config-reference.md Codex Docs, 2026-04-29 00:50 UTC → 2026-05-07 20:02 UTC

8 8 

9For sandbox and approval keys (`approval_policy`, `sandbox_mode`, and `sandbox_workspace_write.*`), pair this reference with [Sandbox and approvals](https://developers.openai.com/codex/agent-approvals-security#sandbox-and-approvals), [Protected paths in writable roots](https://developers.openai.com/codex/agent-approvals-security#protected-paths-in-writable-roots), and [Network access](https://developers.openai.com/codex/agent-approvals-security#network-access).9For sandbox and approval keys (`approval_policy`, `sandbox_mode`, and `sandbox_workspace_write.*`), pair this reference with [Sandbox and approvals](https://developers.openai.com/codex/agent-approvals-security#sandbox-and-approvals), [Protected paths in writable roots](https://developers.openai.com/codex/agent-approvals-security#protected-paths-in-writable-roots), and [Network access](https://developers.openai.com/codex/agent-approvals-security#network-access).

10 10 

11| Key | Type / Values | Details |11<ConfigTable

12| --- | --- | --- |12 options={[

13| `agents.<name>.config_file` | `string (path)` | Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role. |13 {

14| `agents.<name>.description` | `string` | Role guidance shown to Codex when choosing and spawning that agent type. |14 key: "model",

15| `agents.<name>.nickname_candidates` | `array<string>` | Optional pool of display nicknames for spawned agents in that role. |15 type: "string",

16| `agents.job_max_runtime_seconds` | `number` | Default per-worker timeout for `spawn_agents_on_csv` jobs. When unset, the tool falls back to 1800 seconds per worker. |16 description: "Model to use (e.g., `gpt-5.5`).",

17| `agents.max_depth` | `number` | Maximum nesting depth allowed for spawned agent threads (root sessions start at depth 0; default: 1). |17 },

18| `agents.max_threads` | `number` | Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset. |18 {

19| `allow_login_shell` | `boolean` | Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells. |19 key: "review_model",

20| `analytics.enabled` | `boolean` | Enable or disable analytics for this machine/profile. When unset, the client default applies. |20 type: "string",

21| `approval_policy` | `untrusted | on-request | never | { granular = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool, request_permissions = bool, skill_approval = bool } }` | Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { granular = { ... } }` to allow or auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs. |21 description:

22| `approval_policy.granular.mcp_elicitations` | `boolean` | When `true`, MCP elicitation prompts are allowed to surface instead of being auto-rejected. |22 "Optional model override used by `/review` (defaults to the current session model).",

23| `approval_policy.granular.request_permissions` | `boolean` | When `true`, prompts from the `request_permissions` tool are allowed to surface. |23 },

24| `approval_policy.granular.rules` | `boolean` | When `true`, approvals triggered by execpolicy `prompt` rules are allowed to surface. |24 {

25| `approval_policy.granular.sandbox_approval` | `boolean` | When `true`, sandbox escalation approval prompts are allowed to surface. |25 key: "model_provider",

26| `approval_policy.granular.skill_approval` | `boolean` | When `true`, skill-script approval prompts are allowed to surface. |26 type: "string",

27| `approvals_reviewer` | `user | auto_review` | Who reviews eligible approval prompts under `on-request` or granular approval policies. Defaults to `user`; `auto_review` uses the reviewer subagent. This setting doesn't change sandboxing or review actions already allowed inside the sandbox. |27 description: "Provider id from `model_providers` (default: `openai`).",

28| `apps._default.destructive_enabled` | `boolean` | Default allow/deny for app tools with `destructive_hint = true`. |28 },

29| `apps._default.enabled` | `boolean` | Default app enabled state for all apps unless overridden per app. |29 {

30| `apps._default.open_world_enabled` | `boolean` | Default allow/deny for app tools with `open_world_hint = true`. |30 key: "openai_base_url",

31| `apps.<id>.default_tools_approval_mode` | `auto | prompt | approve` | Default approval behavior for tools in this app unless a per-tool override exists. |31 type: "string",

32| `apps.<id>.default_tools_enabled` | `boolean` | Default enabled state for tools in this app unless a per-tool override exists. |32 description:

33| `apps.<id>.destructive_enabled` | `boolean` | Allow or block tools in this app that advertise `destructive_hint = true`. |33 "Base URL override for the built-in `openai` model provider.",

34| `apps.<id>.enabled` | `boolean` | Enable or disable a specific app/connector by id (default: true). |34 },

35| `apps.<id>.open_world_enabled` | `boolean` | Allow or block tools in this app that advertise `open_world_hint = true`. |35 {

36| `apps.<id>.tools.<tool>.approval_mode` | `auto | prompt | approve` | Per-tool approval behavior override for a single app tool. |36 key: "model_context_window",

37| `apps.<id>.tools.<tool>.enabled` | `boolean` | Per-tool enabled override for an app tool (for example `repos/list`). |37 type: "number",

38| `auto_review.policy` | `string` | Local Markdown policy instructions for automatic review. Managed `guardian_policy_config` takes precedence. Blank values are ignored. |38 description: "Context window tokens available to the active model.",

39| `background_terminal_max_timeout` | `number` | Maximum poll window in milliseconds for empty `write_stdin` polls (background terminal polling). Default: `300000` (5 minutes). Replaces the older `background_terminal_timeout` key. |39 },

40| `chatgpt_base_url` | `string` | Override the base URL used during the ChatGPT login flow. |40 {

41| `check_for_update_on_startup` | `boolean` | Check for Codex updates on startup (set to false only when updates are centrally managed). |41 key: "model_auto_compact_token_limit",

42| `cli_auth_credentials_store` | `file | keyring | auto` | Control where the CLI stores cached credentials (file-based auth.json vs OS keychain). |42 type: "number",

43| `commit_attribution` | `string` | Override the commit co-author trailer text. Set an empty string to disable automatic attribution. |43 description:

44| `compact_prompt` | `string` | Inline override for the history compaction prompt. |44 "Token threshold that triggers automatic history compaction (unset uses model defaults).",

45| `default_permissions` | `string` | Name of the default permissions profile to apply to sandboxed tool calls. |45 },

46| `developer_instructions` | `string` | Additional developer instructions injected into the session (optional). |46 {

47| `disable_paste_burst` | `boolean` | Disable burst-paste detection in the TUI. |47 key: "model_catalog_json",

48| `experimental_compact_prompt_file` | `string (path)` | Load the compaction prompt override from a file (experimental). |48 type: "string (path)",

49| `experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`. |49 description:

50| `features.apps` | `boolean` | Enable ChatGPT Apps/connectors support (experimental). |50 "Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile.",

51| `features.codex_hooks` | `boolean` | Enable lifecycle hooks loaded from `hooks.json` or inline `[hooks]` config. |51 },

52| `features.enable_request_compression` | `boolean` | Compress streaming request bodies with zstd when supported (stable; on by default). |52 {

53| `features.fast_mode` | `boolean` | Enable Fast mode selection and the `service_tier = "fast"` path (stable; on by default). |53 key: "oss_provider",

54| `features.memories` | `boolean` | Enable [Memories](https://developers.openai.com/codex/memories) (off by default). |54 type: "lmstudio | ollama",

55| `features.multi_agent` | `boolean` | Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait_agent`, and `close_agent`) (stable; on by default). |55 description:

56| `features.personality` | `boolean` | Enable personality selection controls (stable; on by default). |56 "Default local provider used when running with `--oss` (defaults to prompting if unset).",

57| `features.prevent_idle_sleep` | `boolean` | Prevent the machine from sleeping while a turn is actively running (experimental; off by default). |57 },

58| `features.shell_snapshot` | `boolean` | Snapshot shell environment to speed up repeated commands (stable; on by default). |58 {

59| `features.shell_tool` | `boolean` | Enable the default `shell` tool for running commands (stable; on by default). |59 key: "approval_policy",

60| `features.skill_mcp_dependency_install` | `boolean` | Allow prompting and installing missing MCP dependencies for skills (stable; on by default). |60 type: "untrusted | on-request | never | { granular = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool, request_permissions = bool, skill_approval = bool } }",

61| `features.undo` | `boolean` | Enable undo support (stable; off by default). |61 description:

62| `features.unified_exec` | `boolean` | Use the unified PTY-backed exec tool (stable; enabled by default except on Windows). |62 "Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { granular = { ... } }` to allow or auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs.",

63| `features.web_search` | `boolean` | Deprecated legacy toggle; prefer the top-level `web_search` setting. |63 },

64| `features.web_search_cached` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`. |64 {

65| `features.web_search_request` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`. |65 key: "approval_policy.granular.sandbox_approval",

66| `feedback.enabled` | `boolean` | Enable feedback submission via `/feedback` across Codex surfaces (default: true). |66 type: "boolean",

67| `file_opener` | `vscode | vscode-insiders | windsurf | cursor | none` | URI scheme used to open citations from Codex output (default: `vscode`). |67 description:

68| `forced_chatgpt_workspace_id` | `string (uuid)` | Limit ChatGPT logins to a specific workspace identifier. |68 "When `true`, sandbox escalation approval prompts are allowed to surface.",

69| `forced_login_method` | `chatgpt | api` | Restrict Codex to a specific authentication method. |69 },

70| `hide_agent_reasoning` | `boolean` | Suppress reasoning events in both the TUI and `codex exec` output. |70 {

71| `history.max_bytes` | `number` | If set, caps the history file size in bytes by dropping oldest entries. |71 key: "approval_policy.granular.rules",

72| `history.persistence` | `save-all | none` | Control whether Codex saves session transcripts to history.jsonl. |72 type: "boolean",

73| `hooks` | `table` | Lifecycle hooks configured inline in `config.toml`. Uses the same event schema as `hooks.json`; see the Hooks guide for examples and supported events. |73 description:

74| `instructions` | `string` | Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`. |74 "When `true`, approvals triggered by execpolicy `prompt` rules are allowed to surface.",

75| `log_dir` | `string (path)` | Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`. |75 },

76| `mcp_oauth_callback_port` | `integer` | Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS. |76 {

77| `mcp_oauth_callback_url` | `string` | Optional redirect URI override for MCP OAuth login (for example, a devbox ingress URL). `mcp_oauth_callback_port` still controls the callback listener port. |77 key: "approval_policy.granular.mcp_elicitations",

78| `mcp_oauth_credentials_store` | `auto | file | keyring` | Preferred store for MCP OAuth credentials. |78 type: "boolean",

79| `mcp_servers.<id>.args` | `array<string>` | Arguments passed to the MCP stdio server command. |79 description:

80| `mcp_servers.<id>.bearer_token_env_var` | `string` | Environment variable sourcing the bearer token for an MCP HTTP server. |80 "When `true`, MCP elicitation prompts are allowed to surface instead of being auto-rejected.",

81| `mcp_servers.<id>.command` | `string` | Launcher command for an MCP stdio server. |81 },

82| `mcp_servers.<id>.cwd` | `string` | Working directory for the MCP stdio server process. |82 {

83| `mcp_servers.<id>.disabled_tools` | `array<string>` | Deny list applied after `enabled_tools` for the MCP server. |83 key: "approval_policy.granular.request_permissions",

84| `mcp_servers.<id>.enabled` | `boolean` | Disable an MCP server without removing its configuration. |84 type: "boolean",

85| `mcp_servers.<id>.enabled_tools` | `array<string>` | Allow list of tool names exposed by the MCP server. |85 description:

86| `mcp_servers.<id>.env` | `map<string,string>` | Environment variables forwarded to the MCP stdio server. |86 "When `true`, prompts from the `request_permissions` tool are allowed to surface.",

87| `mcp_servers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables for an MCP HTTP server. |87 },

88| `mcp_servers.<id>.env_vars` | `array<string | { name = string, source = "local" | "remote" }>` | Additional environment variables to whitelist for an MCP stdio server. String entries default to `source = "local"`; use `source = "remote"` only with executor-backed remote stdio. |88 {

89| `mcp_servers.<id>.experimental_environment` | `local | remote` | Experimental placement for an MCP server. `remote` starts stdio servers through a remote executor environment; streamable HTTP remote placement is not implemented. |89 key: "approval_policy.granular.skill_approval",

90| `mcp_servers.<id>.http_headers` | `map<string,string>` | Static HTTP headers included with each MCP HTTP request. |90 type: "boolean",

91| `mcp_servers.<id>.oauth_resource` | `string` | Optional RFC 8707 OAuth resource parameter to include during MCP login. |91 description:

92| `mcp_servers.<id>.required` | `boolean` | When true, fail startup/resume if this enabled MCP server cannot initialize. |92 "When `true`, skill-script approval prompts are allowed to surface.",

93| `mcp_servers.<id>.scopes` | `array<string>` | OAuth scopes to request when authenticating to that MCP server. |93 },

94| `mcp_servers.<id>.startup_timeout_ms` | `number` | Alias for `startup_timeout_sec` in milliseconds. |94 {

95| `mcp_servers.<id>.startup_timeout_sec` | `number` | Override the default 10s startup timeout for an MCP server. |95 key: "approvals_reviewer",

96| `mcp_servers.<id>.tool_timeout_sec` | `number` | Override the default 60s per-tool timeout for an MCP server. |96 type: "user | auto_review",

97| `mcp_servers.<id>.url` | `string` | Endpoint for an MCP streamable HTTP server. |97 description:

98| `memories.consolidation_model` | `string` | Optional model override for global memory consolidation. |98 "Who reviews eligible approval prompts under `on-request` or granular approval policies. Defaults to `user`; `auto_review` uses the reviewer subagent. This setting doesn't change sandboxing or review actions already allowed inside the sandbox.",

99| `memories.disable_on_external_context` | `boolean` | When `true`, threads that use external context such as MCP tool calls, web search, or tool search are kept out of memory generation. Defaults to `false`. Legacy alias: `memories.no_memories_if_mcp_or_web_search`. |99 },

100| `memories.extract_model` | `string` | Optional model override for per-thread memory extraction. |100 {

101| `memories.generate_memories` | `boolean` | When `false`, newly created threads are not stored as memory-generation inputs. Defaults to `true`. |101 key: "auto_review.policy",

102| `memories.max_raw_memories_for_consolidation` | `number` | Maximum recent raw memories retained for global consolidation. Defaults to `256` and is capped at `4096`. |102 type: "string",

103| `memories.max_rollout_age_days` | `number` | Maximum age of threads considered for memory generation. Defaults to `30` and is clamped to `0`-`90`. |103 description:

104| `memories.max_rollouts_per_startup` | `number` | Maximum rollout candidates processed per startup pass. Defaults to `16` and is capped at `128`. |104 "Local Markdown policy instructions for automatic review. Managed `guardian_policy_config` takes precedence. Blank values are ignored.",

105| `memories.max_unused_days` | `number` | Maximum days since a memory was last used before it becomes ineligible for consolidation. Defaults to `30` and is clamped to `0`-`365`. |105 },

106| `memories.min_rollout_idle_hours` | `number` | Minimum idle time before a thread is considered for memory generation. Defaults to `6` and is clamped to `1`-`48`. |106 {

107| `memories.use_memories` | `boolean` | When `false`, Codex skips injecting existing memories into future sessions. Defaults to `true`. |107 key: "allow_login_shell",

108| `model` | `string` | Model to use (e.g., `gpt-5.5`). |108 type: "boolean",

109| `model_auto_compact_token_limit` | `number` | Token threshold that triggers automatic history compaction (unset uses model defaults). |109 description:

110| `model_catalog_json` | `string (path)` | Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile. |110 "Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells.",

111| `model_context_window` | `number` | Context window tokens available to the active model. |111 },

112| `model_instructions_file` | `string (path)` | Replacement for built-in instructions instead of `AGENTS.md`. |112 {

113| `model_provider` | `string` | Provider id from `model_providers` (default: `openai`). |113 key: "sandbox_mode",

114| `model_providers.<id>` | `table` | Custom provider definition. Built-in provider IDs (`openai`, `ollama`, and `lmstudio`) are reserved and cannot be overridden. |114 type: "read-only | workspace-write | danger-full-access",

115| `model_providers.<id>.auth` | `table` | Command-backed bearer token configuration for a custom provider. Do not combine with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`. |115 description:

116| `model_providers.<id>.auth.args` | `array<string>` | Arguments passed to the token command. |116 "Sandbox policy for filesystem and network access during command execution.",

117| `model_providers.<id>.auth.command` | `string` | Command to run when Codex needs a bearer token. The command must print the token to stdout. |117 },

118| `model_providers.<id>.auth.cwd` | `string (path)` | Working directory for the token command. |118 {

119| `model_providers.<id>.auth.refresh_interval_ms` | `number` | How often Codex proactively refreshes the token in milliseconds (default: 300000). Set to `0` to refresh only after an authentication retry. |119 key: "sandbox_workspace_write.writable_roots",

120| `model_providers.<id>.auth.timeout_ms` | `number` | Maximum token command runtime in milliseconds (default: 5000). |120 type: "array<string>",

121| `model_providers.<id>.base_url` | `string` | API base URL for the model provider. |121 description:

122| `model_providers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables when present. |122 'Additional writable roots when `sandbox_mode = "workspace-write"`.',

123| `model_providers.<id>.env_key` | `string` | Environment variable supplying the provider API key. |123 },

124| `model_providers.<id>.env_key_instructions` | `string` | Optional setup guidance for the provider API key. |124 {

125| `model_providers.<id>.experimental_bearer_token` | `string` | Direct bearer token for the provider (discouraged; use `env_key`). |125 key: "sandbox_workspace_write.network_access",

126| `model_providers.<id>.http_headers` | `map<string,string>` | Static HTTP headers added to provider requests. |126 type: "boolean",

127| `model_providers.<id>.name` | `string` | Display name for a custom model provider. |127 description:

128| `model_providers.<id>.query_params` | `map<string,string>` | Extra query parameters appended to provider requests. |128 "Allow outbound network access inside the workspace-write sandbox.",

129| `model_providers.<id>.request_max_retries` | `number` | Retry count for HTTP requests to the provider (default: 4). |129 },

130| `model_providers.<id>.requires_openai_auth` | `boolean` | The provider uses OpenAI authentication (defaults to false). |130 {

131| `model_providers.<id>.stream_idle_timeout_ms` | `number` | Idle timeout for SSE streams in milliseconds (default: 300000). |131 key: "sandbox_workspace_write.exclude_tmpdir_env_var",

132| `model_providers.<id>.stream_max_retries` | `number` | Retry count for SSE streaming interruptions (default: 5). |132 type: "boolean",

133| `model_providers.<id>.supports_websockets` | `boolean` | Whether that provider supports the Responses API WebSocket transport. |133 description:

134| `model_providers.<id>.wire_api` | `responses` | Protocol used by the provider. `responses` is the only supported value, and it is the default when omitted. |134 "Exclude `$TMPDIR` from writable roots in workspace-write mode.",

135| `model_reasoning_effort` | `minimal | low | medium | high | xhigh` | Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent). |135 },

136| `model_reasoning_summary` | `auto | concise | detailed | none` | Select reasoning summary detail or disable summaries entirely. |136 {

137| `model_supports_reasoning_summaries` | `boolean` | Force Codex to send or not send reasoning metadata. |137 key: "sandbox_workspace_write.exclude_slash_tmp",

138| `model_verbosity` | `low | medium | high` | Optional GPT-5 Responses API verbosity override; when unset, the selected model/preset default is used. |138 type: "boolean",

139| `notice.hide_full_access_warning` | `boolean` | Track acknowledgement of the full access warning prompt. |139 description:

140| `notice.hide_gpt-5.1-codex-max_migration_prompt` | `boolean` | Track acknowledgement of the gpt-5.1-codex-max migration prompt. |140 "Exclude `/tmp` from writable roots in workspace-write mode.",

141| `notice.hide_gpt5_1_migration_prompt` | `boolean` | Track acknowledgement of the GPT-5.1 migration prompt. |141 },

142| `notice.hide_rate_limit_model_nudge` | `boolean` | Track opt-out of the rate limit model switch reminder. |142 {

143| `notice.hide_world_writable_warning` | `boolean` | Track acknowledgement of the Windows world-writable directories warning. |143 key: "windows.sandbox",

144| `notice.model_migrations` | `map<string,string>` | Track acknowledged model migrations as old->new mappings. |144 type: "unelevated | elevated",

145| `notify` | `array<string>` | Command invoked for notifications; receives a JSON payload from Codex. |145 description:

146| `openai_base_url` | `string` | Base URL override for the built-in `openai` model provider. |146 "Windows-only native sandbox mode when running Codex natively on Windows.",

147| `oss_provider` | `lmstudio | ollama` | Default local provider used when running with `--oss` (defaults to prompting if unset). |147 },

148| `otel.environment` | `string` | Environment tag applied to emitted OpenTelemetry events (default: `dev`). |148 {

149| `otel.exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry exporter and provide any endpoint metadata. |149 key: "windows.sandbox_private_desktop",

150| `otel.exporter.<id>.endpoint` | `string` | Exporter endpoint for OTEL logs. |150 type: "boolean",

151| `otel.exporter.<id>.headers` | `map<string,string>` | Static headers included with OTEL exporter requests. |151 description:

152| `otel.exporter.<id>.protocol` | `binary | json` | Protocol used by the OTLP/HTTP exporter. |152 "Run the final sandboxed child process on a private desktop by default on native Windows. Set `false` only for compatibility with the older `Winsta0\\\\Default` behavior.",

153| `otel.exporter.<id>.tls.ca-certificate` | `string` | CA certificate path for OTEL exporter TLS. |153 },

154| `otel.exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL exporter TLS. |154 {

155| `otel.exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL exporter TLS. |155 key: "notify",

156| `otel.log_user_prompt` | `boolean` | Opt in to exporting raw user prompts with OpenTelemetry logs. |156 type: "array<string>",

157| `otel.metrics_exporter` | `none | statsig | otlp-http | otlp-grpc` | Select the OpenTelemetry metrics exporter (defaults to `statsig`). |157 description:

158| `otel.trace_exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry trace exporter and provide any endpoint metadata. |158 "Command invoked for notifications; receives a JSON payload from Codex.",

159| `otel.trace_exporter.<id>.endpoint` | `string` | Trace exporter endpoint for OTEL logs. |159 },

160| `otel.trace_exporter.<id>.headers` | `map<string,string>` | Static headers included with OTEL trace exporter requests. |160 {

161| `otel.trace_exporter.<id>.protocol` | `binary | json` | Protocol used by the OTLP/HTTP trace exporter. |161 key: "check_for_update_on_startup",

162| `otel.trace_exporter.<id>.tls.ca-certificate` | `string` | CA certificate path for OTEL trace exporter TLS. |162 type: "boolean",

163| `otel.trace_exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL trace exporter TLS. |163 description:

164| `otel.trace_exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL trace exporter TLS. |164 "Check for Codex updates on startup (set to false only when updates are centrally managed).",

165| `permissions.<name>.filesystem` | `table` | Named filesystem permission profile. Each key is an absolute path or special token such as `:minimal` or `:project_roots`. |165 },

166| `permissions.<name>.filesystem.":project_roots".<subpath-or-glob>` | `"read" | "write" | "none"` | Scoped filesystem access relative to the detected project roots. Use `"."` for the root itself; glob subpaths such as `"**/*.env"` can deny reads with `"none"`. |166 {

167| `permissions.<name>.filesystem.<path-or-glob>` | `"read" | "write" | "none" | table` | Grant direct access for a path, glob pattern, or special token, or scope nested entries under that root. Use `"none"` to deny reads for matching paths. |167 key: "feedback.enabled",

168| `permissions.<name>.filesystem.glob_scan_max_depth` | `number` | Maximum depth for expanding deny-read glob patterns on platforms that snapshot matches before sandbox startup. Must be at least `1` when set. |168 type: "boolean",

169| `permissions.<name>.network.allow_local_binding` | `boolean` | Permit local bind/listen operations through the managed proxy. |169 description:

170| `permissions.<name>.network.allow_upstream_proxy` | `boolean` | Allow the managed proxy to chain to another upstream proxy. |170 "Enable feedback submission via `/feedback` across Codex surfaces (default: true).",

171| `permissions.<name>.network.dangerously_allow_all_unix_sockets` | `boolean` | Allow the proxy to use arbitrary Unix sockets instead of the default restricted set. |171 },

172| `permissions.<name>.network.dangerously_allow_non_loopback_proxy` | `boolean` | Permit non-loopback bind addresses for the managed proxy listener. |172 {

173| `permissions.<name>.network.domains` | `map<string, allow | deny>` | Domain rules for the managed proxy. Use domain names or wildcard patterns as keys, with `allow` or `deny` values. |173 key: "analytics.enabled",

174| `permissions.<name>.network.enable_socks5` | `boolean` | Expose a SOCKS5 listener when this permissions profile enables the managed network proxy. |174 type: "boolean",

175| `permissions.<name>.network.enable_socks5_udp` | `boolean` | Allow UDP over the SOCKS5 listener when enabled. |175 description:

176| `permissions.<name>.network.enabled` | `boolean` | Enable network access for this named permissions profile. |176 "Enable or disable analytics for this machine/profile. When unset, the client default applies.",

177| `permissions.<name>.network.mode` | `limited | full` | Network proxy mode used for subprocess traffic. |177 },

178| `permissions.<name>.network.proxy_url` | `string` | HTTP proxy endpoint used when this permissions profile enables the managed network proxy. |178 {

179| `permissions.<name>.network.socks_url` | `string` | SOCKS5 proxy endpoint used by this permissions profile. |179 key: "instructions",

180| `permissions.<name>.network.unix_sockets` | `map<string, allow | none>` | Unix socket rules for the managed proxy. Use socket paths as keys, with `allow` or `none` values. |180 type: "string",

181| `personality` | `none | friendly | pragmatic` | Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`. |181 description:

182| `plan_mode_reasoning_effort` | `none | minimal | low | medium | high | xhigh` | Plan-mode-specific reasoning override. When unset, Plan mode uses its built-in preset default. |182 "Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`.",

183| `profile` | `string` | Default profile applied at startup (equivalent to `--profile`). |183 },

184| `profiles.<name>.*` | `various` | Profile-scoped overrides for any of the supported configuration keys. |184 {

185| `profiles.<name>.analytics.enabled` | `boolean` | Profile-scoped analytics enablement override. |185 key: "developer_instructions",

186| `profiles.<name>.experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec`. |186 type: "string",

187| `profiles.<name>.model_catalog_json` | `string (path)` | Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile). |187 description:

188| `profiles.<name>.model_instructions_file` | `string (path)` | Profile-scoped replacement for the built-in instruction file. |188 "Additional developer instructions injected into the session (optional).",

189| `profiles.<name>.oss_provider` | `lmstudio | ollama` | Profile-scoped OSS provider for `--oss` sessions. |189 },

190| `profiles.<name>.personality` | `none | friendly | pragmatic` | Profile-scoped communication style override for supported models. |190 {

191| `profiles.<name>.plan_mode_reasoning_effort` | `none | minimal | low | medium | high | xhigh` | Profile-scoped Plan-mode reasoning override. |191 key: "log_dir",

192| `profiles.<name>.service_tier` | `flex | fast` | Profile-scoped service tier preference for new turns. |192 type: "string (path)",

193| `profiles.<name>.tools_view_image` | `boolean` | Enable or disable the `view_image` tool in that profile. |193 description:

194| `profiles.<name>.web_search` | `disabled | cached | live` | Profile-scoped web search mode override (default: `"cached"`). |194 "Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`.",

195| `profiles.<name>.windows.sandbox` | `unelevated | elevated` | Profile-scoped Windows sandbox mode override. |195 },

196| `project_doc_fallback_filenames` | `array<string>` | Additional filenames to try when `AGENTS.md` is missing. |196 {

197| `project_doc_max_bytes` | `number` | Maximum bytes read from `AGENTS.md` when building project instructions. |197 key: "sqlite_home",

198| `project_root_markers` | `array<string>` | List of project root marker filenames; used when searching parent directories for the project root. |198 type: "string (path)",

199| `projects.<path>.trust_level` | `string` | Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers, including project-local config, hooks, and rules. |199 description:

200| `review_model` | `string` | Optional model override used by `/review` (defaults to the current session model). |200 "Directory where Codex stores the SQLite-backed state DB used by agent jobs and other resumable runtime state.",

201| `sandbox_mode` | `read-only | workspace-write | danger-full-access` | Sandbox policy for filesystem and network access during command execution. |201 },

202| `sandbox_workspace_write.exclude_slash_tmp` | `boolean` | Exclude `/tmp` from writable roots in workspace-write mode. |202 {

203| `sandbox_workspace_write.exclude_tmpdir_env_var` | `boolean` | Exclude `$TMPDIR` from writable roots in workspace-write mode. |203 key: "compact_prompt",

204| `sandbox_workspace_write.network_access` | `boolean` | Allow outbound network access inside the workspace-write sandbox. |204 type: "string",

205| `sandbox_workspace_write.writable_roots` | `array<string>` | Additional writable roots when `sandbox_mode = "workspace-write"`. |205 description: "Inline override for the history compaction prompt.",

206| `service_tier` | `flex | fast` | Preferred service tier for new turns. |206 },

207| `shell_environment_policy.exclude` | `array<string>` | Glob patterns for removing environment variables after the defaults. |207 {

208| `shell_environment_policy.experimental_use_profile` | `boolean` | Use the user shell profile when spawning subprocesses. |208 key: "commit_attribution",

209| `shell_environment_policy.ignore_default_excludes` | `boolean` | Keep variables containing KEY/SECRET/TOKEN before other filters run. |209 type: "string",

210| `shell_environment_policy.include_only` | `array<string>` | Whitelist of patterns; when set only matching variables are kept. |210 description:

211| `shell_environment_policy.inherit` | `all | core | none` | Baseline environment inheritance when spawning subprocesses. |211 "Override the commit co-author trailer text. Set an empty string to disable automatic attribution.",

212| `shell_environment_policy.set` | `map<string,string>` | Explicit environment overrides injected into every subprocess. |212 },

213| `show_raw_agent_reasoning` | `boolean` | Surface raw reasoning content when the active model emits it. |213 {

214| `skills.config` | `array<object>` | Per-skill enablement overrides stored in config.toml. |214 key: "model_instructions_file",

215| `skills.config.<index>.enabled` | `boolean` | Enable or disable the referenced skill. |215 type: "string (path)",

216| `skills.config.<index>.path` | `string (path)` | Path to a skill folder containing `SKILL.md`. |216 description:

217| `sqlite_home` | `string (path)` | Directory where Codex stores the SQLite-backed state DB used by agent jobs and other resumable runtime state. |217 "Replacement for built-in instructions instead of `AGENTS.md`.",

218| `suppress_unstable_features_warning` | `boolean` | Suppress the warning that appears when under-development feature flags are enabled. |218 },

219| `tool_output_token_limit` | `number` | Token budget for storing individual tool/function outputs in history. |219 {

220| `tool_suggest.discoverables` | `array<table>` | Allow tool suggestions for additional discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`. |220 key: "personality",

221| `tools.view_image` | `boolean` | Enable the local-image attachment tool `view_image`. |221 type: "none | friendly | pragmatic",

222| `tools.web_search` | `boolean | { context_size = "low|medium|high", allowed_domains = [string], location = { country, region, city, timezone } }` | Optional web search tool configuration. The legacy boolean form is still accepted, but the object form lets you set search context size, allowed domains, and approximate user location. |222 description:

223| `tui` | `table` | TUI-specific options such as enabling inline desktop notifications. |223 "Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`.",

224| `tui.alternate_screen` | `auto | always | never` | Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback). |224 },

225| `tui.animations` | `boolean` | Enable terminal animations (welcome screen, shimmer, spinner) (default: true). |225 {

226| `tui.model_availability_nux.<model>` | `integer` | Internal startup-tooltip state keyed by model slug. |226 key: "service_tier",

227| `tui.notification_condition` | `unfocused | always` | Control whether TUI notifications fire only when the terminal is unfocused or regardless of focus. Defaults to `unfocused`. |227 type: "flex | fast",

228| `tui.notification_method` | `auto | osc9 | bel` | Notification method for terminal notifications (default: auto). |228 description: "Preferred service tier for new turns.",

229| `tui.notifications` | `boolean | array<string>` | Enable TUI notifications; optionally restrict to specific event types. |229 },

230| `tui.show_tooltips` | `boolean` | Show onboarding tooltips in the TUI welcome screen (default: true). |230 {

231| `tui.status_line` | `array<string> | null` | Ordered list of TUI footer status-line item identifiers. `null` disables the status line. |231 key: "experimental_compact_prompt_file",

232| `tui.terminal_title` | `array<string> | null` | Ordered list of terminal window/tab title item identifiers. Defaults to `["spinner", "project"]`; `null` disables title updates. |232 type: "string (path)",

233| `tui.theme` | `string` | Syntax-highlighting theme override (kebab-case theme name). |233 description:

234| `web_search` | `disabled | cached | live` | Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool. |234 "Load the compaction prompt override from a file (experimental).",

235| `windows_wsl_setup_acknowledged` | `boolean` | Track Windows onboarding acknowledgement (Windows only). |235 },

236| `windows.sandbox` | `unelevated | elevated` | Windows-only native sandbox mode when running Codex natively on Windows. |236 {

237| `windows.sandbox_private_desktop` | `boolean` | Run the final sandboxed child process on a private desktop by default on native Windows. Set `false` only for compatibility with the older `Winsta0\\Default` behavior. |237 key: "skills.config",

238 238 type: "array<object>",

239Key239 description: "Per-skill enablement overrides stored in config.toml.",

240 240 },

241`agents.<name>.config_file`241 {

242 242 key: "skills.config.<index>.path",

243Type / Values243 type: "string (path)",

244 244 description: "Path to a skill folder containing `SKILL.md`.",

245`string (path)`245 },

246 246 {

247Details247 key: "skills.config.<index>.enabled",

248 248 type: "boolean",

249Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role.249 description: "Enable or disable the referenced skill.",

250 250 },

251Key251 {

252 252 key: "apps.<id>.enabled",

253`agents.<name>.description`253 type: "boolean",

254 254 description:

255Type / Values255 "Enable or disable a specific app/connector by id (default: true).",

256 256 },

257`string`257 {

258 258 key: "apps._default.enabled",

259Details259 type: "boolean",

260 260 description:

261Role guidance shown to Codex when choosing and spawning that agent type.261 "Default app enabled state for all apps unless overridden per app.",

262 262 },

263Key263 {

264 264 key: "apps._default.destructive_enabled",

265`agents.<name>.nickname_candidates`265 type: "boolean",

266 266 description:

267Type / Values267 "Default allow/deny for app tools with `destructive_hint = true`.",

268 268 },

269`array<string>`269 {

270 270 key: "apps._default.open_world_enabled",

271Details271 type: "boolean",

272 272 description:

273Optional pool of display nicknames for spawned agents in that role.273 "Default allow/deny for app tools with `open_world_hint = true`.",

274 274 },

275Key275 {

276 276 key: "apps.<id>.destructive_enabled",

277`agents.job_max_runtime_seconds`277 type: "boolean",

278 278 description:

279Type / Values279 "Allow or block tools in this app that advertise `destructive_hint = true`.",

280 280 },

281`number`281 {

282 282 key: "apps.<id>.open_world_enabled",

283Details283 type: "boolean",

284 284 description:

285Default per-worker timeout for `spawn_agents_on_csv` jobs. When unset, the tool falls back to 1800 seconds per worker.285 "Allow or block tools in this app that advertise `open_world_hint = true`.",

286 286 },

287Key287 {

288 288 key: "apps.<id>.default_tools_enabled",

289`agents.max_depth`289 type: "boolean",

290 290 description:

291Type / Values291 "Default enabled state for tools in this app unless a per-tool override exists.",

292 292 },

293`number`293 {

294 294 key: "apps.<id>.default_tools_approval_mode",

295Details295 type: "auto | prompt | approve",

296 296 description:

297Maximum nesting depth allowed for spawned agent threads (root sessions start at depth 0; default: 1).297 "Default approval behavior for tools in this app unless a per-tool override exists.",

298 298 },

299Key299 {

300 300 key: "apps.<id>.tools.<tool>.enabled",

301`agents.max_threads`301 type: "boolean",

302 302 description:

303Type / Values303 "Per-tool enabled override for an app tool (for example `repos/list`).",

304 304 },

305`number`305 {

306 306 key: "apps.<id>.tools.<tool>.approval_mode",

307Details307 type: "auto | prompt | approve",

308 308 description: "Per-tool approval behavior override for a single app tool.",

309Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset.309 },

310 310 {

311Key311 key: "tool_suggest.discoverables",

312 312 type: "array<table>",

313`allow_login_shell`313 description:

314 314 'Allow tool suggestions for additional discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`.',

315Type / Values315 },

316 316 {

317`boolean`317 key: "tool_suggest.disabled_tools",

318 318 type: "array<table>",

319Details319 description:

320 320 'Disable suggestions for specific discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`.',

321Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells.321 },

322 322 {

323Key323 key: "features.apps",

324 324 type: "boolean",

325`analytics.enabled`325 description: "Enable ChatGPT Apps/connectors support (experimental).",

326 326 },

327Type / Values327 {

328 328 key: "features.codex_hooks",

329`boolean`329 type: "boolean",

330 330 description:

331Details331 "Enable lifecycle hooks loaded from `hooks.json` or inline `[hooks]` config.",

332 332 },

333Enable or disable analytics for this machine/profile. When unset, the client default applies.333 {

334 334 key: "hooks",

335Key335 type: "table",

336 336 description:

337`approval_policy`337 "Lifecycle hooks configured inline in `config.toml`. Uses the same event schema as `hooks.json`; see the Hooks guide for examples and supported events.",

338 338 },

339Type / Values339 {

340 340 key: "features.memories",

341`untrusted | on-request | never | { granular = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool, request_permissions = bool, skill_approval = bool } }`341 type: "boolean",

342 342 description: "Enable [Memories](https://developers.openai.com/codex/memories) (off by default).",

343Details343 },

344 344 {

345Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { granular = { ... } }` to allow or auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs.345 key: "mcp_servers.<id>.command",

346 346 type: "string",

347Key347 description: "Launcher command for an MCP stdio server.",

348 348 },

349`approval_policy.granular.mcp_elicitations`349 {

350 350 key: "mcp_servers.<id>.args",

351Type / Values351 type: "array<string>",

352 352 description: "Arguments passed to the MCP stdio server command.",

353`boolean`353 },

354 354 {

355Details355 key: "mcp_servers.<id>.env",

356 356 type: "map<string,string>",

357When `true`, MCP elicitation prompts are allowed to surface instead of being auto-rejected.357 description: "Environment variables forwarded to the MCP stdio server.",

358 358 },

359Key359 {

360 360 key: "mcp_servers.<id>.env_vars",

361`approval_policy.granular.request_permissions`361 type: 'array<string | { name = string, source = "local" | "remote" }>',

362 362 description:

363Type / Values363 'Additional environment variables to whitelist for an MCP stdio server. String entries default to `source = "local"`; use `source = "remote"` only with executor-backed remote stdio.',

364 364 },

365`boolean`365 {

366 366 key: "mcp_servers.<id>.cwd",

367Details367 type: "string",

368 368 description: "Working directory for the MCP stdio server process.",

369When `true`, prompts from the `request_permissions` tool are allowed to surface.369 },

370 370 {

371Key371 key: "mcp_servers.<id>.url",

372 372 type: "string",

373`approval_policy.granular.rules`373 description: "Endpoint for an MCP streamable HTTP server.",

374 374 },

375Type / Values375 {

376 376 key: "mcp_servers.<id>.bearer_token_env_var",

377`boolean`377 type: "string",

378 378 description:

379Details379 "Environment variable sourcing the bearer token for an MCP HTTP server.",

380 380 },

381When `true`, approvals triggered by execpolicy `prompt` rules are allowed to surface.381 {

382 382 key: "mcp_servers.<id>.http_headers",

383Key383 type: "map<string,string>",

384 384 description: "Static HTTP headers included with each MCP HTTP request.",

385`approval_policy.granular.sandbox_approval`385 },

386 386 {

387Type / Values387 key: "mcp_servers.<id>.env_http_headers",

388 388 type: "map<string,string>",

389`boolean`389 description:

390 390 "HTTP headers populated from environment variables for an MCP HTTP server.",

391Details391 },

392 392 {

393When `true`, sandbox escalation approval prompts are allowed to surface.393 key: "mcp_servers.<id>.enabled",

394 394 type: "boolean",

395Key395 description: "Disable an MCP server without removing its configuration.",

396 396 },

397`approval_policy.granular.skill_approval`397 {

398 398 key: "mcp_servers.<id>.required",

399Type / Values399 type: "boolean",

400 400 description:

401`boolean`401 "When true, fail startup/resume if this enabled MCP server cannot initialize.",

402 402 },

403Details403 {

404 404 key: "mcp_servers.<id>.startup_timeout_sec",

405When `true`, skill-script approval prompts are allowed to surface.405 type: "number",

406 406 description:

407Key407 "Override the default 10s startup timeout for an MCP server.",

408 408 },

409`approvals_reviewer`409 {

410 410 key: "mcp_servers.<id>.startup_timeout_ms",

411Type / Values411 type: "number",

412 412 description: "Alias for `startup_timeout_sec` in milliseconds.",

413`user | auto_review`413 },

414 414 {

415Details415 key: "mcp_servers.<id>.tool_timeout_sec",

416 416 type: "number",

417Who reviews eligible approval prompts under `on-request` or granular approval policies. Defaults to `user`; `auto_review` uses the reviewer subagent. This setting doesn't change sandboxing or review actions already allowed inside the sandbox.417 description:

418 418 "Override the default 60s per-tool timeout for an MCP server.",

419Key419 },

420 420 {

421`apps._default.destructive_enabled`421 key: "mcp_servers.<id>.enabled_tools",

422 422 type: "array<string>",

423Type / Values423 description: "Allow list of tool names exposed by the MCP server.",

424 424 },

425`boolean`425 {

426 426 key: "mcp_servers.<id>.disabled_tools",

427Details427 type: "array<string>",

428 428 description:

429Default allow/deny for app tools with `destructive_hint = true`.429 "Deny list applied after `enabled_tools` for the MCP server.",

430 430 },

431Key431 {

432 432 key: "mcp_servers.<id>.scopes",

433`apps._default.enabled`433 type: "array<string>",

434 434 description:

435Type / Values435 "OAuth scopes to request when authenticating to that MCP server.",

436 436 },

437`boolean`437 {

438 438 key: "mcp_servers.<id>.oauth_resource",

439Details439 type: "string",

440 440 description:

441Default app enabled state for all apps unless overridden per app.441 "Optional RFC 8707 OAuth resource parameter to include during MCP login.",

442 442 },

443Key443 {

444 444 key: "mcp_servers.<id>.experimental_environment",

445`apps._default.open_world_enabled`445 type: "local | remote",

446 446 description:

447Type / Values447 "Experimental placement for an MCP server. `remote` starts stdio servers through a remote executor environment; streamable HTTP remote placement is not implemented.",

448 448 },

449`boolean`449 {

450 450 key: "agents.max_threads",

451Details451 type: "number",

452 452 description:

453Default allow/deny for app tools with `open_world_hint = true`.453 "Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset.",

454 454 },

455Key455 {

456 456 key: "agents.max_depth",

457`apps.<id>.default_tools_approval_mode`457 type: "number",

458 458 description:

459Type / Values459 "Maximum nesting depth allowed for spawned agent threads (root sessions start at depth 0; default: 1).",

460 460 },

461`auto | prompt | approve`461 {

462 462 key: "agents.job_max_runtime_seconds",

463Details463 type: "number",

464 464 description:

465Default approval behavior for tools in this app unless a per-tool override exists.465 "Default per-worker timeout for `spawn_agents_on_csv` jobs. When unset, the tool falls back to 1800 seconds per worker.",

466 466 },

467Key467 {

468 468 key: "agents.<name>.description",

469`apps.<id>.default_tools_enabled`469 type: "string",

470 470 description:

471Type / Values471 "Role guidance shown to Codex when choosing and spawning that agent type.",

472 472 },

473`boolean`473 {

474 474 key: "agents.<name>.config_file",

475Details475 type: "string (path)",

476 476 description:

477Default enabled state for tools in this app unless a per-tool override exists.477 "Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role.",

478 478 },

479Key479 {

480 480 key: "agents.<name>.nickname_candidates",

481`apps.<id>.destructive_enabled`481 type: "array<string>",

482 482 description:

483Type / Values483 "Optional pool of display nicknames for spawned agents in that role.",

484 484 },

485`boolean`485 {

486 486 key: "memories.generate_memories",

487Details487 type: "boolean",

488 488 description:

489Allow or block tools in this app that advertise `destructive_hint = true`.489 "When `false`, newly created threads are not stored as memory-generation inputs. Defaults to `true`.",

490 490 },

491Key491 {

492 492 key: "memories.use_memories",

493`apps.<id>.enabled`493 type: "boolean",

494 494 description:

495Type / Values495 "When `false`, Codex skips injecting existing memories into future sessions. Defaults to `true`.",

496 496 },

497`boolean`497 {

498 498 key: "memories.disable_on_external_context",

499Details499 type: "boolean",

500 500 description:

501Enable or disable a specific app/connector by id (default: true).501 "When `true`, threads that use external context such as MCP tool calls, web search, or tool search are kept out of memory generation. Defaults to `false`. Legacy alias: `memories.no_memories_if_mcp_or_web_search`.",

502 502 },

503Key503 {

504 504 key: "memories.max_raw_memories_for_consolidation",

505`apps.<id>.open_world_enabled`505 type: "number",

506 506 description:

507Type / Values507 "Maximum recent raw memories retained for global consolidation. Defaults to `256` and is capped at `4096`.",

508 508 },

509`boolean`509 {

510 510 key: "memories.max_unused_days",

511Details511 type: "number",

512 512 description:

513Allow or block tools in this app that advertise `open_world_hint = true`.513 "Maximum days since a memory was last used before it becomes ineligible for consolidation. Defaults to `30` and is clamped to `0`-`365`.",

514 514 },

515Key515 {

516 516 key: "memories.max_rollout_age_days",

517`apps.<id>.tools.<tool>.approval_mode`517 type: "number",

518 518 description:

519Type / Values519 "Maximum age of threads considered for memory generation. Defaults to `30` and is clamped to `0`-`90`.",

520 520 },

521`auto | prompt | approve`521 {

522 522 key: "memories.max_rollouts_per_startup",

523Details523 type: "number",

524 524 description:

525Per-tool approval behavior override for a single app tool.525 "Maximum rollout candidates processed per startup pass. Defaults to `16` and is capped at `128`.",

526 526 },

527Key527 {

528 528 key: "memories.min_rollout_idle_hours",

529`apps.<id>.tools.<tool>.enabled`529 type: "number",

530 530 description:

531Type / Values531 "Minimum idle time before a thread is considered for memory generation. Defaults to `6` and is clamped to `1`-`48`.",

532 532 },

533`boolean`533 {

534 534 key: "memories.min_rate_limit_remaining_percent",

535Details535 type: "number",

536 536 description:

537Per-tool enabled override for an app tool (for example `repos/list`).537 "Minimum remaining percentage required in Codex rate-limit windows before memory generation starts. Defaults to `25` and is clamped to `0`-`100`.",

538 538 },

539Key539 {

540 540 key: "memories.extract_model",

541`auto_review.policy`541 type: "string",

542 542 description: "Optional model override for per-thread memory extraction.",

543Type / Values543 },

544 544 {

545`string`545 key: "memories.consolidation_model",

546 546 type: "string",

547Details547 description: "Optional model override for global memory consolidation.",

548 548 },

549Local Markdown policy instructions for automatic review. Managed `guardian_policy_config` takes precedence. Blank values are ignored.549 {

550 550 key: "features.unified_exec",

551Key551 type: "boolean",

552 552 description:

553`background_terminal_max_timeout`553 "Use the unified PTY-backed exec tool (stable; enabled by default except on Windows).",

554 554 },

555Type / Values555 {

556 556 key: "features.shell_snapshot",

557`number`557 type: "boolean",

558 558 description:

559Details559 "Snapshot shell environment to speed up repeated commands (stable; on by default).",

560 560 },

561Maximum poll window in milliseconds for empty `write_stdin` polls (background terminal polling). Default: `300000` (5 minutes). Replaces the older `background_terminal_timeout` key.561 {

562 562 key: "features.undo",

563Key563 type: "boolean",

564 564 description: "Enable undo support (stable; off by default).",

565`chatgpt_base_url`565 },

566 566 {

567Type / Values567 key: "features.multi_agent",

568 568 type: "boolean",

569`string`569 description:

570 570 "Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait_agent`, and `close_agent`) (stable; on by default).",

571Details571 },

572 572 {

573Override the base URL used during the ChatGPT login flow.573 key: "features.personality",

574 574 type: "boolean",

575Key575 description:

576 576 "Enable personality selection controls (stable; on by default).",

577`check_for_update_on_startup`577 },

578 578 {

579Type / Values579 key: "features.web_search",

580 580 type: "boolean",

581`boolean`581 description:

582 582 "Deprecated legacy toggle; prefer the top-level `web_search` setting.",

583Details583 },

584 584 {

585Check for Codex updates on startup (set to false only when updates are centrally managed).585 key: "features.web_search_cached",

586 586 type: "boolean",

587Key587 description:

588 588 'Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`.',

589`cli_auth_credentials_store`589 },

590 590 {

591Type / Values591 key: "features.web_search_request",

592 592 type: "boolean",

593`file | keyring | auto`593 description:

594 594 'Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`.',

595Details595 },

596 596 {

597Control where the CLI stores cached credentials (file-based auth.json vs OS keychain).597 key: "features.shell_tool",

598 598 type: "boolean",

599Key599 description:

600 600 "Enable the default `shell` tool for running commands (stable; on by default).",

601`commit_attribution`601 },

602 602 {

603Type / Values603 key: "features.enable_request_compression",

604 604 type: "boolean",

605`string`605 description:

606 606 "Compress streaming request bodies with zstd when supported (stable; on by default).",

607Details607 },

608 608 {

609Override the commit co-author trailer text. Set an empty string to disable automatic attribution.609 key: "features.skill_mcp_dependency_install",

610 610 type: "boolean",

611Key611 description:

612 612 "Allow prompting and installing missing MCP dependencies for skills (stable; on by default).",

613`compact_prompt`613 },

614 614 {

615Type / Values615 key: "features.fast_mode",

616 616 type: "boolean",

617`string`617 description:

618 618 'Enable Fast mode selection and the `service_tier = "fast"` path (stable; on by default).',

619Details619 },

620 620 {

621Inline override for the history compaction prompt.621 key: "features.prevent_idle_sleep",

622 622 type: "boolean",

623Key623 description:

624 624 "Prevent the machine from sleeping while a turn is actively running (experimental; off by default).",

625`default_permissions`625 },

626 626 {

627Type / Values627 key: "suppress_unstable_features_warning",

628 628 type: "boolean",

629`string`629 description:

630 630 "Suppress the warning that appears when under-development feature flags are enabled.",

631Details631 },

632 632 {

633Name of the default permissions profile to apply to sandboxed tool calls.633 key: "model_providers.<id>",

634 634 type: "table",

635Key635 description:

636 636 "Custom provider definition. Built-in provider IDs (`openai`, `ollama`, and `lmstudio`) are reserved and cannot be overridden.",

637`developer_instructions`637 },

638 638 {

639Type / Values639 key: "model_providers.<id>.name",

640 640 type: "string",

641`string`641 description: "Display name for a custom model provider.",

642 642 },

643Details643 {

644 644 key: "model_providers.<id>.base_url",

645Additional developer instructions injected into the session (optional).645 type: "string",

646 646 description: "API base URL for the model provider.",

647Key647 },

648 648 {

649`disable_paste_burst`649 key: "model_providers.<id>.env_key",

650 650 type: "string",

651Type / Values651 description: "Environment variable supplying the provider API key.",

652 652 },

653`boolean`653 {

654 654 key: "model_providers.<id>.env_key_instructions",

655Details655 type: "string",

656 656 description: "Optional setup guidance for the provider API key.",

657Disable burst-paste detection in the TUI.657 },

658 658 {

659Key659 key: "model_providers.<id>.experimental_bearer_token",

660 660 type: "string",

661`experimental_compact_prompt_file`661 description:

662 662 "Direct bearer token for the provider (discouraged; use `env_key`).",

663Type / Values663 },

664 664 {

665`string (path)`665 key: "model_providers.<id>.requires_openai_auth",

666 666 type: "boolean",

667Details667 description:

668 668 "The provider uses OpenAI authentication (defaults to false).",

669Load the compaction prompt override from a file (experimental).669 },

670 670 {

671Key671 key: "model_providers.<id>.wire_api",

672 672 type: "responses",

673`experimental_use_unified_exec_tool`673 description:

674 674 "Protocol used by the provider. `responses` is the only supported value, and it is the default when omitted.",

675Type / Values675 },

676 676 {

677`boolean`677 key: "model_providers.<id>.query_params",

678 678 type: "map<string,string>",

679Details679 description: "Extra query parameters appended to provider requests.",

680 680 },

681Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`.681 {

682 682 key: "model_providers.<id>.http_headers",

683Key683 type: "map<string,string>",

684 684 description: "Static HTTP headers added to provider requests.",

685`features.apps`685 },

686 686 {

687Type / Values687 key: "model_providers.<id>.env_http_headers",

688 688 type: "map<string,string>",

689`boolean`689 description:

690 690 "HTTP headers populated from environment variables when present.",

691Details691 },

692 692 {

693Enable ChatGPT Apps/connectors support (experimental).693 key: "model_providers.<id>.request_max_retries",

694 694 type: "number",

695Key695 description:

696 696 "Retry count for HTTP requests to the provider (default: 4).",

697`features.codex_hooks`697 },

698 698 {

699Type / Values699 key: "model_providers.<id>.stream_max_retries",

700 700 type: "number",

701`boolean`701 description: "Retry count for SSE streaming interruptions (default: 5).",

702 702 },

703Details703 {

704 704 key: "model_providers.<id>.stream_idle_timeout_ms",

705Enable lifecycle hooks loaded from `hooks.json` or inline `[hooks]` config.705 type: "number",

706 706 description:

707Key707 "Idle timeout for SSE streams in milliseconds (default: 300000).",

708 708 },

709`features.enable_request_compression`709 {

710 710 key: "model_providers.<id>.supports_websockets",

711Type / Values711 type: "boolean",

712 712 description:

713`boolean`713 "Whether that provider supports the Responses API WebSocket transport.",

714 714 },

715Details715 {

716 716 key: "model_providers.<id>.auth",

717Compress streaming request bodies with zstd when supported (stable; on by default).717 type: "table",

718 718 description:

719Key719 "Command-backed bearer token configuration for a custom provider. Do not combine with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`.",

720 720 },

721`features.fast_mode`721 {

722 722 key: "model_providers.<id>.auth.command",

723Type / Values723 type: "string",

724 724 description:

725`boolean`725 "Command to run when Codex needs a bearer token. The command must print the token to stdout.",

726 726 },

727Details727 {

728 728 key: "model_providers.<id>.auth.args",

729Enable Fast mode selection and the `service_tier = "fast"` path (stable; on by default).729 type: "array<string>",

730 730 description: "Arguments passed to the token command.",

731Key731 },

732 732 {

733`features.memories`733 key: "model_providers.<id>.auth.timeout_ms",

734 734 type: "number",

735Type / Values735 description:

736 736 "Maximum token command runtime in milliseconds (default: 5000).",

737`boolean`737 },

738 738 {

739Details739 key: "model_providers.<id>.auth.refresh_interval_ms",

740 740 type: "number",

741Enable [Memories](https://developers.openai.com/codex/memories) (off by default).741 description:

742 742 "How often Codex proactively refreshes the token in milliseconds (default: 300000). Set to `0` to refresh only after an authentication retry.",

743Key743 },

744 744 {

745`features.multi_agent`745 key: "model_providers.<id>.auth.cwd",

746 746 type: "string (path)",

747Type / Values747 description: "Working directory for the token command.",

748 748 },

749`boolean`749 {

750 750 key: "model_providers.amazon-bedrock.aws.profile",

751Details751 type: "string",

752 752 description:

753Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait_agent`, and `close_agent`) (stable; on by default).753 "AWS profile name used by the built-in `amazon-bedrock` provider.",

754 754 },

755Key755 {

756 756 key: "model_providers.amazon-bedrock.aws.region",

757`features.personality`757 type: "string",

758 758 description: "AWS region used by the built-in `amazon-bedrock` provider.",

759Type / Values759 },

760 760 {

761`boolean`761 key: "model_reasoning_effort",

762 762 type: "minimal | low | medium | high | xhigh",

763Details763 description:

764 764 "Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent).",

765Enable personality selection controls (stable; on by default).765 },

766 766 {

767Key767 key: "plan_mode_reasoning_effort",

768 768 type: "none | minimal | low | medium | high | xhigh",

769`features.prevent_idle_sleep`769 description:

770 770 "Plan-mode-specific reasoning override. When unset, Plan mode uses its built-in preset default.",

771Type / Values771 },

772 772 {

773`boolean`773 key: "model_reasoning_summary",