `config.toml`'s `[features]` table. },
28451570 {
28461571Key key: "experimental_network",
28471572 type: "table",
28481573`features.<name>` description:
28491574 "Network access requirements enforced from `requirements.toml`. These constraints are separate from `features.network_proxy` and can configure sandboxed networking without the user feature flag.",
28501575Type / Values },
28511576 {
28521577`boolean` key: "experimental_network.enabled",
28531578 type: "boolean",
28541579Details description:
28551580 "Enable sandboxed networking requirements. This does not grant network access when the active sandbox keeps command networking off.",
28561581Require a specific canonical feature key to stay enabled or disabled. },
28571582 {
28581583Key key: "experimental_network.http_port",
28591584 type: "integer",
28601585`mcp_servers` description:
28611586 "Loopback HTTP listener port to use for `[experimental_network]` requirements.",
28621587Type / Values },
28631588 {
28641589`table` key: "experimental_network.socks_port",
28651590 type: "integer",
28661591Details description:
28671592 "Loopback SOCKS5 listener port to use for `[experimental_network]` requirements.",
28681593Allowlist of MCP servers that may be enabled. Both the server name (`<id>`) and its identity must match for the MCP server to be enabled. Any configured MCP server not in the allowlist (or with a mismatched identity) is disabled. },
28691594 {
28701595Key key: "experimental_network.allow_upstream_proxy",
28711596 type: "boolean",
28721597`mcp_servers.<id>.identity` description:
28731598 "Allow sandboxed networking to chain through an upstream proxy from the environment.",
28741599Type / Values },
28751600 {
28761601`table` key: "experimental_network.dangerously_allow_non_loopback_proxy",
28771602 type: "boolean",
28781603Details description:
28791604 "Permit non-loopback listener addresses for `[experimental_network]` requirements. Enabling it can expose listeners beyond localhost.",
28801605Identity rule for a single MCP server. Set either `command` (stdio) or `url` (streamable HTTP). },
28811606 {
28821607Key key: "experimental_network.dangerously_allow_all_unix_sockets",
28831608 type: "boolean",
28841609`mcp_servers.<id>.identity.command` description:
28851610 "Permit arbitrary Unix socket destinations instead of allowlist-only access. Use only in tightly controlled environments.",
28861611Type / Values },
28871612 {
28881613`string` key: "experimental_network.domains",
28891614 type: "map<string, allow | deny>",
28901615Details description:
28911616 "Map-shaped administrator domain policy for sandboxed networking. Supports exact hosts, `*.example.com` for subdomains only, `**.example.com` for apex plus subdomains, and global `*` allow rules; prefer scoped rules because `*` broadly opens public outbound access. `deny` wins on conflicts. Do not combine this with `experimental_network.allowed_domains` or `experimental_network.denied_domains`.",
28921617Allow an MCP stdio server when its `mcp_servers.<id>.command` matches this command. },
28931618 {
28941619Key key: "experimental_network.allowed_domains",
28951620 type: "array<string>",
28961621`mcp_servers.<id>.identity.url` description:
28971622 "List-shaped administrator allow rules for sandboxed networking. Do not combine this with `experimental_network.domains`.",
28981623Type / Values },
28991624 {
29001625`string` key: "experimental_network.denied_domains",
29011626 type: "array<string>",
29021627Details description:
29031628 "List-shaped administrator deny rules for sandboxed networking. Do not combine this with `experimental_network.domains`.",
29041629Allow an MCP streamable HTTP server when its `mcp_servers.<id>.url` matches this URL. },
29051630 {
29061631Key key: "experimental_network.managed_allowed_domains_only",
29071632 type: "boolean",
29081633`rules` description:
29091634 "When `true`, only administrator-managed allow rules remain effective while sandboxed networking requirements are active; user allowlist additions are ignored. Without managed allow rules, user-added domain allow rules do not remain effective.",
29101635Type / Values },
29111636 {
29121637`table` key: "experimental_network.unix_sockets",
29131638 type: "map<string, allow | none>",
29141639Details description:
29151640 "Administrator-managed Unix socket policy for sandboxed networking.",
29161641Admin-enforced command rules merged with `.rules` files. Requirements rules must be restrictive. },
29171642 {
29181643Key key: "experimental_network.allow_local_binding",
29191644 type: "boolean",
29201645`rules.prefix_rules` description:
29211646 "Permit broader local/private-network access for sandboxed networking. Exact local IP literal or `localhost` allow rules can still permit specific local targets when this stays `false`.",
29221647Type / Values },
29231648 {
29241649`array<table>` key: "hooks",
29251650 type: "table",
29261651Details description:
29271652 "Admin-enforced managed lifecycle hooks. Requires a managed hook directory and uses the same event schema as inline `[hooks]` in `config.toml`.",
29281653List of enforced prefix rules. Each rule must include `pattern` and `decision`. },
29291654 {
29301655Key key: "hooks.managed_dir",
29311656 type: "string (absolute path)",
29321657`rules.prefix_rules[].decision` description:
29331658 "Directory containing managed hook scripts on macOS and Linux. Codex validates that it is absolute and exists before loading managed hooks.",
29341659Type / Values },
29351660 {
29361661`prompt | forbidden` key: "hooks.windows_managed_dir",
29371662 type: "string (absolute path)",
29381663Details description:
29391664 "Directory containing managed hook scripts on Windows. Codex validates that it is absolute and exists before loading managed hooks.",
29401665Required. Requirements rules can only prompt or forbid (not allow). },
29411666 {
29421667Key key: "hooks.<Event>",
29431668 type: "array<table>",
29441669`rules.prefix_rules[].justification` description:
29451670 "Matcher groups for a hook event such as `PreToolUse`, `PermissionRequest`, `PostToolUse`, `SessionStart`, `UserPromptSubmit`, or `Stop`.",
29461671Type / Values },
29471672 {
29481673`string` key: "hooks.<Event>[].hooks",
29491674 type: "array<table>",
29501675Details description:
29511676 "Hook handlers for a matcher group. Command hooks are currently supported; prompt and agent hook handlers are parsed but skipped.",
29521677Optional non-empty rationale surfaced in approval prompts or rejection messages. },
29531678 {
29541679Key key: "permissions.filesystem.deny_read",
29551680 type: "array<string>",
29561681`rules.prefix_rules[].pattern` description:
29571682 "Admin-enforced filesystem read denials. Entries can be paths or glob patterns, and users cannot weaken them with local config.",
29581683Type / Values },
29591684 {
29601685`array<table>` key: "mcp_servers",
29611686 type: "table",
29621687Details description:
29631688 "Allowlist of MCP servers that may be enabled. Both the server name (`<id>`) and its identity must match for the MCP server to be enabled. Any configured MCP server not in the allowlist (or with a mismatched identity) is disabled.",
29641689Command prefix expressed as pattern tokens. Each token sets either `token` or `any_of`. },
29651690 {
29661691Key key: "mcp_servers.<id>.identity",
29671692 type: "table",
29681693`rules.prefix_rules[].pattern[].any_of` description:
29691694 "Identity rule for a single MCP server. Set either `command` (stdio) or `url` (streamable HTTP).",
29701695Type / Values },
29711696 {
29721697`array<string>` key: "mcp_servers.<id>.identity.command",
29731698 type: "string",
29741699Details description:
29751700 "Allow an MCP stdio server when its `mcp_servers.<id>.command` matches this command.",
29761701A list of allowed alternative tokens at this position. },
29771702 {
29781703Key key: "mcp_servers.<id>.identity.url",
29791704 type: "string",
29801705`rules.prefix_rules[].pattern[].token` description:
29811706 "Allow an MCP streamable HTTP server when its `mcp_servers.<id>.url` matches this URL.",
29821707Type / Values },
29831708 {
29841709`string` key: "rules",
29851710 type: "table",
29861711Details description:
29871712 "Admin-enforced command rules merged with `.rules` files. Requirements rules must be restrictive.",
29881713A single literal token at this position. },
29891714 {
29901715Expand to view all key: "rules.prefix_rules",
1716 type: "array<table>",
1717 description:
1718 "List of enforced prefix rules. Each rule must include `pattern` and `decision`.",
1719 },
1720 {
1721 key: "rules.prefix_rules[].pattern",
1722 type: "array<table>",
1723 description:
1724 "Command prefix expressed as pattern tokens. Each token sets either `token` or `any_of`.",
1725 },
1726 {
1727 key: "rules.prefix_rules[].pattern[].token",
1728 type: "string",
1729 description: "A single literal token at this position.",
1730 },
1731 {
1732 key: "rules.prefix_rules[].pattern[].any_of",
1733 type: "array<string>",
1734 description: "A list of allowed alternative tokens at this position.",
1735 },
1736 {
1737 key: "rules.prefix_rules[].decision",
1738 type: "prompt | forbidden",
1739 description:
1740 "Required. Requirements rules can only prompt or forbid (not allow).",
1741 },
1742 {
1743 key: "rules.prefix_rules[].justification",
1744 type: "string",
1745 description:
1746 "Optional non-empty rationale surfaced in approval prompts or rejection messages.",
1747 },
1748 ]}
1749 client:load
1750/>