config-reference.md +1719 −3102
6 6
7User-level configuration lives in `~/.codex/config.toml`. You can also add project-scoped overrides in `.codex/config.toml` files. Codex loads project-scoped config files only when you trust the project.7User-level configuration lives in `~/.codex/config.toml`. You can also add project-scoped overrides in `.codex/config.toml` files. Codex loads project-scoped config files only when you trust the project.
8 8
99For sandbox and approval keys (`approval_policy`, `sandbox_mode`, and `sandbox_workspace_write.*`), pair this reference with [Sandbox and approvals](https://developers.openai.com/codex/agent-approvals-security#sandbox-and-approvals), [Protected paths in writable roots](https://developers.openai.com/codex/agent-approvals-security#protected-paths-in-writable-roots), and [Network access](https://developers.openai.com/codex/agent-approvals-security#network-access).Project-scoped config can't override machine-local provider, auth,
1010 notification, profile, or telemetry routing keys. Codex ignores
1111| Key | Type / Values | Details |`openai_base_url`, `chatgpt_base_url`, `model_provider`, `model_providers`,
1212| --- | --- | --- |`notify`, `profile`, `profiles`, `experimental_realtime_ws_base_url`, and
1313| `agents.<name>.config_file` | `string (path)` | Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role. |`otel` when they appear in a project-local `.codex/config.toml`; put those in
1414| `agents.<name>.description` | `string` | Role guidance shown to Codex when choosing and spawning that agent type. |user-level config instead.
15| `agents.<name>.nickname_candidates` | `array<string>` | Optional pool of display nicknames for spawned agents in that role. |
16| `agents.job_max_runtime_seconds` | `number` | Default per-worker timeout for `spawn_agents_on_csv` jobs. When unset, the tool falls back to 1800 seconds per worker. |
17| `agents.max_depth` | `number` | Maximum nesting depth allowed for spawned agent threads (root sessions start at depth 0; default: 1). |
18| `agents.max_threads` | `number` | Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset. |
19| `allow_login_shell` | `boolean` | Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells. |
20| `analytics.enabled` | `boolean` | Enable or disable analytics for this machine/profile. When unset, the client default applies. |
21| `approval_policy` | `untrusted | on-request | never | { granular = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool, request_permissions = bool, skill_approval = bool } }` | Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { granular = { ... } }` to allow or auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs. |
22| `approval_policy.granular.mcp_elicitations` | `boolean` | When `true`, MCP elicitation prompts are allowed to surface instead of being auto-rejected. |
23| `approval_policy.granular.request_permissions` | `boolean` | When `true`, prompts from the `request_permissions` tool are allowed to surface. |
24| `approval_policy.granular.rules` | `boolean` | When `true`, approvals triggered by execpolicy `prompt` rules are allowed to surface. |
25| `approval_policy.granular.sandbox_approval` | `boolean` | When `true`, sandbox escalation approval prompts are allowed to surface. |
26| `approval_policy.granular.skill_approval` | `boolean` | When `true`, skill-script approval prompts are allowed to surface. |
27| `approvals_reviewer` | `user | guardian_subagent` | Select who reviews eligible approval prompts. Defaults to `user`; `guardian_subagent` routes supported reviews through the Guardian reviewer subagent. |
28| `apps._default.destructive_enabled` | `boolean` | Default allow/deny for app tools with `destructive_hint = true`. |
29| `apps._default.enabled` | `boolean` | Default app enabled state for all apps unless overridden per app. |
30| `apps._default.open_world_enabled` | `boolean` | Default allow/deny for app tools with `open_world_hint = true`. |
31| `apps.<id>.default_tools_approval_mode` | `auto | prompt | approve` | Default approval behavior for tools in this app unless a per-tool override exists. |
32| `apps.<id>.default_tools_enabled` | `boolean` | Default enabled state for tools in this app unless a per-tool override exists. |
33| `apps.<id>.destructive_enabled` | `boolean` | Allow or block tools in this app that advertise `destructive_hint = true`. |
34| `apps.<id>.enabled` | `boolean` | Enable or disable a specific app/connector by id (default: true). |
35| `apps.<id>.open_world_enabled` | `boolean` | Allow or block tools in this app that advertise `open_world_hint = true`. |
36| `apps.<id>.tools.<tool>.approval_mode` | `auto | prompt | approve` | Per-tool approval behavior override for a single app tool. |
37| `apps.<id>.tools.<tool>.enabled` | `boolean` | Per-tool enabled override for an app tool (for example `repos/list`). |
38| `background_terminal_max_timeout` | `number` | Maximum poll window in milliseconds for empty `write_stdin` polls (background terminal polling). Default: `300000` (5 minutes). Replaces the older `background_terminal_timeout` key. |
39| `chatgpt_base_url` | `string` | Override the base URL used during the ChatGPT login flow. |
40| `check_for_update_on_startup` | `boolean` | Check for Codex updates on startup (set to false only when updates are centrally managed). |
41| `cli_auth_credentials_store` | `file | keyring | auto` | Control where the CLI stores cached credentials (file-based auth.json vs OS keychain). |
42| `commit_attribution` | `string` | Override the commit co-author trailer text. Set an empty string to disable automatic attribution. |
43| `compact_prompt` | `string` | Inline override for the history compaction prompt. |
44| `default_permissions` | `string` | Name of the default permissions profile to apply to sandboxed tool calls. |
45| `developer_instructions` | `string` | Additional developer instructions injected into the session (optional). |
46| `disable_paste_burst` | `boolean` | Disable burst-paste detection in the TUI. |
47| `experimental_compact_prompt_file` | `string (path)` | Load the compaction prompt override from a file (experimental). |
48| `experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`. |
49| `features.apps` | `boolean` | Enable ChatGPT Apps/connectors support (experimental). |
50| `features.codex_hooks` | `boolean` | Enable lifecycle hooks loaded from `hooks.json` (under development; off by default). |
51| `features.enable_request_compression` | `boolean` | Compress streaming request bodies with zstd when supported (stable; on by default). |
52| `features.fast_mode` | `boolean` | Enable Fast mode selection and the `service_tier = "fast"` path (stable; on by default). |
53| `features.guardian_approval` | `boolean` | Route eligible approval requests through the guardian reviewer subagent (experimental; off by default). Use with `approvals_reviewer = "guardian_subagent"`. |
54| `features.memories` | `boolean` | Enable [Memories](https://developers.openai.com/codex/memories) (off by default). |
55| `features.multi_agent` | `boolean` | Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait_agent`, and `close_agent`) (stable; on by default). |
56| `features.personality` | `boolean` | Enable personality selection controls (stable; on by default). |
57| `features.prevent_idle_sleep` | `boolean` | Prevent the machine from sleeping while a turn is actively running (experimental; off by default). |
58| `features.shell_snapshot` | `boolean` | Snapshot shell environment to speed up repeated commands (stable; on by default). |
59| `features.shell_tool` | `boolean` | Enable the default `shell` tool for running commands (stable; on by default). |
60| `features.skill_mcp_dependency_install` | `boolean` | Allow prompting and installing missing MCP dependencies for skills (stable; on by default). |
61| `features.undo` | `boolean` | Enable undo support (stable; off by default). |
62| `features.unified_exec` | `boolean` | Use the unified PTY-backed exec tool (stable; enabled by default except on Windows). |
63| `features.web_search` | `boolean` | Deprecated legacy toggle; prefer the top-level `web_search` setting. |
64| `features.web_search_cached` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`. |
65| `features.web_search_request` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`. |
66| `feedback.enabled` | `boolean` | Enable feedback submission via `/feedback` across Codex surfaces (default: true). |
67| `file_opener` | `vscode | vscode-insiders | windsurf | cursor | none` | URI scheme used to open citations from Codex output (default: `vscode`). |
68| `forced_chatgpt_workspace_id` | `string (uuid)` | Limit ChatGPT logins to a specific workspace identifier. |
69| `forced_login_method` | `chatgpt | api` | Restrict Codex to a specific authentication method. |
70| `hide_agent_reasoning` | `boolean` | Suppress reasoning events in both the TUI and `codex exec` output. |
71| `history.max_bytes` | `number` | If set, caps the history file size in bytes by dropping oldest entries. |
72| `history.persistence` | `save-all | none` | Control whether Codex saves session transcripts to history.jsonl. |
73| `instructions` | `string` | Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`. |
74| `log_dir` | `string (path)` | Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`. |
75| `mcp_oauth_callback_port` | `integer` | Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS. |
76| `mcp_oauth_callback_url` | `string` | Optional redirect URI override for MCP OAuth login (for example, a devbox ingress URL). `mcp_oauth_callback_port` still controls the callback listener port. |
77| `mcp_oauth_credentials_store` | `auto | file | keyring` | Preferred store for MCP OAuth credentials. |
78| `mcp_servers.<id>.args` | `array<string>` | Arguments passed to the MCP stdio server command. |
79| `mcp_servers.<id>.bearer_token_env_var` | `string` | Environment variable sourcing the bearer token for an MCP HTTP server. |
80| `mcp_servers.<id>.command` | `string` | Launcher command for an MCP stdio server. |
81| `mcp_servers.<id>.cwd` | `string` | Working directory for the MCP stdio server process. |
82| `mcp_servers.<id>.disabled_tools` | `array<string>` | Deny list applied after `enabled_tools` for the MCP server. |
83| `mcp_servers.<id>.enabled` | `boolean` | Disable an MCP server without removing its configuration. |
84| `mcp_servers.<id>.enabled_tools` | `array<string>` | Allow list of tool names exposed by the MCP server. |
85| `mcp_servers.<id>.env` | `map<string,string>` | Environment variables forwarded to the MCP stdio server. |
86| `mcp_servers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables for an MCP HTTP server. |
87| `mcp_servers.<id>.env_vars` | `array<string>` | Additional environment variables to whitelist for an MCP stdio server. |
88| `mcp_servers.<id>.http_headers` | `map<string,string>` | Static HTTP headers included with each MCP HTTP request. |
89| `mcp_servers.<id>.oauth_resource` | `string` | Optional RFC 8707 OAuth resource parameter to include during MCP login. |
90| `mcp_servers.<id>.required` | `boolean` | When true, fail startup/resume if this enabled MCP server cannot initialize. |
91| `mcp_servers.<id>.scopes` | `array<string>` | OAuth scopes to request when authenticating to that MCP server. |
92| `mcp_servers.<id>.startup_timeout_ms` | `number` | Alias for `startup_timeout_sec` in milliseconds. |
93| `mcp_servers.<id>.startup_timeout_sec` | `number` | Override the default 10s startup timeout for an MCP server. |
94| `mcp_servers.<id>.tool_timeout_sec` | `number` | Override the default 60s per-tool timeout for an MCP server. |
95| `mcp_servers.<id>.url` | `string` | Endpoint for an MCP streamable HTTP server. |
96| `memories.consolidation_model` | `string` | Optional model override for global memory consolidation. |
97| `memories.extract_model` | `string` | Optional model override for per-thread memory extraction. |
98| `memories.generate_memories` | `boolean` | When `false`, newly created threads are not stored as memory-generation inputs. Defaults to `true`. |
99| `memories.max_raw_memories_for_consolidation` | `number` | Maximum recent raw memories retained for global consolidation. Defaults to `256` and is capped at `4096`. |
100| `memories.max_rollout_age_days` | `number` | Maximum age of threads considered for memory generation. Defaults to `30` and is clamped to `0`-`90`. |
101| `memories.max_rollouts_per_startup` | `number` | Maximum rollout candidates processed per startup pass. Defaults to `16` and is capped at `128`. |
102| `memories.max_unused_days` | `number` | Maximum days since a memory was last used before it becomes ineligible for consolidation. Defaults to `30` and is clamped to `0`-`365`. |
103| `memories.min_rollout_idle_hours` | `number` | Minimum idle time before a thread is considered for memory generation. Defaults to `6` and is clamped to `1`-`48`. |
104| `memories.no_memories_if_mcp_or_web_search` | `boolean` | When `true`, threads that use MCP tool calls or web search are kept out of memory generation. Defaults to `false`. |
105| `memories.use_memories` | `boolean` | When `false`, Codex skips injecting existing memories into future sessions. Defaults to `true`. |
106| `model` | `string` | Model to use (e.g., `gpt-5.4`). |
107| `model_auto_compact_token_limit` | `number` | Token threshold that triggers automatic history compaction (unset uses model defaults). |
108| `model_catalog_json` | `string (path)` | Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile. |
109| `model_context_window` | `number` | Context window tokens available to the active model. |
110| `model_instructions_file` | `string (path)` | Replacement for built-in instructions instead of `AGENTS.md`. |
111| `model_provider` | `string` | Provider id from `model_providers` (default: `openai`). |
112| `model_providers.<id>` | `table` | Custom provider definition. Built-in provider IDs (`openai`, `ollama`, and `lmstudio`) are reserved and cannot be overridden. |
113| `model_providers.<id>.auth` | `table` | Command-backed bearer token configuration for a custom provider. Do not combine with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`. |
114| `model_providers.<id>.auth.args` | `array<string>` | Arguments passed to the token command. |
115| `model_providers.<id>.auth.command` | `string` | Command to run when Codex needs a bearer token. The command must print the token to stdout. |
116| `model_providers.<id>.auth.cwd` | `string (path)` | Working directory for the token command. |
117| `model_providers.<id>.auth.refresh_interval_ms` | `number` | How often Codex proactively refreshes the token in milliseconds (default: 300000). Set to `0` to refresh only after an authentication retry. |
118| `model_providers.<id>.auth.timeout_ms` | `number` | Maximum token command runtime in milliseconds (default: 5000). |
119| `model_providers.<id>.base_url` | `string` | API base URL for the model provider. |
120| `model_providers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables when present. |
121| `model_providers.<id>.env_key` | `string` | Environment variable supplying the provider API key. |
122| `model_providers.<id>.env_key_instructions` | `string` | Optional setup guidance for the provider API key. |
123| `model_providers.<id>.experimental_bearer_token` | `string` | Direct bearer token for the provider (discouraged; use `env_key`). |
124| `model_providers.<id>.http_headers` | `map<string,string>` | Static HTTP headers added to provider requests. |
125| `model_providers.<id>.name` | `string` | Display name for a custom model provider. |
126| `model_providers.<id>.query_params` | `map<string,string>` | Extra query parameters appended to provider requests. |
127| `model_providers.<id>.request_max_retries` | `number` | Retry count for HTTP requests to the provider (default: 4). |
128| `model_providers.<id>.requires_openai_auth` | `boolean` | The provider uses OpenAI authentication (defaults to false). |
129| `model_providers.<id>.stream_idle_timeout_ms` | `number` | Idle timeout for SSE streams in milliseconds (default: 300000). |
130| `model_providers.<id>.stream_max_retries` | `number` | Retry count for SSE streaming interruptions (default: 5). |
131| `model_providers.<id>.supports_websockets` | `boolean` | Whether that provider supports the Responses API WebSocket transport. |
132| `model_providers.<id>.wire_api` | `responses` | Protocol used by the provider. `responses` is the only supported value, and it is the default when omitted. |
133| `model_reasoning_effort` | `minimal | low | medium | high | xhigh` | Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent). |
134| `model_reasoning_summary` | `auto | concise | detailed | none` | Select reasoning summary detail or disable summaries entirely. |
135| `model_supports_reasoning_summaries` | `boolean` | Force Codex to send or not send reasoning metadata. |
136| `model_verbosity` | `low | medium | high` | Optional GPT-5 Responses API verbosity override; when unset, the selected model/preset default is used. |
137| `notice.hide_full_access_warning` | `boolean` | Track acknowledgement of the full access warning prompt. |
138| `notice.hide_gpt-5.1-codex-max_migration_prompt` | `boolean` | Track acknowledgement of the gpt-5.1-codex-max migration prompt. |
139| `notice.hide_gpt5_1_migration_prompt` | `boolean` | Track acknowledgement of the GPT-5.1 migration prompt. |
140| `notice.hide_rate_limit_model_nudge` | `boolean` | Track opt-out of the rate limit model switch reminder. |
141| `notice.hide_world_writable_warning` | `boolean` | Track acknowledgement of the Windows world-writable directories warning. |
142| `notice.model_migrations` | `map<string,string>` | Track acknowledged model migrations as old->new mappings. |
143| `notify` | `array<string>` | Command invoked for notifications; receives a JSON payload from Codex. |
144| `openai_base_url` | `string` | Base URL override for the built-in `openai` model provider. |
145| `oss_provider` | `lmstudio | ollama` | Default local provider used when running with `--oss` (defaults to prompting if unset). |
146| `otel.environment` | `string` | Environment tag applied to emitted OpenTelemetry events (default: `dev`). |
147| `otel.exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry exporter and provide any endpoint metadata. |
148| `otel.exporter.<id>.endpoint` | `string` | Exporter endpoint for OTEL logs. |
149| `otel.exporter.<id>.headers` | `map<string,string>` | Static headers included with OTEL exporter requests. |
150| `otel.exporter.<id>.protocol` | `binary | json` | Protocol used by the OTLP/HTTP exporter. |
151| `otel.exporter.<id>.tls.ca-certificate` | `string` | CA certificate path for OTEL exporter TLS. |
152| `otel.exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL exporter TLS. |
153| `otel.exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL exporter TLS. |
154| `otel.log_user_prompt` | `boolean` | Opt in to exporting raw user prompts with OpenTelemetry logs. |
155| `otel.metrics_exporter` | `none | statsig | otlp-http | otlp-grpc` | Select the OpenTelemetry metrics exporter (defaults to `statsig`). |
156| `otel.trace_exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry trace exporter and provide any endpoint metadata. |
157| `otel.trace_exporter.<id>.endpoint` | `string` | Trace exporter endpoint for OTEL logs. |
158| `otel.trace_exporter.<id>.headers` | `map<string,string>` | Static headers included with OTEL trace exporter requests. |
159| `otel.trace_exporter.<id>.protocol` | `binary | json` | Protocol used by the OTLP/HTTP trace exporter. |
160| `otel.trace_exporter.<id>.tls.ca-certificate` | `string` | CA certificate path for OTEL trace exporter TLS. |
161| `otel.trace_exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL trace exporter TLS. |
162| `otel.trace_exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL trace exporter TLS. |
163| `permissions.<name>.filesystem` | `table` | Named filesystem permission profile. Each key is an absolute path or special token such as `:minimal` or `:project_roots`. |
164| `permissions.<name>.filesystem.":project_roots".<subpath>` | `"read" | "write" | "none"` | Scoped filesystem access relative to the detected project roots. Use `"."` for the root itself. |
165| `permissions.<name>.filesystem.<path>` | `"read" | "write" | "none" | table` | Grant direct access for a path or special token, or scope nested entries under that root. |
166| `permissions.<name>.network.allow_local_binding` | `boolean` | Permit local bind/listen operations through the managed proxy. |
167| `permissions.<name>.network.allow_upstream_proxy` | `boolean` | Allow the managed proxy to chain to another upstream proxy. |
168| `permissions.<name>.network.dangerously_allow_all_unix_sockets` | `boolean` | Allow the proxy to use arbitrary Unix sockets instead of the default restricted set. |
169| `permissions.<name>.network.dangerously_allow_non_loopback_proxy` | `boolean` | Permit non-loopback bind addresses for the managed proxy listener. |
170| `permissions.<name>.network.domains` | `map<string, allow | deny>` | Domain rules for the managed proxy. Use domain names or wildcard patterns as keys, with `allow` or `deny` values. |
171| `permissions.<name>.network.enable_socks5` | `boolean` | Expose a SOCKS5 listener when this permissions profile enables the managed network proxy. |
172| `permissions.<name>.network.enable_socks5_udp` | `boolean` | Allow UDP over the SOCKS5 listener when enabled. |
173| `permissions.<name>.network.enabled` | `boolean` | Enable network access for this named permissions profile. |
174| `permissions.<name>.network.mode` | `limited | full` | Network proxy mode used for subprocess traffic. |
175| `permissions.<name>.network.proxy_url` | `string` | HTTP proxy endpoint used when this permissions profile enables the managed network proxy. |
176| `permissions.<name>.network.socks_url` | `string` | SOCKS5 proxy endpoint used by this permissions profile. |
177| `permissions.<name>.network.unix_sockets` | `map<string, allow | none>` | Unix socket rules for the managed proxy. Use socket paths as keys, with `allow` or `none` values. |
178| `personality` | `none | friendly | pragmatic` | Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`. |
179| `plan_mode_reasoning_effort` | `none | minimal | low | medium | high | xhigh` | Plan-mode-specific reasoning override. When unset, Plan mode uses its built-in preset default. |
180| `profile` | `string` | Default profile applied at startup (equivalent to `--profile`). |
181| `profiles.<name>.*` | `various` | Profile-scoped overrides for any of the supported configuration keys. |
182| `profiles.<name>.analytics.enabled` | `boolean` | Profile-scoped analytics enablement override. |
183| `profiles.<name>.experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec`. |
184| `profiles.<name>.model_catalog_json` | `string (path)` | Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile). |
185| `profiles.<name>.model_instructions_file` | `string (path)` | Profile-scoped replacement for the built-in instruction file. |
186| `profiles.<name>.oss_provider` | `lmstudio | ollama` | Profile-scoped OSS provider for `--oss` sessions. |
187| `profiles.<name>.personality` | `none | friendly | pragmatic` | Profile-scoped communication style override for supported models. |
188| `profiles.<name>.plan_mode_reasoning_effort` | `none | minimal | low | medium | high | xhigh` | Profile-scoped Plan-mode reasoning override. |
189| `profiles.<name>.service_tier` | `flex | fast` | Profile-scoped service tier preference for new turns. |
190| `profiles.<name>.tools_view_image` | `boolean` | Enable or disable the `view_image` tool in that profile. |
191| `profiles.<name>.web_search` | `disabled | cached | live` | Profile-scoped web search mode override (default: `"cached"`). |
192| `profiles.<name>.windows.sandbox` | `unelevated | elevated` | Profile-scoped Windows sandbox mode override. |
193| `project_doc_fallback_filenames` | `array<string>` | Additional filenames to try when `AGENTS.md` is missing. |
194| `project_doc_max_bytes` | `number` | Maximum bytes read from `AGENTS.md` when building project instructions. |
195| `project_root_markers` | `array<string>` | List of project root marker filenames; used when searching parent directories for the project root. |
196| `projects.<path>.trust_level` | `string` | Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers. |
197| `review_model` | `string` | Optional model override used by `/review` (defaults to the current session model). |
198| `sandbox_mode` | `read-only | workspace-write | danger-full-access` | Sandbox policy for filesystem and network access during command execution. |
199| `sandbox_workspace_write.exclude_slash_tmp` | `boolean` | Exclude `/tmp` from writable roots in workspace-write mode. |
200| `sandbox_workspace_write.exclude_tmpdir_env_var` | `boolean` | Exclude `$TMPDIR` from writable roots in workspace-write mode. |
201| `sandbox_workspace_write.network_access` | `boolean` | Allow outbound network access inside the workspace-write sandbox. |
202| `sandbox_workspace_write.writable_roots` | `array<string>` | Additional writable roots when `sandbox_mode = "workspace-write"`. |
203| `service_tier` | `flex | fast` | Preferred service tier for new turns. |
204| `shell_environment_policy.exclude` | `array<string>` | Glob patterns for removing environment variables after the defaults. |
205| `shell_environment_policy.experimental_use_profile` | `boolean` | Use the user shell profile when spawning subprocesses. |
206| `shell_environment_policy.ignore_default_excludes` | `boolean` | Keep variables containing KEY/SECRET/TOKEN before other filters run. |
207| `shell_environment_policy.include_only` | `array<string>` | Whitelist of patterns; when set only matching variables are kept. |
208| `shell_environment_policy.inherit` | `all | core | none` | Baseline environment inheritance when spawning subprocesses. |
209| `shell_environment_policy.set` | `map<string,string>` | Explicit environment overrides injected into every subprocess. |
210| `show_raw_agent_reasoning` | `boolean` | Surface raw reasoning content when the active model emits it. |
211| `skills.config` | `array<object>` | Per-skill enablement overrides stored in config.toml. |
212| `skills.config.<index>.enabled` | `boolean` | Enable or disable the referenced skill. |
213| `skills.config.<index>.path` | `string (path)` | Path to a skill folder containing `SKILL.md`. |
214| `sqlite_home` | `string (path)` | Directory where Codex stores the SQLite-backed state DB used by agent jobs and other resumable runtime state. |
215| `suppress_unstable_features_warning` | `boolean` | Suppress the warning that appears when under-development feature flags are enabled. |
216| `tool_output_token_limit` | `number` | Token budget for storing individual tool/function outputs in history. |
217| `tool_suggest.discoverables` | `array<table>` | Allow tool suggestions for additional discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`. |
218| `tools.view_image` | `boolean` | Enable the local-image attachment tool `view_image`. |
219| `tools.web_search` | `boolean | { context_size = "low|medium|high", allowed_domains = [string], location = { country, region, city, timezone } }` | Optional web search tool configuration. The legacy boolean form is still accepted, but the object form lets you set search context size, allowed domains, and approximate user location. |
220| `tui` | `table` | TUI-specific options such as enabling inline desktop notifications. |
221| `tui.alternate_screen` | `auto | always | never` | Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback). |
222| `tui.animations` | `boolean` | Enable terminal animations (welcome screen, shimmer, spinner) (default: true). |
223| `tui.model_availability_nux.<model>` | `integer` | Internal startup-tooltip state keyed by model slug. |
224| `tui.notification_method` | `auto | osc9 | bel` | Notification method for unfocused terminal notifications (default: auto). |
225| `tui.notifications` | `boolean | array<string>` | Enable TUI notifications; optionally restrict to specific event types. |
226| `tui.show_tooltips` | `boolean` | Show onboarding tooltips in the TUI welcome screen (default: true). |
227| `tui.status_line` | `array<string> | null` | Ordered list of TUI footer status-line item identifiers. `null` disables the status line. |
228| `tui.terminal_title` | `array<string> | null` | Ordered list of terminal window/tab title item identifiers. Defaults to `["spinner", "project"]`; `null` disables title updates. |
229| `tui.theme` | `string` | Syntax-highlighting theme override (kebab-case theme name). |
230| `web_search` | `disabled | cached | live` | Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool. |
231| `windows_wsl_setup_acknowledged` | `boolean` | Track Windows onboarding acknowledgement (Windows only). |
232| `windows.sandbox` | `unelevated | elevated` | Windows-only native sandbox mode when running Codex natively on Windows. |
233| `windows.sandbox_private_desktop` | `boolean` | Run the final sandboxed child process on a private desktop by default on native Windows. Set `false` only for compatibility with the older `Winsta0\\Default` behavior. |
234
235Key
236
237`agents.<name>.config_file`
238
239Type / Values
240
241`string (path)`
242
243Details
244
245Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role.
246
247Key
248
249`agents.<name>.description`
250
251Type / Values
252
253`string`
254
255Details
256
257Role guidance shown to Codex when choosing and spawning that agent type.
258
259Key
260
261`agents.<name>.nickname_candidates`
262
263Type / Values
264
265`array<string>`
266
267Details
268
269Optional pool of display nicknames for spawned agents in that role.
270
271Key
272
273`agents.job_max_runtime_seconds`
274
275Type / Values
276
277`number`
278
279Details
280
281Default per-worker timeout for `spawn_agents_on_csv` jobs. When unset, the tool falls back to 1800 seconds per worker.
282
283Key
284
285`agents.max_depth`
286
287Type / Values
288
289`number`
290
291Details
292
293Maximum nesting depth allowed for spawned agent threads (root sessions start at depth 0; default: 1).
294
295Key
296
297`agents.max_threads`
298
299Type / Values
300
301`number`
302
303Details
304
305Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset.
306
307Key
308
309`allow_login_shell`
310
311Type / Values
312
313`boolean`
314
315Details
316
317Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells.
318
319Key
320
321`analytics.enabled`
322
323Type / Values
324
325`boolean`
326
327Details
328
329Enable or disable analytics for this machine/profile. When unset, the client default applies.
330
331Key
332
333`approval_policy`
334
335Type / Values
336
337`untrusted | on-request | never | { granular = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool, request_permissions = bool, skill_approval = bool } }`
338
339Details
340
341Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { granular = { ... } }` to allow or auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs.
342
343Key
344
345`approval_policy.granular.mcp_elicitations`
346
347Type / Values
348
349`boolean`
350
351Details
352
353When `true`, MCP elicitation prompts are allowed to surface instead of being auto-rejected.
354
355Key
356
357`approval_policy.granular.request_permissions`
358
359Type / Values
360
361`boolean`
362
363Details
364
365When `true`, prompts from the `request_permissions` tool are allowed to surface.
366
367Key
368
369`approval_policy.granular.rules`
370
371Type / Values
372
373`boolean`
374
375Details
376
377When `true`, approvals triggered by execpolicy `prompt` rules are allowed to surface.
378
379Key
380
381`approval_policy.granular.sandbox_approval`
382
383Type / Values
384
385`boolean`
386
387Details
388
389When `true`, sandbox escalation approval prompts are allowed to surface.
390
391Key
392
393`approval_policy.granular.skill_approval`
394
395Type / Values
396
397`boolean`
398
399Details
400
401When `true`, skill-script approval prompts are allowed to surface.
402
403Key
404
405`approvals_reviewer`
406
407Type / Values
408
409`user | guardian_subagent`
410
411Details
412
413Select who reviews eligible approval prompts. Defaults to `user`; `guardian_subagent` routes supported reviews through the Guardian reviewer subagent.
414
415Key
416
417`apps._default.destructive_enabled`
418
419Type / Values
420
421`boolean`
422
423Details
424
425Default allow/deny for app tools with `destructive_hint = true`.
426
427Key
428
429`apps._default.enabled`
430
431Type / Values
432
433`boolean`
434
435Details
436
437Default app enabled state for all apps unless overridden per app.
438
439Key
440
441`apps._default.open_world_enabled`
442
443Type / Values
444
445`boolean`
446
447Details
448
449Default allow/deny for app tools with `open_world_hint = true`.
450
451Key
452
453`apps.<id>.default_tools_approval_mode`
454
455Type / Values
456
457`auto | prompt | approve`
458
459Details
460
461Default approval behavior for tools in this app unless a per-tool override exists.
462
463Key
464
465`apps.<id>.default_tools_enabled`
466
467Type / Values
468
469`boolean`
470
471Details
472
473Default enabled state for tools in this app unless a per-tool override exists.
474
475Key
476
477`apps.<id>.destructive_enabled`
478
479Type / Values
480
481`boolean`
482
483Details
484
485Allow or block tools in this app that advertise `destructive_hint = true`.
486
487Key
488
489`apps.<id>.enabled`
490
491Type / Values
492
493`boolean`
494
495Details
496
497Enable or disable a specific app/connector by id (default: true).
498
499Key
500
501`apps.<id>.open_world_enabled`
502
503Type / Values
504
505`boolean`
506
507Details
508
509Allow or block tools in this app that advertise `open_world_hint = true`.
510
511Key
512
513`apps.<id>.tools.<tool>.approval_mode`
514
515Type / Values
516
517`auto | prompt | approve`
518
519Details
520
521Per-tool approval behavior override for a single app tool.
522
523Key
524
525`apps.<id>.tools.<tool>.enabled`
526
527Type / Values
528
529`boolean`
530
531Details
532
533Per-tool enabled override for an app tool (for example `repos/list`).
534
535Key
536
537`background_terminal_max_timeout`
538
539Type / Values
540
541`number`
542
543Details
544
545Maximum poll window in milliseconds for empty `write_stdin` polls (background terminal polling). Default: `300000` (5 minutes). Replaces the older `background_terminal_timeout` key.
546
547Key
548
549`chatgpt_base_url`
550
551Type / Values
552
553`string`
554
555Details
556
557Override the base URL used during the ChatGPT login flow.
558
559Key
560
561`check_for_update_on_startup`
562
563Type / Values
564
565`boolean`
566
567Details
568
569Check for Codex updates on startup (set to false only when updates are centrally managed).
570
571Key
572
573`cli_auth_credentials_store`
574
575Type / Values
576
577`file | keyring | auto`
578
579Details
580
581Control where the CLI stores cached credentials (file-based auth.json vs OS keychain).
582
583Key
584
585`commit_attribution`
586
587Type / Values
588
589`string`
590
591Details
592
593Override the commit co-author trailer text. Set an empty string to disable automatic attribution.
594
595Key
596
597`compact_prompt`
598
599Type / Values
600
601`string`
602
603Details
604
605Inline override for the history compaction prompt.
606
607Key
608
609`default_permissions`
610
611Type / Values
612
613`string`
614
615Details
616
617Name of the default permissions profile to apply to sandboxed tool calls.
618
619Key
620
621`developer_instructions`
622
623Type / Values
624
625`string`
626
627Details
628
629Additional developer instructions injected into the session (optional).
630
631Key
632
633`disable_paste_burst`
634
635Type / Values
636
637`boolean`
638
639Details
640
641Disable burst-paste detection in the TUI.
642
643Key
644
645`experimental_compact_prompt_file`
646
647Type / Values
648
649`string (path)`
650
651Details
652
653Load the compaction prompt override from a file (experimental).
654
655Key
656
657`experimental_use_unified_exec_tool`
658
659Type / Values
660
661`boolean`
662
663Details
664
665Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`.
666
667Key
668
669`features.apps`
670
671Type / Values
672
673`boolean`
674
675Details
676
677Enable ChatGPT Apps/connectors support (experimental).
678
679Key
680
681`features.codex_hooks`
682
683Type / Values
684
685`boolean`
686
687Details
688
689Enable lifecycle hooks loaded from `hooks.json` (under development; off by default).
690
691Key
692
693`features.enable_request_compression`
694
695Type / Values
696
697`boolean`
698
699Details
700
701Compress streaming request bodies with zstd when supported (stable; on by default).
702
703Key
704
705`features.fast_mode`
706
707Type / Values
708
709`boolean`
710
711Details
712
713Enable Fast mode selection and the `service_tier = "fast"` path (stable; on by default).
714
715Key
716
717`features.guardian_approval`
718
719Type / Values
720
721`boolean`
722
723Details
724
725Route eligible approval requests through the guardian reviewer subagent (experimental; off by default). Use with `approvals_reviewer = "guardian_subagent"`.
726
727Key
728
729`features.memories`
730
731Type / Values
732
733`boolean`
734
735Details
736
737Enable [Memories](https://developers.openai.com/codex/memories) (off by default).
738
739Key
740
741`features.multi_agent`
742
743Type / Values
744
745`boolean`
746
747Details
748
749Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait_agent`, and `close_agent`) (stable; on by default).
750
751Key
752
753`features.personality`
754
755Type / Values
756
757`boolean`
758
759Details
760
761Enable personality selection controls (stable; on by default).
762
763Key
764
765`features.prevent_idle_sleep`
766
767Type / Values
768
769`boolean`
770
771Details
772
773Prevent the machine from sleeping while a turn is actively running (experimental; off by default).
774
775Key
776
777`features.shell_snapshot`
778
779Type / Values
780
781`boolean`
782
783Details
784
785Snapshot shell environment to speed up repeated commands (stable; on by default).
786
787Key
788
789`features.shell_tool`
790
791Type / Values
792
793`boolean`
794
795Details
796
797Enable the default `shell` tool for running commands (stable; on by default).
798
799Key
800
801`features.skill_mcp_dependency_install`
802
803Type / Values
804
805`boolean`
806
807Details
808
809Allow prompting and installing missing MCP dependencies for skills (stable; on by default).
810
811Key
812
813`features.undo`
814
815Type / Values
816
817`boolean`
818
819Details
820
821Enable undo support (stable; off by default).
822
823Key
824
825`features.unified_exec`
826
827Type / Values
828
829`boolean`
830
831Details
832
833Use the unified PTY-backed exec tool (stable; enabled by default except on Windows).
834
835Key
836
837`features.web_search`
838
839Type / Values
840
841`boolean`
842
843Details
844
845Deprecated legacy toggle; prefer the top-level `web_search` setting.
846
847Key
848
849`features.web_search_cached`
850
851Type / Values
852
853`boolean`
854
855Details
856
857Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`.
858
859Key
860
861`features.web_search_request`
862
863Type / Values
864
865`boolean`
866
867Details
868
869Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`.
870
871Key
872
873`feedback.enabled`
874
875Type / Values
876
877`boolean`
878
879Details
880
881Enable feedback submission via `/feedback` across Codex surfaces (default: true).
882
883Key
884
885`file_opener`
886
887Type / Values
888
889`vscode | vscode-insiders | windsurf | cursor | none`
890
891Details
892
893URI scheme used to open citations from Codex output (default: `vscode`).
894
895Key
896
897`forced_chatgpt_workspace_id`
898
899Type / Values
900
901`string (uuid)`
902
903Details
904
905Limit ChatGPT logins to a specific workspace identifier.
906
907Key
908
909`forced_login_method`
910
911Type / Values
912
913`chatgpt | api`
914
915Details
916
917Restrict Codex to a specific authentication method.
918
919Key
920
921`hide_agent_reasoning`
922
923Type / Values
924
925`boolean`
926
927Details
928
929Suppress reasoning events in both the TUI and `codex exec` output.
930
931Key
932
933`history.max_bytes`
934
935Type / Values
936
937`number`
938
939Details
940
941If set, caps the history file size in bytes by dropping oldest entries.
942
943Key
944
945`history.persistence`
946
947Type / Values
948
949`save-all | none`
950
951Details
952
953Control whether Codex saves session transcripts to history.jsonl.
954
955Key
956
957`instructions`
958
959Type / Values
960
961`string`
962
963Details
964
965Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`.
966
967Key
968
969`log_dir`
970
971Type / Values
972
973`string (path)`
974
975Details
976
977Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`.
978
979Key
980
981`mcp_oauth_callback_port`
982
983Type / Values
984
985`integer`
986
987Details
988
989Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS.
990
991Key
992
993`mcp_oauth_callback_url`
994
995Type / Values
996
997`string`
998
999Details
1000
1001Optional redirect URI override for MCP OAuth login (for example, a devbox ingress URL). `mcp_oauth_callback_port` still controls the callback listener port.
1002
1003Key
1004
1005`mcp_oauth_credentials_store`
1006
1007Type / Values
1008
1009`auto | file | keyring`
1010
1011Details
1012
1013Preferred store for MCP OAuth credentials.
1014
1015Key
1016
1017`mcp_servers.<id>.args`
1018
1019Type / Values
1020
1021`array<string>`
1022
1023Details
1024
1025Arguments passed to the MCP stdio server command.
1026
1027Key
1028
1029`mcp_servers.<id>.bearer_token_env_var`
1030
1031Type / Values
1032
1033`string`
1034
1035Details
1036
1037Environment variable sourcing the bearer token for an MCP HTTP server.
1038
1039Key
1040
1041`mcp_servers.<id>.command`
1042
1043Type / Values
1044
1045`string`
1046
1047Details
1048
1049Launcher command for an MCP stdio server.
1050
1051Key
1052
1053`mcp_servers.<id>.cwd`
1054
1055Type / Values
1056
1057`string`
1058
1059Details
1060
1061Working directory for the MCP stdio server process.
1062
1063Key
1064
1065`mcp_servers.<id>.disabled_tools`
1066
1067Type / Values
1068
1069`array<string>`
1070
1071Details
1072
1073Deny list applied after `enabled_tools` for the MCP server.
1074
1075Key
1076
1077`mcp_servers.<id>.enabled`
1078
1079Type / Values
1080
1081`boolean`
1082
1083Details
1084
1085Disable an MCP server without removing its configuration.
1086
1087Key
1088
1089`mcp_servers.<id>.enabled_tools`
1090
1091Type / Values
1092
1093`array<string>`
1094
1095Details
1096
1097Allow list of tool names exposed by the MCP server.
1098
1099Key
1100
1101`mcp_servers.<id>.env`
1102
1103Type / Values
1104
1105`map<string,string>`
1106
1107Details
1108
1109Environment variables forwarded to the MCP stdio server.
1110
1111Key
1112
1113`mcp_servers.<id>.env_http_headers`
1114
1115Type / Values
1116
1117`map<string,string>`
1118
1119Details
1120
1121HTTP headers populated from environment variables for an MCP HTTP server.
1122
1123Key
1124
1125`mcp_servers.<id>.env_vars`
1126
1127Type / Values
1128
1129`array<string>`
1130
1131Details
1132
1133Additional environment variables to whitelist for an MCP stdio server.
1134
1135Key
1136
1137`mcp_servers.<id>.http_headers`
1138
1139Type / Values
1140
1141`map<string,string>`
1142
1143Details
1144
1145Static HTTP headers included with each MCP HTTP request.
1146
1147Key
1148
1149`mcp_servers.<id>.oauth_resource`
1150
1151Type / Values
1152
1153`string`
1154
1155Details
1156
1157Optional RFC 8707 OAuth resource parameter to include during MCP login.
1158
1159Key
1160
1161`mcp_servers.<id>.required`
1162
1163Type / Values
1164
1165`boolean`
1166
1167Details
1168
1169When true, fail startup/resume if this enabled MCP server cannot initialize.
1170
1171Key
1172
1173`mcp_servers.<id>.scopes`
1174
1175Type / Values
1176
1177`array<string>`
1178
1179Details
1180
1181OAuth scopes to request when authenticating to that MCP server.
1182
1183Key
1184
1185`mcp_servers.<id>.startup_timeout_ms`
1186
1187Type / Values
1188
1189`number`
1190
1191Details
1192
1193Alias for `startup_timeout_sec` in milliseconds.
1194
1195Key
1196
1197`mcp_servers.<id>.startup_timeout_sec`
1198
1199Type / Values
1200
1201`number`
1202
1203Details
1204
1205Override the default 10s startup timeout for an MCP server.
1206
1207Key
1208
1209`mcp_servers.<id>.tool_timeout_sec`
1210
1211Type / Values
1212
1213`number`
1214
1215Details
1216
1217Override the default 60s per-tool timeout for an MCP server.
1218
1219Key
1220
1221`mcp_servers.<id>.url`
1222
1223Type / Values
1224
1225`string`
1226
1227Details
1228
1229Endpoint for an MCP streamable HTTP server.
1230
1231Key
1232
1233`memories.consolidation_model`
1234
1235Type / Values
1236
1237`string`
1238
1239Details
1240
1241Optional model override for global memory consolidation.
1242
1243Key
1244
1245`memories.extract_model`
1246
1247Type / Values
1248
1249`string`
1250
1251Details
1252
1253Optional model override for per-thread memory extraction.
1254
1255Key
1256
1257`memories.generate_memories`
1258
1259Type / Values
1260
1261`boolean`
1262
1263Details
1264
1265When `false`, newly created threads are not stored as memory-generation inputs. Defaults to `true`.
1266
1267Key
1268
1269`memories.max_raw_memories_for_consolidation`
1270
1271Type / Values
1272
1273`number`
1274
1275Details
1276
1277Maximum recent raw memories retained for global consolidation. Defaults to `256` and is capped at `4096`.
1278
1279Key
1280
1281`memories.max_rollout_age_days`
1282
1283Type / Values
1284
1285`number`
1286
1287Details
1288
1289Maximum age of threads considered for memory generation. Defaults to `30` and is clamped to `0`-`90`.
1290
1291Key
1292
1293`memories.max_rollouts_per_startup`
1294
1295Type / Values
1296
1297`number`
1298
1299Details
1300
1301Maximum rollout candidates processed per startup pass. Defaults to `16` and is capped at `128`.
1302
1303Key
1304
1305`memories.max_unused_days`
1306
1307Type / Values
1308
1309`number`
1310
1311Details
1312
1313Maximum days since a memory was last used before it becomes ineligible for consolidation. Defaults to `30` and is clamped to `0`-`365`.
1314
1315Key
1316
1317`memories.min_rollout_idle_hours`
1318
1319Type / Values
1320
1321`number`
1322
1323Details
1324
1325Minimum idle time before a thread is considered for memory generation. Defaults to `6` and is clamped to `1`-`48`.
1326
1327Key
1328
1329`memories.no_memories_if_mcp_or_web_search`
1330
1331Type / Values
1332
1333`boolean`
1334
1335Details
1336
1337When `true`, threads that use MCP tool calls or web search are kept out of memory generation. Defaults to `false`.
1338
1339Key
1340
1341`memories.use_memories`
1342
1343Type / Values
1344
1345`boolean`
1346
1347Details
1348
1349When `false`, Codex skips injecting existing memories into future sessions. Defaults to `true`.
1350
1351Key
1352
1353`model`
1354
1355Type / Values
1356
1357`string`
1358
1359Details
1360
1361Model to use (e.g., `gpt-5.4`).
1362
1363Key
1364
1365`model_auto_compact_token_limit`
1366
1367Type / Values
1368
1369`number`
1370
1371Details
1372
1373Token threshold that triggers automatic history compaction (unset uses model defaults).
1374
1375Key
1376
1377`model_catalog_json`
1378
1379Type / Values
1380
1381`string (path)`
1382
1383Details
1384
1385Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile.
1386
1387Key
1388
1389`model_context_window`
1390
1391Type / Values
1392
1393`number`
1394
1395Details
1396
1397Context window tokens available to the active model.
1398
1399Key
1400
1401`model_instructions_file`
1402
1403Type / Values
1404
1405`string (path)`
1406
1407Details
1408
1409Replacement for built-in instructions instead of `AGENTS.md`.
1410
1411Key
1412
1413`model_provider`
1414
1415Type / Values
1416
1417`string`
1418
1419Details
1420
1421Provider id from `model_providers` (default: `openai`).
1422
1423Key
1424
1425`model_providers.<id>`
1426
1427Type / Values
1428
1429`table`
1430
1431Details
1432
1433Custom provider definition. Built-in provider IDs (`openai`, `ollama`, and `lmstudio`) are reserved and cannot be overridden.
1434
1435Key
1436
1437`model_providers.<id>.auth`
1438
1439Type / Values
1440
1441`table`
1442
1443Details
1444
1445Command-backed bearer token configuration for a custom provider. Do not combine with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`.
1446
1447Key
1448
1449`model_providers.<id>.auth.args`
1450
1451Type / Values
1452
1453`array<string>`
1454
1455Details
1456
1457Arguments passed to the token command.
1458
1459Key
1460
1461`model_providers.<id>.auth.command`
1462
1463Type / Values
1464
1465`string`
1466
1467Details
1468
1469Command to run when Codex needs a bearer token. The command must print the token to stdout.
1470
1471Key
1472
1473`model_providers.<id>.auth.cwd`
1474
1475Type / Values
1476
1477`string (path)`
1478
1479Details
1480
1481Working directory for the token command.
1482
1483Key
1484
1485`model_providers.<id>.auth.refresh_interval_ms`
1486
1487Type / Values
1488
1489`number`
1490
1491Details
1492
1493How often Codex proactively refreshes the token in milliseconds (default: 300000). Set to `0` to refresh only after an authentication retry.
1494
1495Key
1496
1497`model_providers.<id>.auth.timeout_ms`
1498
1499Type / Values
1500
1501`number`
1502
1503Details
1504
1505Maximum token command runtime in milliseconds (default: 5000).
1506
1507Key
1508
1509`model_providers.<id>.base_url`
1510
1511Type / Values
1512
1513`string`
1514
1515Details
1516
1517API base URL for the model provider.
1518
1519Key
1520
1521`model_providers.<id>.env_http_headers`
1522
1523Type / Values
1524
1525`map<string,string>`
1526
1527Details
1528
1529HTTP headers populated from environment variables when present.
1530
1531Key
1532
1533`model_providers.<id>.env_key`
1534
1535Type / Values
1536
1537`string`
1538
1539Details
1540
1541Environment variable supplying the provider API key.
1542
1543Key
1544
1545`model_providers.<id>.env_key_instructions`
1546
1547Type / Values
1548
1549`string`
1550
1551Details
1552
1553Optional setup guidance for the provider API key.
1554
1555Key
1556
1557`model_providers.<id>.experimental_bearer_token`
1558
1559Type / Values
1560
1561`string`
1562
1563Details
1564
1565Direct bearer token for the provider (discouraged; use `env_key`).
1566
1567Key
1568
1569`model_providers.<id>.http_headers`
1570
1571Type / Values
1572
1573`map<string,string>`
1574
1575Details
1576
1577Static HTTP headers added to provider requests.
1578
1579Key
1580
1581`model_providers.<id>.name`
1582
1583Type / Values
1584
1585`string`
1586
1587Details
1588
1589Display name for a custom model provider.
1590
1591Key
1592
1593`model_providers.<id>.query_params`
1594
1595Type / Values
1596
1597`map<string,string>`
1598
1599Details
1600
1601Extra query parameters appended to provider requests.
1602
1603Key
1604
1605`model_providers.<id>.request_max_retries`
1606
1607Type / Values
1608
1609`number`
1610
1611Details
1612
1613Retry count for HTTP requests to the provider (default: 4).
1614
1615Key
1616
1617`model_providers.<id>.requires_openai_auth`
1618
1619Type / Values
1620
1621`boolean`
1622
1623Details
1624
1625The provider uses OpenAI authentication (defaults to false).
1626
1627Key
1628
1629`model_providers.<id>.stream_idle_timeout_ms`
1630
1631Type / Values
1632
1633`number`
1634
1635Details
1636
1637Idle timeout for SSE streams in milliseconds (default: 300000).
1638
1639Key
1640
1641`model_providers.<id>.stream_max_retries`
1642
1643Type / Values
1644
1645`number`
1646
1647Details
1648
1649Retry count for SSE streaming interruptions (default: 5).
1650
1651Key
1652
1653`model_providers.<id>.supports_websockets`
1654
1655Type / Values
1656
1657`boolean`
1658
1659Details
1660
1661Whether that provider supports the Responses API WebSocket transport.
1662
1663Key
1664
1665`model_providers.<id>.wire_api`
1666
1667Type / Values
1668
1669`responses`
1670
1671Details
1672
1673Protocol used by the provider. `responses` is the only supported value, and it is the default when omitted.
1674
1675Key
1676
1677`model_reasoning_effort`
1678
1679Type / Values
1680
1681`minimal | low | medium | high | xhigh`
1682
1683Details
1684
1685Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent).
1686
1687Key
1688
1689`model_reasoning_summary`
1690
1691Type / Values
1692
1693`auto | concise | detailed | none`
1694
1695Details
1696
1697Select reasoning summary detail or disable summaries entirely.
1698
1699Key
1700
1701`model_supports_reasoning_summaries`
1702
1703Type / Values
1704
1705`boolean`
1706
1707Details
1708
1709Force Codex to send or not send reasoning metadata.
1710
1711Key
1712
1713`model_verbosity`
1714
1715Type / Values
1716
1717`low | medium | high`
1718
1719Details
1720
1721Optional GPT-5 Responses API verbosity override; when unset, the selected model/preset default is used.
1722
1723Key
1724
1725`notice.hide_full_access_warning`
1726
1727Type / Values
1728
1729`boolean`
1730
1731Details
1732
1733Track acknowledgement of the full access warning prompt.
1734
1735Key
1736
1737`notice.hide_gpt-5.1-codex-max_migration_prompt`
1738
1739Type / Values
1740
1741`boolean`
1742
1743Details
1744
1745Track acknowledgement of the gpt-5.1-codex-max migration prompt.
1746
1747Key
1748
1749`notice.hide_gpt5_1_migration_prompt`
1750
1751Type / Values
1752
1753`boolean`
1754
1755Details
1756
1757Track acknowledgement of the GPT-5.1 migration prompt.
1758
1759Key
1760
1761`notice.hide_rate_limit_model_nudge`
1762
1763Type / Values
1764
1765`boolean`
1766
1767Details
1768
1769Track opt-out of the rate limit model switch reminder.
1770
1771Key
1772
1773`notice.hide_world_writable_warning`
1774
1775Type / Values
1776
1777`boolean`
1778
1779Details
1780
1781Track acknowledgement of the Windows world-writable directories warning.
1782
1783Key
1784
1785`notice.model_migrations`
1786
1787Type / Values
1788
1789`map<string,string>`
1790
1791Details
1792
1793Track acknowledged model migrations as old->new mappings.
1794
1795Key
1796
1797`notify`
1798
1799Type / Values
1800
1801`array<string>`
1802
1803Details
1804
1805Command invoked for notifications; receives a JSON payload from Codex.
1806
1807Key
1808
1809`openai_base_url`
1810
1811Type / Values
1812
1813`string`
1814
1815Details
1816
1817Base URL override for the built-in `openai` model provider.
1818
1819Key
1820
1821`oss_provider`
1822
1823Type / Values
1824
1825`lmstudio | ollama`
1826
1827Details
1828
1829Default local provider used when running with `--oss` (defaults to prompting if unset).
1830
1831Key
1832
1833`otel.environment`
1834
1835Type / Values
1836
1837`string`
1838
1839Details
1840
1841Environment tag applied to emitted OpenTelemetry events (default: `dev`).
1842
1843Key
1844
1845`otel.exporter`
1846
1847Type / Values
1848
1849`none | otlp-http | otlp-grpc`
1850
1851Details
1852
1853Select the OpenTelemetry exporter and provide any endpoint metadata.
1854
1855Key
1856
1857`otel.exporter.<id>.endpoint`
1858
1859Type / Values
1860
1861`string`
1862
1863Details
1864
1865Exporter endpoint for OTEL logs.
1866
1867Key
1868
1869`otel.exporter.<id>.headers`
1870
1871Type / Values
1872
1873`map<string,string>`
1874
1875Details
1876
1877Static headers included with OTEL exporter requests.
1878
1879Key
1880
1881`otel.exporter.<id>.protocol`
1882
1883Type / Values
1884
1885`binary | json`
1886
1887Details
1888
1889Protocol used by the OTLP/HTTP exporter.
1890
1891Key
1892
1893`otel.exporter.<id>.tls.ca-certificate`
1894
1895Type / Values
1896
1897`string`
1898
1899Details
1900
1901CA certificate path for OTEL exporter TLS.
1902
1903Key
1904
1905`otel.exporter.<id>.tls.client-certificate`
1906
1907Type / Values
1908
1909`string`
1910
1911Details
1912
1913Client certificate path for OTEL exporter TLS.
1914
1915Key
1916
1917`otel.exporter.<id>.tls.client-private-key`
1918
1919Type / Values
1920
1921`string`
1922
1923Details
1924
1925Client private key path for OTEL exporter TLS.
1926
1927Key
1928
1929`otel.log_user_prompt`
1930
1931Type / Values
1932
1933`boolean`
1934
1935Details
1936
1937Opt in to exporting raw user prompts with OpenTelemetry logs.
1938
1939Key
1940
1941`otel.metrics_exporter`
1942
1943Type / Values
1944
1945`none | statsig | otlp-http | otlp-grpc`
1946
1947Details
1948
1949Select the OpenTelemetry metrics exporter (defaults to `statsig`).
1950
1951Key
1952
1953`otel.trace_exporter`
1954
1955Type / Values
1956
1957`none | otlp-http | otlp-grpc`
1958
1959Details
1960
1961Select the OpenTelemetry trace exporter and provide any endpoint metadata.
1962
1963Key
1964
1965`otel.trace_exporter.<id>.endpoint`
1966
1967Type / Values
1968
1969`string`
1970
1971Details
1972
1973Trace exporter endpoint for OTEL logs.
1974
1975Key
1976
1977`otel.trace_exporter.<id>.headers`
1978
1979Type / Values
1980
1981`map<string,string>`
1982
1983Details
1984
1985Static headers included with OTEL trace exporter requests.
1986
1987Key
1988
1989`otel.trace_exporter.<id>.protocol`
1990
1991Type / Values
1992
1993`binary | json`
1994
1995Details
1996
1997Protocol used by the OTLP/HTTP trace exporter.
1998
1999Key
2000
2001`otel.trace_exporter.<id>.tls.ca-certificate`
2002
2003Type / Values
2004
2005`string`
2006
2007Details
2008
2009CA certificate path for OTEL trace exporter TLS.
2010
2011Key
2012
2013`otel.trace_exporter.<id>.tls.client-certificate`
2014
2015Type / Values
2016
2017`string`
2018
2019Details
2020
2021Client certificate path for OTEL trace exporter TLS.
2022
2023Key
2024
2025`otel.trace_exporter.<id>.tls.client-private-key`
2026
2027Type / Values
2028
2029`string`
2030
2031Details
2032
2033Client private key path for OTEL trace exporter TLS.
2034
2035Key
2036
2037`permissions.<name>.filesystem`
2038
2039Type / Values
2040
2041`table`
2042
2043Details
2044
2045Named filesystem permission profile. Each key is an absolute path or special token such as `:minimal` or `:project_roots`.
2046
2047Key
2048
2049`permissions.<name>.filesystem.":project_roots".<subpath>`
2050
2051Type / Values
2052
2053`"read" | "write" | "none"`
2054
2055Details
2056
2057Scoped filesystem access relative to the detected project roots. Use `"."` for the root itself.
2058
2059Key
2060
2061`permissions.<name>.filesystem.<path>`
2062
2063Type / Values
2064
2065`"read" | "write" | "none" | table`
2066
2067Details
2068
2069Grant direct access for a path or special token, or scope nested entries under that root.
2070
2071Key
2072
2073`permissions.<name>.network.allow_local_binding`
2074
2075Type / Values
2076
2077`boolean`
2078
2079Details
2080
2081Permit local bind/listen operations through the managed proxy.
2082
2083Key
2084
2085`permissions.<name>.network.allow_upstream_proxy`
2086
2087Type / Values
2088
2089`boolean`
2090
2091Details
2092
2093Allow the managed proxy to chain to another upstream proxy.
2094
2095Key
2096
2097`permissions.<name>.network.dangerously_allow_all_unix_sockets`
2098
2099Type / Values
2100
2101`boolean`
2102
2103Details
2104
2105Allow the proxy to use arbitrary Unix sockets instead of the default restricted set.
2106
2107Key
2108
2109`permissions.<name>.network.dangerously_allow_non_loopback_proxy`
2110
2111Type / Values
2112
2113`boolean`
2114
2115Details
2116
2117Permit non-loopback bind addresses for the managed proxy listener.
2118
2119Key
2120
2121`permissions.<name>.network.domains`
2122
2123Type / Values
2124
2125`map<string, allow | deny>`
2126
2127Details
2128
2129Domain rules for the managed proxy. Use domain names or wildcard patterns as keys, with `allow` or `deny` values.
2130
2131Key
2132
2133`permissions.<name>.network.enable_socks5`
2134
2135Type / Values
2136
2137`boolean`
2138
2139Details
2140
2141Expose a SOCKS5 listener when this permissions profile enables the managed network proxy.
2142
2143Key
2144
2145`permissions.<name>.network.enable_socks5_udp`
2146
2147Type / Values
2148
2149`boolean`
2150
2151Details
2152
2153Allow UDP over the SOCKS5 listener when enabled.
2154
2155Key
2156
2157`permissions.<name>.network.enabled`
2158
2159Type / Values
2160
2161`boolean`
2162
2163Details
2164
2165Enable network access for this named permissions profile.
2166
2167Key
2168
2169`permissions.<name>.network.mode`
2170
2171Type / Values
2172
2173`limited | full`
2174
2175Details
2176
2177Network proxy mode used for subprocess traffic.
2178
2179Key
2180
2181`permissions.<name>.network.proxy_url`
2182
2183Type / Values
2184
2185`string`
2186
2187Details
2188
2189HTTP proxy endpoint used when this permissions profile enables the managed network proxy.
2190
2191Key
2192
2193`permissions.<name>.network.socks_url`
2194
2195Type / Values
2196
2197`string`
2198
2199Details
2200
2201SOCKS5 proxy endpoint used by this permissions profile.
2202
2203Key
2204
2205`permissions.<name>.network.unix_sockets`
2206
2207Type / Values
2208
2209`map<string, allow | none>`
2210
2211Details
2212
2213Unix socket rules for the managed proxy. Use socket paths as keys, with `allow` or `none` values.
2214
2215Key
2216
2217`personality`
2218
2219Type / Values
2220
2221`none | friendly | pragmatic`
2222
2223Details
2224
2225Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`.
2226
2227Key
2228
2229`plan_mode_reasoning_effort`
2230
2231Type / Values
2232
2233`none | minimal | low | medium | high | xhigh`
2234
2235Details
2236
2237Plan-mode-specific reasoning override. When unset, Plan mode uses its built-in preset default.
2238
2239Key
2240
2241`profile`
2242
2243Type / Values
2244
2245`string`
2246
2247Details
2248
2249Default profile applied at startup (equivalent to `--profile`).
2250
2251Key
2252
2253`profiles.<name>.*`
2254
2255Type / Values
2256
2257`various`
2258
2259Details
2260
2261Profile-scoped overrides for any of the supported configuration keys.
2262
2263Key
2264
2265`profiles.<name>.analytics.enabled`
2266
2267Type / Values
2268
2269`boolean`
2270
2271Details
2272
2273Profile-scoped analytics enablement override.
2274
2275Key
2276
2277`profiles.<name>.experimental_use_unified_exec_tool`
2278
2279Type / Values
2280
2281`boolean`
2282
2283Details
2284
2285Legacy name for enabling unified exec; prefer `[features].unified_exec`.
2286
2287Key
2288
2289`profiles.<name>.model_catalog_json`
2290
2291Type / Values
2292
2293`string (path)`
2294
2295Details
2296
2297Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile).
2298
2299Key
2300
2301`profiles.<name>.model_instructions_file`
2302
2303Type / Values
2304
2305`string (path)`
2306
2307Details
2308
2309Profile-scoped replacement for the built-in instruction file.
2310
2311Key
2312
2313`profiles.<name>.oss_provider`
2314
2315Type / Values
2316
2317`lmstudio | ollama`
2318
2319Details
2320
2321Profile-scoped OSS provider for `--oss` sessions.
2322
2323Key
2324
2325`profiles.<name>.personality`
2326
2327Type / Values
2328
2329`none | friendly | pragmatic`
2330
2331Details
2332
2333Profile-scoped communication style override for supported models.
2334
2335Key
2336
2337`profiles.<name>.plan_mode_reasoning_effort`
2338
2339Type / Values
2340
2341`none | minimal | low | medium | high | xhigh`
2342
2343Details
2344
2345Profile-scoped Plan-mode reasoning override.
2346
2347Key
2348
2349`profiles.<name>.service_tier`
2350
2351Type / Values
2352
2353`flex | fast`
2354
2355Details
2356
2357Profile-scoped service tier preference for new turns.
2358
2359Key
2360
2361`profiles.<name>.tools_view_image`
2362
2363Type / Values
2364
2365`boolean`
2366
2367Details
2368
2369Enable or disable the `view_image` tool in that profile.
2370
2371Key
2372
2373`profiles.<name>.web_search`
2374
2375Type / Values
2376
2377`disabled | cached | live`
2378
2379Details
2380
2381Profile-scoped web search mode override (default: `"cached"`).
2382
2383Key
2384
2385`profiles.<name>.windows.sandbox`
2386
2387Type / Values
2388
2389`unelevated | elevated`
2390
2391Details
2392
2393Profile-scoped Windows sandbox mode override.
2394
2395Key
2396
2397`project_doc_fallback_filenames`
2398
2399Type / Values
2400
2401`array<string>`
2402
2403Details
2404
2405Additional filenames to try when `AGENTS.md` is missing.
2406
2407Key
2408
2409`project_doc_max_bytes`
2410
2411Type / Values
2412
2413`number`
2414
2415Details
2416
2417Maximum bytes read from `AGENTS.md` when building project instructions.
2418
2419Key
2420
2421`project_root_markers`
2422
2423Type / Values
2424
2425`array<string>`
2426
2427Details
2428
2429List of project root marker filenames; used when searching parent directories for the project root.
2430
2431Key
2432
2433`projects.<path>.trust_level`
2434
2435Type / Values
2436
2437`string`
2438
2439Details
2440
2441Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers.
2442
2443Key
2444
2445`review_model`
2446
2447Type / Values
2448
2449`string`
2450
2451Details
2452
2453Optional model override used by `/review` (defaults to the current session model).
2454
2455Key
2456
2457`sandbox_mode`
2458
2459Type / Values
2460
2461`read-only | workspace-write | danger-full-access`
2462
2463Details
2464
2465Sandbox policy for filesystem and network access during command execution.
2466
2467Key
2468
2469`sandbox_workspace_write.exclude_slash_tmp`
2470
2471Type / Values
2472
2473`boolean`
2474
2475Details
2476
2477Exclude `/tmp` from writable roots in workspace-write mode.
2478
2479Key
2480
2481`sandbox_workspace_write.exclude_tmpdir_env_var`
2482
2483Type / Values
2484
2485`boolean`
2486
2487Details
2488
2489Exclude `$TMPDIR` from writable roots in workspace-write mode.
2490
2491Key
2492
2493`sandbox_workspace_write.network_access`
2494
2495Type / Values
2496
2497`boolean`
2498
2499Details
2500
2501Allow outbound network access inside the workspace-write sandbox.
2502
2503Key
2504
2505`sandbox_workspace_write.writable_roots`
2506
2507Type / Values
2508
2509`array<string>`
2510
2511Details
2512
2513Additional writable roots when `sandbox_mode = "workspace-write"`.
2514
2515Key
2516
2517`service_tier`
2518
2519Type / Values
2520
2521`flex | fast`
2522
2523Details
2524
2525Preferred service tier for new turns.
2526
2527Key
2528
2529`shell_environment_policy.exclude`
2530
2531Type / Values
2532
2533`array<string>`
2534
2535Details
2536
2537Glob patterns for removing environment variables after the defaults.
2538
2539Key
2540
2541`shell_environment_policy.experimental_use_profile`
2542
2543Type / Values
2544
2545`boolean`
2546
2547Details
2548
2549Use the user shell profile when spawning subprocesses.
2550
2551Key
2552
2553`shell_environment_policy.ignore_default_excludes`
2554
2555Type / Values
2556
2557`boolean`
2558
2559Details
2560
2561Keep variables containing KEY/SECRET/TOKEN before other filters run.
2562
2563Key
2564
2565`shell_environment_policy.include_only`
2566
2567Type / Values
2568
2569`array<string>`
2570
2571Details
2572
2573Whitelist of patterns; when set only matching variables are kept.
2574
2575Key
2576
2577`shell_environment_policy.inherit`
2578
2579Type / Values
2580 15
258116`all | core | none`For sandbox and approval keys (`approval_policy`, `sandbox_mode`, and `sandbox_workspace_write.*`), pair this reference with [Sandbox and approvals](https://developers.openai.com/codex/agent-approvals-security#sandbox-and-approvals), [Protected paths in writable roots](https://developers.openai.com/codex/agent-approvals-security#protected-paths-in-writable-roots), and [Network access](https://developers.openai.com/codex/agent-approvals-security#network-access).
2582
2583Details
2584
2585Baseline environment inheritance when spawning subprocesses.
2586
2587Key
2588
2589`shell_environment_policy.set`
2590
2591Type / Values
2592
2593`map<string,string>`
2594
2595Details
2596
2597Explicit environment overrides injected into every subprocess.
2598
2599Key
2600
2601`show_raw_agent_reasoning`
2602
2603Type / Values
2604
2605`boolean`
2606
2607Details
2608
2609Surface raw reasoning content when the active model emits it.
2610
2611Key
2612
2613`skills.config`
2614
2615Type / Values
2616
2617`array<object>`
2618
2619Details
2620
2621Per-skill enablement overrides stored in config.toml.
2622
2623Key
2624
2625`skills.config.<index>.enabled`
2626
2627Type / Values
2628
2629`boolean`
2630
2631Details
2632
2633Enable or disable the referenced skill.
2634
2635Key
2636
2637`skills.config.<index>.path`
2638
2639Type / Values
2640
2641`string (path)`
2642
2643Details
2644
2645Path to a skill folder containing `SKILL.md`.
2646
2647Key
2648
2649`sqlite_home`
2650
2651Type / Values
2652
2653`string (path)`
2654
2655Details
2656
2657Directory where Codex stores the SQLite-backed state DB used by agent jobs and other resumable runtime state.
2658
2659Key
2660
2661`suppress_unstable_features_warning`
2662
2663Type / Values
2664
2665`boolean`
2666
2667Details
2668
2669Suppress the warning that appears when under-development feature flags are enabled.
2670
2671Key
2672
2673`tool_output_token_limit`
2674
2675Type / Values
2676
2677`number`
2678
2679Details
2680
2681Token budget for storing individual tool/function outputs in history.
2682
2683Key
2684
2685`tool_suggest.discoverables`
2686
2687Type / Values
2688
2689`array<table>`
2690
2691Details
2692
2693Allow tool suggestions for additional discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`.
2694
2695Key
2696
2697`tools.view_image`
2698
2699Type / Values
2700
2701`boolean`
2702
2703Details
2704
2705Enable the local-image attachment tool `view_image`.
2706
2707Key
2708
2709`tools.web_search`
2710
2711Type / Values
2712
2713`boolean | { context_size = "low|medium|high", allowed_domains = [string], location = { country, region, city, timezone } }`
2714
2715Details
2716
2717Optional web search tool configuration. The legacy boolean form is still accepted, but the object form lets you set search context size, allowed domains, and approximate user location.
2718
2719Key
2720
2721`tui`
2722
2723Type / Values
2724
2725`table`
2726
2727Details
2728
2729TUI-specific options such as enabling inline desktop notifications.
2730
2731Key
2732
2733`tui.alternate_screen`
2734
2735Type / Values
2736
2737`auto | always | never`
2738
2739Details
2740
2741Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback).
2742
2743Key
2744
2745`tui.animations`
2746
2747Type / Values
2748
2749`boolean`
2750
2751Details
2752
2753Enable terminal animations (welcome screen, shimmer, spinner) (default: true).
2754
2755Key
2756
2757`tui.model_availability_nux.<model>`
2758
2759Type / Values
2760
2761`integer`
2762
2763Details
2764
2765Internal startup-tooltip state keyed by model slug.
2766
2767Key
2768
2769`tui.notification_method`
2770
2771Type / Values
2772
2773`auto | osc9 | bel`
2774
2775Details
2776
2777Notification method for unfocused terminal notifications (default: auto).
2778
2779Key
2780
2781`tui.notifications`
2782
2783Type / Values
2784
2785`boolean | array<string>`
2786
2787Details
2788
2789Enable TUI notifications; optionally restrict to specific event types.
2790
2791Key
2792
2793`tui.show_tooltips`
2794
2795Type / Values
2796
2797`boolean`
2798
2799Details
2800
2801Show onboarding tooltips in the TUI welcome screen (default: true).
2802
2803Key
2804
2805`tui.status_line`
2806
2807Type / Values
2808
2809`array<string> | null`
2810
2811Details
2812
2813Ordered list of TUI footer status-line item identifiers. `null` disables the status line.
2814
2815Key
2816
2817`tui.terminal_title`
2818
2819Type / Values
2820
2821`array<string> | null`
2822
2823Details
2824
2825Ordered list of terminal window/tab title item identifiers. Defaults to `["spinner", "project"]`; `null` disables title updates.
2826
2827Key
2828
2829`tui.theme`
2830
2831Type / Values
2832
2833`string`
2834
2835Details
2836
2837Syntax-highlighting theme override (kebab-case theme name).
2838
2839Key
2840
2841`web_search`
2842
2843Type / Values
2844
2845`disabled | cached | live`
2846
2847Details
2848
2849Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool.
2850
2851Key
2852
2853`windows_wsl_setup_acknowledged`
2854
2855Type / Values
2856
2857`boolean`
2858
2859Details
2860
2861Track Windows onboarding acknowledgement (Windows only).
2862
2863Key
2864
2865`windows.sandbox`
2866
2867Type / Values
2868
2869`unelevated | elevated`
2870
2871Details
2872
2873Windows-only native sandbox mode when running Codex natively on Windows.
2874
2875Key
2876
2877`windows.sandbox_private_desktop`
2878
2879Type / Values
2880
2881`boolean`
2882
2883Details
2884
2885Run the final sandboxed child process on a private desktop by default on native Windows. Set `false` only for compatibility with the older `Winsta0\\Default` behavior.
2886 17
288718Expand to view all<ConfigTable
19 options={[
20 {
21 key: "model",
22 type: "string",
23 description: "Model to use (e.g., `gpt-5.5`).",
24 },
25 {
26 key: "review_model",
27 type: "string",
28 description:
29 "Optional model override used by `/review` (defaults to the current session model).",
30 },
31 {
32 key: "model_provider",
33 type: "string",
34 description: "Provider id from `model_providers` (default: `openai`).",
35 },
36 {
37 key: "openai_base_url",
38 type: "string",
39 description:
40 "Base URL override for the built-in `openai` model provider.",
41 },
42 {
43 key: "model_context_window",
44 type: "number",
45 description: "Context window tokens available to the active model.",
46 },
47 {
48 key: "model_auto_compact_token_limit",
49 type: "number",
50 description:
51 "Token threshold that triggers automatic history compaction (unset uses model defaults).",
52 },
53 {
54 key: "model_catalog_json",
55 type: "string (path)",
56 description:
57 "Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile.",
58 },
59 {
60 key: "oss_provider",
61 type: "lmstudio | ollama",
62 description:
63 "Default local provider used when running with `--oss` (defaults to prompting if unset).",
64 },
65 {
66 key: "approval_policy",
67 type: "untrusted | on-request | never | { granular = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool, request_permissions = bool, skill_approval = bool } }",
68 description:
69 "Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { granular = { ... } }` to allow or auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs.",
70 },
71 {
72 key: "approval_policy.granular.sandbox_approval",
73 type: "boolean",
74 description:
75 "When `true`, sandbox escalation approval prompts are allowed to surface.",
76 },
77 {
78 key: "approval_policy.granular.rules",
79 type: "boolean",
80 description:
81 "When `true`, approvals triggered by execpolicy `prompt` rules are allowed to surface.",
82 },
83 {
84 key: "approval_policy.granular.mcp_elicitations",
85 type: "boolean",
86 description:
87 "When `true`, MCP elicitation prompts are allowed to surface instead of being auto-rejected.",
88 },
89 {
90 key: "approval_policy.granular.request_permissions",
91 type: "boolean",
92 description:
93 "When `true`, prompts from the `request_permissions` tool are allowed to surface.",
94 },
95 {
96 key: "approval_policy.granular.skill_approval",
97 type: "boolean",
98 description:
99 "When `true`, skill-script approval prompts are allowed to surface.",
100 },
101 {
102 key: "approvals_reviewer",
103 type: "user | auto_review",
104 description:
105 "Who reviews eligible approval prompts under `on-request` or granular approval policies. Defaults to `user`; `auto_review` uses the reviewer subagent. This setting doesn't change sandboxing or review actions already allowed inside the sandbox.",
106 },
107 {
108 key: "auto_review.policy",
109 type: "string",
110 description:
111 "Local Markdown policy instructions for automatic review. Managed `guardian_policy_config` takes precedence. Blank values are ignored.",
112 },
113 {
114 key: "allow_login_shell",
115 type: "boolean",
116 description:
117 "Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells.",
118 },
119 {
120 key: "sandbox_mode",
121 type: "read-only | workspace-write | danger-full-access",
122 description:
123 "Sandbox policy for filesystem and network access during command execution.",
124 },
125 {
126 key: "sandbox_workspace_write.writable_roots",
127 type: "array<string>",
128 description:
129 'Additional writable roots when `sandbox_mode = "workspace-write"`.',
130 },
131 {
132 key: "sandbox_workspace_write.network_access",
133 type: "boolean",
134 description:
135 "Allow outbound network access inside the workspace-write sandbox.",
136 },
137 {
138 key: "sandbox_workspace_write.exclude_tmpdir_env_var",
139 type: "boolean",
140 description:
141 "Exclude `$TMPDIR` from writable roots in workspace-write mode.",
142 },
143 {
144 key: "sandbox_workspace_write.exclude_slash_tmp",
145 type: "boolean",
146 description:
147 "Exclude `/tmp` from writable roots in workspace-write mode.",
148 },
149 {
150 key: "windows.sandbox",
151 type: "unelevated | elevated",
152 description:
153 "Windows-only native sandbox mode when running Codex natively on Windows.",
154 },
155 {
156 key: "windows.sandbox_private_desktop",
157 type: "boolean",
158 description:
159 "Run the final sandboxed child process on a private desktop by default on native Windows. Set `false` only for compatibility with the older `Winsta0\\\\Default` behavior.",
160 },
161 {
162 key: "notify",
163 type: "array<string>",
164 description:
165 "Command invoked for notifications; receives a JSON payload from Codex.",
166 },
167 {
168 key: "check_for_update_on_startup",
169 type: "boolean",
170 description:
171 "Check for Codex updates on startup (set to false only when updates are centrally managed).",
172 },
173 {
174 key: "feedback.enabled",
175 type: "boolean",
176 description:
177 "Enable feedback submission via `/feedback` across Codex surfaces (default: true).",
178 },
179 {
180 key: "analytics.enabled",
181 type: "boolean",
182 description:
183 "Enable or disable analytics for this machine/profile. When unset, the client default applies.",
184 },
185 {
186 key: "instructions",
187 type: "string",
188 description:
189 "Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`.",
190 },
191 {
192 key: "developer_instructions",
193 type: "string",
194 description:
195 "Additional developer instructions injected into the session (optional).",
196 },
197 {
198 key: "log_dir",
199 type: "string (path)",
200 description:
201 "Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`.",
202 },
203 {
204 key: "sqlite_home",
205 type: "string (path)",
206 description:
207 "Directory where Codex stores the SQLite-backed state DB used by agent jobs and other resumable runtime state.",
208 },
209 {
210 key: "compact_prompt",
211 type: "string",
212 description: "Inline override for the history compaction prompt.",
213 },
214 {
215 key: "commit_attribution",
216 type: "string",
217 description:
218 'Commit co-author trailer used when `[features].codex_git_commit` is enabled. Defaults to `Codex <noreply@openai.com>`; set `""` to disable.',
219 },
220 {
221 key: "model_instructions_file",
222 type: "string (path)",
223 description:
224 "Replacement for built-in instructions instead of `AGENTS.md`.",
225 },
226 {
227 key: "personality",
228 type: "none | friendly | pragmatic",
229 description:
230 "Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`.",
231 },
232 {
233 key: "service_tier",
234 type: "string",
235 description:
236 "Preferred service tier for new turns. Built-in values include `flex` and `fast`; legacy `fast` config maps to the request value `priority`, and catalog-provided tier IDs can also be stored.",
237 },
238 {
239 key: "experimental_compact_prompt_file",
240 type: "string (path)",
241 description:
242 "Load the compaction prompt override from a file (experimental).",
243 },
244 {
245 key: "skills.config",
246 type: "array<object>",
247 description: "Per-skill enablement overrides stored in config.toml.",
248 },
249 {
250 key: "skills.config.<index>.path",
251 type: "string (path)",
252 description: "Path to a skill folder containing `SKILL.md`.",
253 },
254 {
255 key: "skills.config.<index>.enabled",
256 type: "boolean",
257 description: "Enable or disable the referenced skill.",
258 },
259 {
260 key: "apps.<id>.enabled",
261 type: "boolean",
262 description:
263 "Enable or disable a specific app/connector by id (default: true).",
264 },
265 {
266 key: "apps._default.enabled",
267 type: "boolean",
268 description:
269 "Default app enabled state for all apps unless overridden per app.",
270 },
271 {
272 key: "apps._default.destructive_enabled",
273 type: "boolean",
274 description:
275 "Default allow/deny for app tools with `destructive_hint = true`.",
276 },
277 {
278 key: "apps._default.open_world_enabled",
279 type: "boolean",
280 description:
281 "Default allow/deny for app tools with `open_world_hint = true`.",
282 },
283 {
284 key: "apps.<id>.destructive_enabled",
285 type: "boolean",
286 description:
287 "Allow or block tools in this app that advertise `destructive_hint = true`.",
288 },
289 {
290 key: "apps.<id>.open_world_enabled",
291 type: "boolean",
292 description:
293 "Allow or block tools in this app that advertise `open_world_hint = true`.",
294 },
295 {
296 key: "apps.<id>.default_tools_enabled",
297 type: "boolean",
298 description:
299 "Default enabled state for tools in this app unless a per-tool override exists.",
300 },
301 {
302 key: "apps.<id>.default_tools_approval_mode",
303 type: "auto | prompt | approve",
304 description:
305 "Default approval behavior for tools in this app unless a per-tool override exists.",
306 },
307 {
308 key: "apps.<id>.tools.<tool>.enabled",
309 type: "boolean",
310 description:
311 "Per-tool enabled override for an app tool (for example `repos/list`).",
312 },
313 {
314 key: "apps.<id>.tools.<tool>.approval_mode",
315 type: "auto | prompt | approve",
316 description: "Per-tool approval behavior override for a single app tool.",
317 },
318 {
319 key: "tool_suggest.discoverables",
320 type: "array<table>",
321 description:
322 'Allow tool suggestions for additional discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`.',
323 },
324 {
325 key: "tool_suggest.disabled_tools",
326 type: "array<table>",
327 description:
328 'Disable suggestions for specific discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`.',
329 },
330 {
331 key: "features.apps",
332 type: "boolean",
333 description: "Enable ChatGPT Apps/connectors support (experimental).",
334 },
335 {
336 key: "features.hooks",
337 type: "boolean",
338 description:
339 "Enable lifecycle hooks loaded from `hooks.json` or inline `[hooks]` config. `features.codex_hooks` is a deprecated alias.",
340 },
341 {
342 key: "features.codex_git_commit",
343 type: "boolean",
344 description:
345 "Enable Codex-generated git commits. When enabled, Codex uses `commit_attribution` to append a `Co-authored-by:` trailer to generated commit messages.",
346 },
347 {
348 key: "hooks",
349 type: "table",
350 description:
351 "Lifecycle hooks configured inline in `config.toml`. Uses the same event schema as `hooks.json`; see the Hooks guide for examples and supported events.",
352 },
353 {
354 key: "features.plugin_hooks",
355 type: "boolean",
356 description:
357 "Opt into lifecycle hooks bundled with enabled plugins. Off by default in this release; set to `true` to opt in.",
358 },
359 {
360 key: "features.memories",
361 type: "boolean",
362 description: "Enable [Memories](https://developers.openai.com/codex/memories) (off by default).",
363 },
364 {
365 key: "mcp_servers.<id>.command",
366 type: "string",
367 description: "Launcher command for an MCP stdio server.",
368 },
369 {
370 key: "mcp_servers.<id>.args",
371 type: "array<string>",
372 description: "Arguments passed to the MCP stdio server command.",
373 },
374 {
375 key: "mcp_servers.<id>.env",
376 type: "map<string,string>",
377 description: "Environment variables forwarded to the MCP stdio server.",
378 },
379 {
380 key: "mcp_servers.<id>.env_vars",
381 type: 'array<string | { name = string, source = "local" | "remote" }>',
382 description:
383 'Additional environment variables to whitelist for an MCP stdio server. String entries default to `source = "local"`; use `source = "remote"` only with executor-backed remote stdio.',
384 },
385 {
386 key: "mcp_servers.<id>.cwd",
387 type: "string",
388 description: "Working directory for the MCP stdio server process.",
389 },
390 {
391 key: "mcp_servers.<id>.url",
392 type: "string",
393 description: "Endpoint for an MCP streamable HTTP server.",
394 },
395 {
396 key: "mcp_servers.<id>.bearer_token_env_var",
397 type: "string",
398 description:
399 "Environment variable sourcing the bearer token for an MCP HTTP server.",
400 },
401 {
402 key: "mcp_servers.<id>.http_headers",
403 type: "map<string,string>",
404 description: "Static HTTP headers included with each MCP HTTP request.",
405 },
406 {
407 key: "mcp_servers.<id>.env_http_headers",
408 type: "map<string,string>",
409 description:
410 "HTTP headers populated from environment variables for an MCP HTTP server.",
411 },
412 {
413 key: "mcp_servers.<id>.enabled",
414 type: "boolean",
415 description: "Disable an MCP server without removing its configuration.",
416 },
417 {
418 key: "mcp_servers.<id>.required",
419 type: "boolean",
420 description:
421 "When true, fail startup/resume if this enabled MCP server cannot initialize.",
422 },
423 {
424 key: "mcp_servers.<id>.startup_timeout_sec",
425 type: "number",
426 description:
427 "Override the default 10s startup timeout for an MCP server.",
428 },
429 {
430 key: "mcp_servers.<id>.startup_timeout_ms",
431 type: "number",
432 description: "Alias for `startup_timeout_sec` in milliseconds.",
433 },
434 {
435 key: "mcp_servers.<id>.tool_timeout_sec",
436 type: "number",
437 description:
438 "Override the default 60s per-tool timeout for an MCP server.",
439 },
440 {
441 key: "mcp_servers.<id>.enabled_tools",
442 type: "array<string>",
443 description: "Allow list of tool names exposed by the MCP server.",
444 },
445 {
446 key: "mcp_servers.<id>.disabled_tools",
447 type: "array<string>",
448 description:
449 "Deny list applied after `enabled_tools` for the MCP server.",
450 },
451 {
452 key: "mcp_servers.<id>.default_tools_approval_mode",
453 type: "auto | prompt | approve",
454 description:
455 "Default approval behavior for MCP tools on this server unless a per-tool override exists.",
456 },
457 {
458 key: "mcp_servers.<id>.tools.<tool>.approval_mode",
459 type: "auto | prompt | approve",
460 description:
461 "Per-tool approval behavior override for one MCP tool on this server.",
462 },
463 {
464 key: "mcp_servers.<id>.scopes",
465 type: "array<string>",
466 description:
467 "OAuth scopes to request when authenticating to that MCP server.",
468 },
469 {
470 key: "mcp_servers.<id>.oauth_resource",
471 type: "string",
472 description:
473 "Optional RFC 8707 OAuth resource parameter to include during MCP login.",
474 },
475 {
476 key: "mcp_servers.<id>.experimental_environment",
477 type: "local | remote",
478 description:
479 "Experimental placement for an MCP server. `remote` starts stdio servers through a remote executor environment; streamable HTTP remote placement is not implemented.",
480 },
481 {
482 key: "agents.max_threads",
483 type: "number",
484 description:
485 "Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset.",
486 },
487 {
488 key: "agents.max_depth",
489 type: "number",
490 description:
491 "Maximum nesting depth allowed for spawned agent threads (root sessions start at depth 0; default: 1).",
492 },
493 {
494 key: "agents.job_max_runtime_seconds",
495 type: "number",
496 description:
497 "Default per-worker timeout for `spawn_agents_on_csv` jobs. When unset, the tool falls back to 1800 seconds per worker.",
498 },
499 {
500 key: "agents.<name>.description",
501 type: "string",
502 description:
503 "Role guidance shown to Codex when choosing and spawning that agent type.",
504 },
505 {
506 key: "agents.<name>.config_file",
507 type: "string (path)",
508 description:
509 "Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role.",
510 },
511 {
512 key: "agents.<name>.nickname_candidates",
513 type: "array<string>",
514 description:
515 "Optional pool of display nicknames for spawned agents in that role.",
516 },
517 {
518 key: "memories.generate_memories",
519 type: "boolean",
520 description:
521 "When `false`, newly created threads are not stored as memory-generation inputs. Defaults to `true`.",
522 },
523 {
524 key: "memories.use_memories",
525 type: "boolean",
526 description:
527 "When `false`, Codex skips injecting existing memories into future sessions. Defaults to `true`.",
528 },
529 {
530 key: "memories.disable_on_external_context",
531 type: "boolean",
532 description:
533 "When `true`, threads that use external context such as MCP tool calls, web search, or tool search are kept out of memory generation. Defaults to `false`. Legacy alias: `memories.no_memories_if_mcp_or_web_search`.",
534 },
535 {
536 key: "memories.max_raw_memories_for_consolidation",
537 type: "number",
538 description:
539 "Maximum recent raw memories retained for global consolidation. Defaults to `256` and is capped at `4096`.",
540 },
541 {
542 key: "memories.max_unused_days",
543 type: "number",
544 description:
545 "Maximum days since a memory was last used before it becomes ineligible for consolidation. Defaults to `30` and is clamped to `0`-`365`.",
546 },
547 {
548 key: "memories.max_rollout_age_days",
549 type: "number",
550 description:
551 "Maximum age of threads considered for memory generation. Defaults to `30` and is clamped to `0`-`90`.",
552 },
553 {
554 key: "memories.max_rollouts_per_startup",
555 type: "number",
556 description:
557 "Maximum rollout candidates processed per startup pass. Defaults to `16` and is capped at `128`.",
558 },
559 {
560 key: "memories.min_rollout_idle_hours",
561 type: "number",
562 description:
563 "Minimum idle time before a thread is considered for memory generation. Defaults to `6` and is clamped to `1`-`48`.",
564 },
565 {
566 key: "memories.min_rate_limit_remaining_percent",
567 type: "number",
568 description:
569 "Minimum remaining percentage required in Codex rate-limit windows before memory generation starts. Defaults to `25` and is clamped to `0`-`100`.",
570 },
571 {
572 key: "memories.extract_model",
573 type: "string",
574 description: "Optional model override for per-thread memory extraction.",
575 },
576 {
577 key: "memories.consolidation_model",
578 type: "string",
579 description: "Optional model override for global memory consolidation.",
580 },
581 {
582 key: "features.unified_exec",
583 type: "boolean",
584 description:
585 "Use the unified PTY-backed exec tool (stable; enabled by default except on Windows).",
586 },
587 {
588 key: "features.shell_snapshot",
589 type: "boolean",
590 description:
591 "Snapshot shell environment to speed up repeated commands (stable; on by default).",
592 },
593 {
594 key: "features.undo",
595 type: "boolean",
596 description: "Enable undo support (stable; off by default).",
597 },
598 {
599 key: "features.multi_agent",
600 type: "boolean",
601 description:
602 "Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait_agent`, and `close_agent`) (stable; on by default).",
603 },
604 {
605 key: "features.personality",
606 type: "boolean",
607 description:
608 "Enable personality selection controls (stable; on by default).",
609 },
610 {
611 key: "features.network_proxy",
612 type: "boolean | table",
613 description:
614 "Enable sandboxed networking. Use a table form when setting network policy options such as `domains` (experimental; off by default).",
615 },
616 {
617 key: "features.network_proxy.enabled",
618 type: "boolean",
619 description: "Enable sandboxed networking. Defaults to `false`.",
620 },
621 {
622 key: "features.network_proxy.domains",
623 type: "map<string, allow | deny>",
624 description:
625 "Domain policy for sandboxed networking. Unset by default, which means no external destinations are allowed until you add `allow` rules. Supports exact hosts, `*.example.com` for subdomains only, `**.example.com` for apex plus subdomains, and global `*` allow rules; prefer scoped rules because `*` broadly opens public outbound access. Add `deny` rules for blocked destinations; `deny` wins on conflicts.",
626 },
627 {
628 key: "features.network_proxy.unix_sockets",
629 type: "map<string, allow | none>",
630 description:
631 "Unix socket policy for sandboxed networking. Unset by default; add `allow` entries for permitted sockets.",
632 },
633 {
634 key: "features.network_proxy.allow_local_binding",
635 type: "boolean",
636 description:
637 "Allow broader local/private-network access. Defaults to `false`; exact local IP literal or `localhost` allow rules can still permit specific local targets.",
638 },
639 {
640 key: "features.network_proxy.enable_socks5",
641 type: "boolean",
642 description: "Expose SOCKS5 support. Defaults to `true`.",
643 },
644 {
645 key: "features.network_proxy.enable_socks5_udp",
646 type: "boolean",
647 description: "Allow UDP over SOCKS5. Defaults to `true`.",
648 },
649 {
650 key: "features.network_proxy.allow_upstream_proxy",
651 type: "boolean",
652 description:
653 "Allow chaining through an upstream proxy from the environment. Defaults to `true`.",
654 },
655 {
656 key: "features.network_proxy.dangerously_allow_non_loopback_proxy",
657 type: "boolean",
658 description:
659 "Permit non-loopback listener addresses. Defaults to `false`; enabling it can expose proxy listeners beyond localhost.",
660 },
661 {
662 key: "features.network_proxy.dangerously_allow_all_unix_sockets",
663 type: "boolean",
664 description:
665 "Permit arbitrary Unix socket destinations instead of allowlist-only access. Defaults to `false`; use only in tightly controlled environments.",
666 },
667 {
668 key: "features.network_proxy.proxy_url",
669 type: "string",
670 description:
671 'HTTP listener URL for sandboxed networking. Defaults to `"http://127.0.0.1:3128"`.',
672 },
673 {
674 key: "features.network_proxy.socks_url",
675 type: "string",
676 description:
677 'SOCKS5 listener URL. Defaults to `"http://127.0.0.1:8081"`.',
678 },
679 {
680 key: "features.web_search",
681 type: "boolean",
682 description:
683 "Deprecated legacy toggle; prefer the top-level `web_search` setting.",
684 },
685 {
686 key: "features.web_search_cached",
687 type: "boolean",
688 description:
689 'Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`.',
690 },
691 {
692 key: "features.web_search_request",
693 type: "boolean",
694 description:
695 'Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`.',
696 },
697 {
698 key: "features.shell_tool",
699 type: "boolean",
700 description:
701 "Enable the default `shell` tool for running commands (stable; on by default).",
702 },
703 {
704 key: "features.enable_request_compression",
705 type: "boolean",
706 description:
707 "Compress streaming request bodies with zstd when supported (stable; on by default).",
708 },
709 {
710 key: "features.skill_mcp_dependency_install",
711 type: "boolean",
712 description:
713 "Allow prompting and installing missing MCP dependencies for skills (stable; on by default).",
714 },
715 {
716 key: "features.fast_mode",
717 type: "boolean",
718 description:
719 "Enable model-catalog service tier selection in the TUI, including Fast-tier commands when the active model advertises them (stable; on by default).",
720 },
721 {
722 key: "features.prevent_idle_sleep",
723 type: "boolean",
724 description:
725 "Prevent the machine from sleeping while a turn is actively running (experimental; off by default).",
726 },
727 {
728 key: "suppress_unstable_features_warning",
729 type: "boolean",
730 description:
731 "Suppress the warning that appears when under-development feature flags are enabled.",
732 },
733 {
734 key: "model_providers.<id>",
735 type: "table",
736 description:
737 "Custom provider definition. Built-in provider IDs (`openai`, `ollama`, and `lmstudio`) are reserved and cannot be overridden.",
738 },
739 {
740 key: "model_providers.<id>.name",
741 type: "string",
742 description: "Display name for a custom model provider.",
743 },
744 {
745 key: "model_providers.<id>.base_url",
746 type: "string",
747 description: "API base URL for the model provider.",
748 },
749 {
750 key: "model_providers.<id>.env_key",
751 type: "string",
752 description: "Environment variable supplying the provider API key.",
753 },
754 {
755 key: "model_providers.<id>.env_key_instructions",
756 type: "string",
757 description: "Optional setup guidance for the provider API key.",
758 },
759 {
760 key: "model_providers.<id>.experimental_bearer_token",
761 type: "string",
762 description:
763 "Direct bearer token for the provider (discouraged; use `env_key`).",
764 },
765 {
766 key: "model_providers.<id>.requires_openai_auth",
767 type: "boolean",
768 description:
769 "The provider uses OpenAI authentication (defaults to false).",
770 },
771 {
772 key: "model_providers.<id>.wire_api",
773 type: "responses",
774 description:
775 "Protocol used by the provider. `responses` is the only supported value, and it is the default when omitted.",
776 },
777 {
778 key: "model_providers.<id>.query_params",
779 type: "map<string,string>",
780 description: "Extra query parameters appended to provider requests.",
781 },
782 {
783 key: "model_providers.<id>.http_headers",
784 type: "map<string,string>",
785 description: "Static HTTP headers added to provider requests.",
786 },
787 {
788 key: "model_providers.<id>.env_http_headers",
789 type: "map<string,string>",
790 description:
791 "HTTP headers populated from environment variables when present.",
792 },
793 {
794 key: "model_providers.<id>.request_max_retries",
795 type: "number",
796 description:
797 "Retry count for HTTP requests to the provider (default: 4).",
798 },
799 {
800 key: "model_providers.<id>.stream_max_retries",
801 type: "number",
802 description: "Retry count for SSE streaming interruptions (default: 5).",
803 },
804 {
805 key: "model_providers.<id>.stream_idle_timeout_ms",
806 type: "number",
807 description:
808 "Idle timeout for SSE streams in milliseconds (default: 300000).",
809 },
810 {
811 key: "model_providers.<id>.supports_websockets",
812 type: "boolean",
813 description:
814 "Whether that provider supports the Responses API WebSocket transport.",
815 },
816 {
817 key: "model_providers.<id>.auth",
818 type: "table",
819 description:
820 "Command-backed bearer token configuration for a custom provider. Do not combine with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`.",
821 },
822 {
823 key: "model_providers.<id>.auth.command",
824 type: "string",
825 description:
826 "Command to run when Codex needs a bearer token. The command must print the token to stdout.",
827 },
828 {
829 key: "model_providers.<id>.auth.args",
830 type: "array<string>",
831 description: "Arguments passed to the token command.",
832 },
833 {
834 key: "model_providers.<id>.auth.timeout_ms",
835 type: "number",
836 description:
837 "Maximum token command runtime in milliseconds (default: 5000).",
838 },
839 {
840 key: "model_providers.<id>.auth.refresh_interval_ms",
841 type: "number",
842 description:
843 "How often Codex proactively refreshes the token in milliseconds (default: 300000). Set to `0` to refresh only after an authentication retry.",
844 },
845 {
846 key: "model_providers.<id>.auth.cwd",
847 type: "string (path)",
848 description: "Working directory for the token command.",
849 },
850 {
851 key: "model_providers.amazon-bedrock.aws.profile",
852 type: "string",
853 description:
854 "AWS profile name used by the built-in `amazon-bedrock` provider.",
855 },
856 {
857 key: "model_providers.amazon-bedrock.aws.region",
858 type: "string",
859 description: "AWS region used by the built-in `amazon-bedrock` provider.",
860 },
861 {
862 key: "model_reasoning_effort",
863 type: "minimal | low | medium | high | xhigh",
864 description:
865 "Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent).",
866 },
867 {
868 key: "plan_mode_reasoning_effort",
869 type: "none | minimal | low | medium | high | xhigh",
870 description:
871 "Plan-mode-specific reasoning override. When unset, Plan mode uses its built-in preset default.",
872 },
873 {
874 key: "model_reasoning_summary",
875 type: "auto | concise | detailed | none",
876 description:
877 "Select reasoning summary detail or disable summaries entirely.",
878 },
879 {
880 key: "model_verbosity",
881 type: "low | medium | high",
882 description:
883 "Optional GPT-5 Responses API verbosity override; when unset, the selected model/preset default is used.",
884 },
885 {
886 key: "model_supports_reasoning_summaries",
887 type: "boolean",
888 description: "Force Codex to send or not send reasoning metadata.",
889 },
890 {
891 key: "shell_environment_policy.inherit",
892 type: "all | core | none",
893 description:
894 "Baseline environment inheritance when spawning subprocesses.",
895 },
896 {
897 key: "shell_environment_policy.ignore_default_excludes",
898 type: "boolean",
899 description:
900 "Keep variables containing KEY/SECRET/TOKEN before other filters run.",
901 },
902 {
903 key: "shell_environment_policy.exclude",
904 type: "array<string>",
905 description:
906 "Glob patterns for removing environment variables after the defaults.",
907 },
908 {
909 key: "shell_environment_policy.include_only",
910 type: "array<string>",
911 description:
912 "Whitelist of patterns; when set only matching variables are kept.",
913 },
914 {
915 key: "shell_environment_policy.set",
916 type: "map<string,string>",
917 description:
918 "Explicit environment overrides injected into every subprocess.",
919 },
920 {
921 key: "shell_environment_policy.experimental_use_profile",
922 type: "boolean",
923 description: "Use the user shell profile when spawning subprocesses.",
924 },
925 {
926 key: "project_root_markers",
927 type: "array<string>",
928 description:
929 "List of project root marker filenames; used when searching parent directories for the project root.",
930 },
931 {
932 key: "project_doc_max_bytes",
933 type: "number",
934 description:
935 "Maximum bytes read from `AGENTS.md` when building project instructions.",
936 },
937 {
938 key: "project_doc_fallback_filenames",
939 type: "array<string>",
940 description: "Additional filenames to try when `AGENTS.md` is missing.",
941 },
942 {
943 key: "profile",
944 type: "string",
945 description:
946 "Default profile applied at startup (equivalent to `--profile`).",
947 },
948 {
949 key: "profiles.<name>.*",
950 type: "various",
951 description:
952 "Profile-scoped overrides for any of the supported configuration keys.",
953 },
954 {
955 key: "profiles.<name>.service_tier",
956 type: "string",
957 description: "Profile-scoped service tier preference for new turns.",
958 },
959 {
960 key: "profiles.<name>.plan_mode_reasoning_effort",
961 type: "none | minimal | low | medium | high | xhigh",
962 description: "Profile-scoped Plan-mode reasoning override.",
963 },
964 {
965 key: "profiles.<name>.web_search",
966 type: "disabled | cached | live",
967 description:
968 'Profile-scoped web search mode override (default: `"cached"`).',
969 },
970 {
971 key: "profiles.<name>.personality",
972 type: "none | friendly | pragmatic",
973 description:
974 "Profile-scoped communication style override for supported models.",
975 },
976 {
977 key: "profiles.<name>.model_catalog_json",
978 type: "string (path)",
979 description:
980 "Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile).",
981 },
982 {
983 key: "profiles.<name>.model_instructions_file",
984 type: "string (path)",
985 description:
986 "Profile-scoped replacement for the built-in instruction file.",
987 },
988 {
989 key: "profiles.<name>.experimental_use_unified_exec_tool",
990 type: "boolean",
991 description:
992 "Legacy name for enabling unified exec; prefer `[features].unified_exec`.",
993 },
994 {
995 key: "profiles.<name>.oss_provider",
996 type: "lmstudio | ollama",
997 description: "Profile-scoped OSS provider for `--oss` sessions.",
998 },
999 {
1000 key: "profiles.<name>.tools_view_image",
1001 type: "boolean",
1002 description: "Enable or disable the `view_image` tool in that profile.",
1003 },
1004 {
1005 key: "profiles.<name>.analytics.enabled",
1006 type: "boolean",
1007 description: "Profile-scoped analytics enablement override.",
1008 },
1009 {
1010 key: "profiles.<name>.windows.sandbox",
1011 type: "unelevated | elevated",
1012 description: "Profile-scoped Windows sandbox mode override.",
1013 },
1014 {
1015 key: "history.persistence",
1016 type: "save-all | none",
1017 description:
1018 "Control whether Codex saves session transcripts to history.jsonl.",
1019 },
1020 {
1021 key: "tool_output_token_limit",
1022 type: "number",
1023 description:
1024 "Token budget for storing individual tool/function outputs in history.",
1025 },
1026 {
1027 key: "background_terminal_max_timeout",
1028 type: "number",
1029 description:
1030 "Maximum poll window in milliseconds for empty `write_stdin` polls (background terminal polling). Default: `300000` (5 minutes). Replaces the older `background_terminal_timeout` key.",
1031 },
1032 {
1033 key: "history.max_bytes",
1034 type: "number",
1035 description:
1036 "If set, caps the history file size in bytes by dropping oldest entries.",
1037 },
1038 {
1039 key: "file_opener",
1040 type: "vscode | vscode-insiders | windsurf | cursor | none",
1041 description:
1042 "URI scheme used to open citations from Codex output (default: `vscode`).",
1043 },
1044 {
1045 key: "otel.environment",
1046 type: "string",
1047 description:
1048 "Environment tag applied to emitted OpenTelemetry events (default: `dev`).",
1049 },
1050 {
1051 key: "otel.exporter",
1052 type: "none | otlp-http | otlp-grpc",
1053 description:
1054 "Select the OpenTelemetry exporter and provide any endpoint metadata.",
1055 },
1056 {
1057 key: "otel.trace_exporter",
1058 type: "none | otlp-http | otlp-grpc",
1059 description:
1060 "Select the OpenTelemetry trace exporter and provide any endpoint metadata.",
1061 },
1062 {
1063 key: "otel.metrics_exporter",
1064 type: "none | statsig | otlp-http | otlp-grpc",
1065 description:
1066 "Select the OpenTelemetry metrics exporter (defaults to `statsig`).",
1067 },
1068 {
1069 key: "otel.log_user_prompt",
1070 type: "boolean",
1071 description:
1072 "Opt in to exporting raw user prompts with OpenTelemetry logs.",
1073 },
1074 {
1075 key: "otel.exporter.<id>.endpoint",
1076 type: "string",
1077 description: "Exporter endpoint for OTEL logs.",
1078 },
1079 {
1080 key: "otel.exporter.<id>.protocol",
1081 type: "binary | json",
1082 description: "Protocol used by the OTLP/HTTP exporter.",
1083 },
1084 {
1085 key: "otel.exporter.<id>.headers",
1086 type: "map<string,string>",
1087 description: "Static headers included with OTEL exporter requests.",
1088 },
1089 {
1090 key: "otel.trace_exporter.<id>.endpoint",
1091 type: "string",
1092 description: "Trace exporter endpoint for OTEL logs.",
1093 },
1094 {
1095 key: "otel.trace_exporter.<id>.protocol",
1096 type: "binary | json",
1097 description: "Protocol used by the OTLP/HTTP trace exporter.",
1098 },
1099 {
1100 key: "otel.trace_exporter.<id>.headers",
1101 type: "map<string,string>",
1102 description: "Static headers included with OTEL trace exporter requests.",
1103 },
1104 {
1105 key: "otel.exporter.<id>.tls.ca-certificate",
1106 type: "string",
1107 description: "CA certificate path for OTEL exporter TLS.",
1108 },
1109 {
1110 key: "otel.exporter.<id>.tls.client-certificate",
1111 type: "string",
1112 description: "Client certificate path for OTEL exporter TLS.",
1113 },
1114 {
1115 key: "otel.exporter.<id>.tls.client-private-key",
1116 type: "string",
1117 description: "Client private key path for OTEL exporter TLS.",
1118 },
1119 {
1120 key: "otel.trace_exporter.<id>.tls.ca-certificate",
1121 type: "string",
1122 description: "CA certificate path for OTEL trace exporter TLS.",
1123 },
1124 {
1125 key: "otel.trace_exporter.<id>.tls.client-certificate",
1126 type: "string",
1127 description: "Client certificate path for OTEL trace exporter TLS.",
1128 },
1129 {
1130 key: "otel.trace_exporter.<id>.tls.client-private-key",
1131 type: "string",
1132 description: "Client private key path for OTEL trace exporter TLS.",
1133 },
1134 {
1135 key: "tui",
1136 type: "table",
1137 description:
1138 "TUI-specific options such as enabling inline desktop notifications.",
1139 },
1140 {
1141 key: "tui.notifications",
1142 type: "boolean | array<string>",
1143 description:
1144 "Enable TUI notifications; optionally restrict to specific event types.",
1145 },
1146 {
1147 key: "tui.notification_method",
1148 type: "auto | osc9 | bel",
1149 description:
1150 "Notification method for terminal notifications (default: auto).",
1151 },
1152 {
1153 key: "tui.notification_condition",
1154 type: "unfocused | always",
1155 description:
1156 "Control whether TUI notifications fire only when the terminal is unfocused or regardless of focus. Defaults to `unfocused`.",
1157 },
1158 {
1159 key: "tui.animations",
1160 type: "boolean",
1161 description:
1162 "Enable terminal animations (welcome screen, shimmer, spinner) (default: true).",
1163 },
1164 {
1165 key: "tui.alternate_screen",
1166 type: "auto | always | never",
1167 description:
1168 "Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback).",
1169 },
1170 {
1171 key: "tui.vim_mode_default",
1172 type: "boolean",
1173 description:
1174 "Start the composer in Vim normal mode instead of insert mode (default: false). You can still toggle it per session with `/vim`.",
1175 },
1176 {
1177 key: "tui.raw_output_mode",
1178 type: "boolean",
1179 description:
1180 "Start the TUI in raw scrollback mode for copy-friendly terminal selection (default: false). You can toggle it with `/raw` or the default `alt-r` key binding.",
1181 },
1182 {
1183 key: "tui.show_tooltips",
1184 type: "boolean",
1185 description:
1186 "Show onboarding tooltips in the TUI welcome screen (default: true).",
1187 },
1188 {
1189 key: "tui.status_line",
1190 type: "array<string> | null",
1191 description:
1192 "Ordered list of TUI footer status-line item identifiers. `null` disables the status line.",
1193 },
1194 {
1195 key: "tui.terminal_title",
1196 type: "array<string> | null",
1197 description:
1198 'Ordered list of terminal window/tab title item identifiers. Defaults to `["spinner", "project"]`; `null` disables title updates.',
1199 },
1200 {
1201 key: "tui.theme",
1202 type: "string",
1203 description:
1204 "Syntax-highlighting theme override (kebab-case theme name).",
1205 },
1206 {
1207 key: "tui.keymap.<context>.<action>",
1208 type: "string | array<string>",
1209 description:
1210 "Keyboard shortcut binding for a TUI action. Supported contexts include `global`, `chat`, `composer`, `editor`, `pager`, `list`, and `approval`; context-specific bindings override `tui.keymap.global`.",
1211 },
1212 {
1213 key: "tui.keymap.<context>.<action> = []",
1214 type: "empty array",
1215 description:
1216 "Unbind the action in that keymap context. Key names use normalized strings such as `ctrl-a`, `shift-enter`, `page-down`, or `minus`.",
1217 },
1218 {
1219 key: "plugins.<plugin>.mcp_servers.<server>.enabled",
1220 type: "boolean",
1221 description:
1222 "Enable or disable an MCP server bundled by an installed plugin without changing the plugin manifest.",
1223 },
1224 {
1225 key: "plugins.<plugin>.mcp_servers.<server>.default_tools_approval_mode",
1226 type: "auto | prompt | approve",
1227 description:
1228 "Default approval behavior for tools on a plugin-provided MCP server.",
1229 },
1230 {
1231 key: "plugins.<plugin>.mcp_servers.<server>.enabled_tools",
1232 type: "array<string>",
1233 description:
1234 "Allow list of tools exposed from a plugin-provided MCP server.",
1235 },
1236 {
1237 key: "plugins.<plugin>.mcp_servers.<server>.disabled_tools",
1238 type: "array<string>",
1239 description:
1240 "Deny list applied after `enabled_tools` for a plugin-provided MCP server.",
1241 },
1242 {
1243 key: "plugins.<plugin>.mcp_servers.<server>.tools.<tool>.approval_mode",
1244 type: "auto | prompt | approve",
1245 description:
1246 "Per-tool approval behavior override for a plugin-provided MCP tool.",
1247 },
1248 {
1249 key: "tui.model_availability_nux.<model>",
1250 type: "integer",
1251 description: "Internal startup-tooltip state keyed by model slug.",
1252 },
1253 {
1254 key: "hide_agent_reasoning",
1255 type: "boolean",
1256 description:
1257 "Suppress reasoning events in both the TUI and `codex exec` output.",
1258 },
1259 {
1260 key: "show_raw_agent_reasoning",
1261 type: "boolean",
1262 description:
1263 "Surface raw reasoning content when the active model emits it.",
1264 },
1265 {
1266 key: "disable_paste_burst",
1267 type: "boolean",
1268 description: "Disable burst-paste detection in the TUI.",
1269 },
1270 {
1271 key: "windows_wsl_setup_acknowledged",
1272 type: "boolean",
1273 description: "Track Windows onboarding acknowledgement (Windows only).",
1274 },
1275 {
1276 key: "chatgpt_base_url",
1277 type: "string",
1278 description: "Override the base URL used during the ChatGPT login flow.",
1279 },
1280 {
1281 key: "cli_auth_credentials_store",
1282 type: "file | keyring | auto",
1283 description:
1284 "Control where the CLI stores cached credentials (file-based auth.json vs OS keychain).",
1285 },
1286 {
1287 key: "mcp_oauth_credentials_store",
1288 type: "auto | file | keyring",
1289 description: "Preferred store for MCP OAuth credentials.",
1290 },
1291 {
1292 key: "mcp_oauth_callback_port",
1293 type: "integer",
1294 description:
1295 "Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS.",
1296 },
1297 {
1298 key: "mcp_oauth_callback_url",
1299 type: "string",
1300 description:
1301 "Optional redirect URI override for MCP OAuth login (for example, a devbox ingress URL). `mcp_oauth_callback_port` still controls the callback listener port.",
1302 },
1303 {
1304 key: "experimental_use_unified_exec_tool",
1305 type: "boolean",
1306 description:
1307 "Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`.",
1308 },
1309 {
1310 key: "tools.web_search",
1311 type: 'boolean | { context_size = "low|medium|high", allowed_domains = [string], location = { country, region, city, timezone } }',
1312 description:
1313 "Optional web search tool configuration. The legacy boolean form is still accepted, but the object form lets you set search context size, allowed domains, and approximate user location.",
1314 },
1315 {
1316 key: "tools.view_image",
1317 type: "boolean",
1318 description: "Enable the local-image attachment tool `view_image`.",
1319 },
1320 {
1321 key: "web_search",
1322 type: "disabled | cached | live",
1323 description:
1324 'Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool.',
1325 },
1326 {
1327 key: "default_permissions",
1328 type: "string",
1329 description:
1330 "Name of the default permissions profile to apply to sandboxed tool calls. Built-ins are `:read-only`, `:workspace`, and `:danger-no-sandbox`; custom profile names require matching `[permissions.<name>]` tables.",
1331 },
1332 {
1333 key: "permissions.<name>.filesystem",
1334 type: "table",
1335 description:
1336 "Named filesystem permission profile. Each key is an absolute path or special token such as `:minimal` or `:project_roots`.",
1337 },
1338 {
1339 key: "permissions.<name>.filesystem.glob_scan_max_depth",
1340 type: "number",
1341 description:
1342 "Maximum depth for expanding deny-read glob patterns on platforms that snapshot matches before sandbox startup. Must be at least `1` when set.",
1343 },
1344 {
1345 key: "permissions.<name>.filesystem.<path-or-glob>",
1346 type: '"read" | "write" | "none" | table',
1347 description:
1348 'Grant direct access for a path, glob pattern, or special token, or scope nested entries under that root. Use `"none"` to deny reads for matching paths.',
1349 },
1350 {
1351 key: 'permissions.<name>.filesystem.":project_roots".<subpath-or-glob>',
1352 type: '"read" | "write" | "none"',
1353 description:
1354 'Scoped filesystem access relative to the detected project roots. Use `"."` for the root itself; glob subpaths such as `"**/*.env"` can deny reads with `"none"`.',
1355 },
1356 {
1357 key: "permissions.<name>.network.enabled",
1358 type: "boolean",
1359 description: "Enable network access for this named permissions profile.",
1360 },
1361 {
1362 key: "permissions.<name>.network.proxy_url",
1363 type: "string",
1364 description:
1365 "HTTP listener URL used when this permissions profile enables sandboxed networking.",
1366 },
1367 {
1368 key: "permissions.<name>.network.enable_socks5",
1369 type: "boolean",
1370 description:
1371 "Expose SOCKS5 support when this permissions profile enables sandboxed networking.",
1372 },
1373 {
1374 key: "permissions.<name>.network.socks_url",
1375 type: "string",
1376 description: "SOCKS5 proxy endpoint used by this permissions profile.",
1377 },
1378 {
1379 key: "permissions.<name>.network.enable_socks5_udp",
1380 type: "boolean",
1381 description: "Allow UDP over the SOCKS5 listener when enabled.",
1382 },
1383 {
1384 key: "permissions.<name>.network.allow_upstream_proxy",
1385 type: "boolean",
1386 description:
1387 "Allow sandboxed networking to chain through another upstream proxy.",
1388 },
1389 {
1390 key: "permissions.<name>.network.dangerously_allow_non_loopback_proxy",
1391 type: "boolean",
1392 description:
1393 "Permit non-loopback bind addresses for sandboxed networking listeners. Enabling it can expose listeners beyond localhost.",
1394 },
1395 {
1396 key: "permissions.<name>.network.dangerously_allow_all_unix_sockets",
1397 type: "boolean",
1398 description:
1399 "Allow arbitrary Unix socket destinations instead of the default restricted set. Use only in tightly controlled environments.",
1400 },
1401 {
1402 key: "permissions.<name>.network.domains",
1403 type: "map<string, allow | deny>",
1404 description:
1405 "Domain rules for sandboxed networking. Supports exact hosts, `*.example.com` for subdomains only, `**.example.com` for apex plus subdomains, and global `*` allow rules. `deny` wins on conflicts.",
1406 },
1407 {
1408 key: "permissions.<name>.network.unix_sockets",
1409 type: "map<string, allow | none>",
1410 description:
1411 "Unix socket rules for sandboxed networking. Use socket paths as keys, with `allow` or `none` values.",
1412 },
1413 {
1414 key: "permissions.<name>.network.allow_local_binding",
1415 type: "boolean",
1416 description:
1417 "Permit broader local/private-network access through sandboxed networking. Exact local IP literal or `localhost` allow rules can still permit specific local targets when this stays `false`.",
1418 },
1419 {
1420 key: "projects.<path>.trust_level",
1421 type: "string",
1422 description:
1423 'Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers, including project-local config, hooks, and rules.',
1424 },
1425 {
1426 key: "notice.hide_full_access_warning",
1427 type: "boolean",
1428 description: "Track acknowledgement of the full access warning prompt.",
1429 },
1430 {
1431 key: "notice.hide_world_writable_warning",
1432 type: "boolean",
1433 description:
1434 "Track acknowledgement of the Windows world-writable directories warning.",
1435 },
1436 {
1437 key: "notice.hide_rate_limit_model_nudge",
1438 type: "boolean",
1439 description: "Track opt-out of the rate limit model switch reminder.",
1440 },
1441 {
1442 key: "notice.hide_gpt5_1_migration_prompt",
1443 type: "boolean",
1444 description: "Track acknowledgement of the GPT-5.1 migration prompt.",
1445 },
1446 {
1447 key: "notice.hide_gpt-5.1-codex-max_migration_prompt",
1448 type: "boolean",
1449 description:
1450 "Track acknowledgement of the gpt-5.1-codex-max migration prompt.",
1451 },
1452 {
1453 key: "notice.model_migrations",
1454 type: "map<string,string>",
1455 description: "Track acknowledged model migrations as old->new mappings.",
1456 },
1457 {
1458 key: "forced_login_method",
1459 type: "chatgpt | api",
1460 description: "Restrict Codex to a specific authentication method.",
1461 },
1462 {
1463 key: "forced_chatgpt_workspace_id",
1464 type: "string (uuid)",
1465 description: "Limit ChatGPT logins to a specific workspace identifier.",
1466 },
1467 ]}
1468 client:load
1469/>
2888 1470
2889You can find the latest JSON schema for `config.toml` [here](https://developers.openai.com/codex/config-schema.json).1471You can find the latest JSON schema for `config.toml` [here](https://developers.openai.com/codex/config-schema.json).
2890 1472
2906Use `[features]` in `requirements.toml` to pin feature flags by the same1488Use `[features]` in `requirements.toml` to pin feature flags by the same
2907canonical keys that `config.toml` uses. Omitted keys remain unconstrained.1489canonical keys that `config.toml` uses. Omitted keys remain unconstrained.
2908 1490
29091491| Key | Type / Values | Details |<ConfigTable
29101492| --- | --- | --- | options={[
29111493| `allowed_approval_policies` | `array<string>` | Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `granular`). | {
29121494| `allowed_approvals_reviewers` | `array<string>` | Allowed values for `approvals_reviewer` (for example `user` and `guardian_subagent`). | key: "allowed_approval_policies",
29131495| `allowed_sandbox_modes` | `array<string>` | Allowed values for `sandbox_mode`. | type: "array<string>",
29141496| `allowed_web_search_modes` | `array<string>` | Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`. | description:
29151497| `features` | `table` | Pinned feature values keyed by the canonical names from `config.toml`'s `[features]` table. | "Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `granular`).",
29161498| `features.<name>` | `boolean` | Require a specific canonical feature key to stay enabled or disabled. | },
29171499| `mcp_servers` | `table` | Allowlist of MCP servers that may be enabled. Both the server name (`<id>`) and its identity must match for the MCP server to be enabled. Any configured MCP server not in the allowlist (or with a mismatched identity) is disabled. | {
29181500| `mcp_servers.<id>.identity` | `table` | Identity rule for a single MCP server. Set either `command` (stdio) or `url` (streamable HTTP). | key: "allowed_approvals_reviewers",
29191501| `mcp_servers.<id>.identity.command` | `string` | Allow an MCP stdio server when its `mcp_servers.<id>.command` matches this command. | type: "array<string>",
29201502| `mcp_servers.<id>.identity.url` | `string` | Allow an MCP streamable HTTP server when its `mcp_servers.<id>.url` matches this URL. | description:
29211503| `rules` | `table` | Admin-enforced command rules merged with `.rules` files. Requirements rules must be restrictive. | "Allowed values for `approvals_reviewer`, such as `user` and `auto_review`.",
29221504| `rules.prefix_rules` | `array<table>` | List of enforced prefix rules. Each rule must include `pattern` and `decision`. | },
29231505| `rules.prefix_rules[].decision` | `prompt | forbidden` | Required. Requirements rules can only prompt or forbid (not allow). | {
29241506| `rules.prefix_rules[].justification` | `string` | Optional non-empty rationale surfaced in approval prompts or rejection messages. | key: "guardian_policy_config",
29251507| `rules.prefix_rules[].pattern` | `array<table>` | Command prefix expressed as pattern tokens. Each token sets either `token` or `any_of`. | type: "string",
29261508| `rules.prefix_rules[].pattern[].any_of` | `array<string>` | A list of allowed alternative tokens at this position. | description:
29271509| `rules.prefix_rules[].pattern[].token` | `string` | A single literal token at this position. | "Managed Markdown policy instructions for automatic review. This takes precedence over local `[auto_review].policy`. Blank values are ignored.",
29281510 },
29291511Key {
29301512 key: "allowed_sandbox_modes",
29311513`allowed_approval_policies` type: "array<string>",
29321514 description: "Allowed values for `sandbox_mode`.",
29331515Type / Values },
29341516 {
29351517`array<string>` key: "remote_sandbox_config",
29361518 type: "array<table>",
29371519Details description:
29381520 "Host-specific sandbox requirements. The first entry whose `hostname_patterns` match the resolved host name overrides top-level `allowed_sandbox_modes` for that requirements source. Host-specific entries currently override sandbox modes only.",
29391521Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `granular`). },
29401522 {
29411523Key key: "remote_sandbox_config[].hostname_patterns",
29421524 type: "array<string>",
29431525`allowed_approvals_reviewers` description:
29441526 "Case-insensitive host name patterns. Supports `*` for any sequence of characters and `?` for one character.",
29451527Type / Values },
29461528 {
29471529`array<string>` key: "remote_sandbox_config[].allowed_sandbox_modes",
29481530 type: "array<string>",
29491531Details description:
29501532 "Allowed sandbox modes to apply when this host-specific entry matches.",
29511533Allowed values for `approvals_reviewer` (for example `user` and `guardian_subagent`). },
29521534 {
29531535Key key: "allowed_web_search_modes",
29541536 type: "array<string>",
29551537`allowed_sandbox_modes` description:
29561538 "Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`.",
29571539Type / Values },
29581540 {
29591541`array<string>` key: "features",
29601542 type: "table",
29611543Details description:
29621544 "Pinned feature values keyed by the canonical names from `config.toml`'s `[features]` table.",
29631545Allowed values for `sandbox_mode`. },
29641546 {
29651547Key key: "features.<name>",
29661548 type: "boolean",
29671549`allowed_web_search_modes` description:
29681550 "Require a specific canonical feature key to stay enabled or disabled.",
29691551Type / Values },
29701552 {
29711553`array<string>` key: "features.in_app_browser",
29721554 type: "boolean",
29731555Details description:
29741556 "Set to `false` in `requirements.toml` to disable the in-app browser pane.",
29751557Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`. },
29761558 {
29771559Key key: "features.browser_use",
29781560 type: "boolean",
29791561`features` description:
29801562 "Set to `false` in `requirements.toml` to disable Browser Use and Browser Agent availability.",
29811563Type / Values },
29821564 {
29831565`table` key: "features.computer_use",
29841566 type: "boolean",
29851567Details description:
29861568 "Set to `false` in `requirements.toml` to disable Computer Use availability and related install or enablement flows.",
29871569Pinned feature values keyed by the canonical names from `config.toml`'s `[features]` table. },
29881570 {
29891571Key key: "experimental_network",
29901572 type: "table",
29911573`features.<name>` description:
29921574 "Network access requirements enforced from `requirements.toml`. These constraints are separate from `features.network_proxy` and can configure sandboxed networking without the user feature flag.",
29931575Type / Values },
29941576 {
29951577`boolean` key: "experimental_network.enabled",
29961578 type: "boolean",
29971579Details description:
29981580 "Enable sandboxed networking requirements. This does not grant network access when the active sandbox keeps command networking off.",
29991581Require a specific canonical feature key to stay enabled or disabled. },
30001582 {
30011583Key key: "experimental_network.http_port",
30021584 type: "integer",
30031585`mcp_servers` description:
30041586 "Loopback HTTP listener port to use for `[experimental_network]` requirements.",
30051587Type / Values },
30061588 {
30071589`table` key: "experimental_network.socks_port",
30081590 type: "integer",
30091591Details description:
30101592 "Loopback SOCKS5 listener port to use for `[experimental_network]` requirements.",
30111593Allowlist of MCP servers that may be enabled. Both the server name (`<id>`) and its identity must match for the MCP server to be enabled. Any configured MCP server not in the allowlist (or with a mismatched identity) is disabled. },
30121594 {
30131595Key key: "experimental_network.allow_upstream_proxy",
30141596 type: "boolean",
30151597`mcp_servers.<id>.identity` description:
30161598 "Allow sandboxed networking to chain through an upstream proxy from the environment.",
30171599Type / Values },
30181600 {
30191601`table` key: "experimental_network.dangerously_allow_non_loopback_proxy",
30201602 type: "boolean",
30211603Details description:
30221604 "Permit non-loopback listener addresses for `[experimental_network]` requirements. Enabling it can expose listeners beyond localhost.",
30231605Identity rule for a single MCP server. Set either `command` (stdio) or `url` (streamable HTTP). },
30241606 {
30251607Key key: "experimental_network.dangerously_allow_all_unix_sockets",
30261608 type: "boolean",
30271609`mcp_servers.<id>.identity.command` description:
30281610 "Permit arbitrary Unix socket destinations instead of allowlist-only access. Use only in tightly controlled environments.",
30291611Type / Values },
30301612 {
30311613`string` key: "experimental_network.domains",
30321614 type: "map<string, allow | deny>",
30331615Details description:
30341616 "Map-shaped administrator domain policy for sandboxed networking. Supports exact hosts, `*.example.com` for subdomains only, `**.example.com` for apex plus subdomains, and global `*` allow rules; prefer scoped rules because `*` broadly opens public outbound access. `deny` wins on conflicts. Do not combine this with `experimental_network.allowed_domains` or `experimental_network.denied_domains`.",
30351617Allow an MCP stdio server when its `mcp_servers.<id>.command` matches this command. },
30361618 {
30371619Key key: "experimental_network.allowed_domains",
30381620 type: "array<string>",
30391621`mcp_servers.<id>.identity.url` description:
30401622 "List-shaped administrator allow rules for sandboxed networking. Do not combine this with `experimental_network.domains`.",
30411623Type / Values },
30421624 {
30431625`string` key: "experimental_network.denied_domains",
30441626 type: "array<string>",
30451627Details description:
30461628 "List-shaped administrator deny rules for sandboxed networking. Do not combine this with `experimental_network.domains`.",
30471629Allow an MCP streamable HTTP server when its `mcp_servers.<id>.url` matches this URL. },
30481630 {
30491631Key key: "experimental_network.managed_allowed_domains_only",
30501632 type: "boolean",
30511633`rules` description:
30521634 "When `true`, only administrator-managed allow rules remain effective while sandboxed networking requirements are active; user allowlist additions are ignored. Without managed allow rules, user-added domain allow rules do not remain effective.",
30531635Type / Values },
30541636 {
30551637`table` key: "experimental_network.unix_sockets",
30561638 type: "map<string, allow | none>",
30571639Details description:
30581640 "Administrator-managed Unix socket policy for sandboxed networking.",
30591641Admin-enforced command rules merged with `.rules` files. Requirements rules must be restrictive. },
30601642 {
30611643Key key: "experimental_network.allow_local_binding",
30621644 type: "boolean",
30631645`rules.prefix_rules` description:
30641646 "Permit broader local/private-network access for sandboxed networking. Exact local IP literal or `localhost` allow rules can still permit specific local targets when this stays `false`.",
30651647Type / Values },
30661648 {
30671649`array<table>` key: "hooks",
30681650 type: "table",
30691651Details description:
30701652 "Admin-enforced managed lifecycle hooks. Requires a managed hook directory and uses the same event schema as inline `[hooks]` in `config.toml`.",
30711653List of enforced prefix rules. Each rule must include `pattern` and `decision`. },
30721654 {
30731655Key key: "hooks.managed_dir",
30741656 type: "string (absolute path)",
30751657`rules.prefix_rules[].decision` description:
30761658 "Directory containing managed hook scripts on macOS and Linux. Codex validates that it is absolute and exists before loading managed hooks.",
30771659Type / Values },
30781660 {
30791661`prompt | forbidden` key: "hooks.windows_managed_dir",
30801662 type: "string (absolute path)",
30811663Details description:
30821664 "Directory containing managed hook scripts on Windows. Codex validates that it is absolute and exists before loading managed hooks.",
30831665Required. Requirements rules can only prompt or forbid (not allow). },
30841666 {
30851667Key key: "hooks.<Event>",
30861668 type: "array<table>",
30871669`rules.prefix_rules[].justification` description:
30881670 "Matcher groups for a hook event such as `PreToolUse`, `PermissionRequest`, `PostToolUse`, `SessionStart`, `UserPromptSubmit`, or `Stop`.",
30891671Type / Values },
30901672 {
30911673`string` key: "hooks.<Event>[].hooks",
30921674 type: "array<table>",
30931675Details description:
30941676 "Hook handlers for a matcher group. Command hooks are currently supported; prompt and agent hook handlers are parsed but skipped.",
30951677Optional non-empty rationale surfaced in approval prompts or rejection messages. },
30961678 {
30971679Key key: "permissions.filesystem.deny_read",
30981680 type: "array<string>",
30991681`rules.prefix_rules[].pattern` description:
31001682 "Admin-enforced filesystem read denials. Entries can be paths or glob patterns, and users cannot weaken them with local config.",
31011683Type / Values },
31021684 {
31031685`array<table>` key: "mcp_servers",
31041686 type: "table",
31051687Details description:
31061688 "Allowlist of MCP servers that may be enabled. Both the server name (`<id>`) and its identity must match for the MCP server to be enabled. Any configured MCP server not in the allowlist (or with a mismatched identity) is disabled.",
31071689Command prefix expressed as pattern tokens. Each token sets either `token` or `any_of`. },
31081690 {
31091691Key key: "mcp_servers.<id>.identity",
31101692 type: "table",
31111693`rules.prefix_rules[].pattern[].any_of` description:
31121694 "Identity rule for a single MCP server. Set either `command` (stdio) or `url` (streamable HTTP).",
31131695Type / Values },
31141696 {
31151697`array<string>` key: "mcp_servers.<id>.identity.command",
31161698 type: "string",
31171699Details description:
31181700 "Allow an MCP stdio server when its `mcp_servers.<id>.command` matches this command.",
31191701A list of allowed alternative tokens at this position. },
31201702 {
31211703Key key: "mcp_servers.<id>.identity.url",
31221704 type: "string",
31231705`rules.prefix_rules[].pattern[].token` description:
31241706 "Allow an MCP streamable HTTP server when its `mcp_servers.<id>.url` matches this URL.",
31251707Type / Values },
31261708 {
31271709`string` key: "rules",
31281710 type: "table",
31291711Details description:
31301712 "Admin-enforced command rules merged with `.rules` files. Requirements rules must be restrictive.",
31311713A single literal token at this position. },
31321714 {
31331715Expand to view all key: "rules.prefix_rules",
1716 type: "array<table>",
1717 description:
1718 "List of enforced prefix rules. Each rule must include `pattern` and `decision`.",
1719 },
1720 {
1721 key: "rules.prefix_rules[].pattern",
1722 type: "array<table>",
1723 description:
1724 "Command prefix expressed as pattern tokens. Each token sets either `token` or `any_of`.",
1725 },
1726 {
1727 key: "rules.prefix_rules[].pattern[].token",
1728 type: "string",
1729 description: "A single literal token at this position.",
1730 },
1731 {
1732 key: "rules.prefix_rules[].pattern[].any_of",
1733 type: "array<string>",
1734 description: "A list of allowed alternative tokens at this position.",
1735 },
1736 {
1737 key: "rules.prefix_rules[].decision",
1738 type: "prompt | forbidden",
1739 description:
1740 "Required. Requirements rules can only prompt or forbid (not allow).",
1741 },
1742 {
1743 key: "rules.prefix_rules[].justification",
1744 type: "string",
1745 description:
1746 "Optional non-empty rationale surfaced in approval prompts or rejection messages.",
1747 },
1748 ]}
1749 client:load
1750/>