config-reference.md Codex Docs, 2026-04-29 12:40 UTC → 2026-05-07 17:08 UTC

8 8 

9For sandbox and approval keys (`approval_policy`, `sandbox_mode`, and `sandbox_workspace_write.*`), pair this reference with [Sandbox and approvals](https://developers.openai.com/codex/agent-approvals-security#sandbox-and-approvals), [Protected paths in writable roots](https://developers.openai.com/codex/agent-approvals-security#protected-paths-in-writable-roots), and [Network access](https://developers.openai.com/codex/agent-approvals-security#network-access).9For sandbox and approval keys (`approval_policy`, `sandbox_mode`, and `sandbox_workspace_write.*`), pair this reference with [Sandbox and approvals](https://developers.openai.com/codex/agent-approvals-security#sandbox-and-approvals), [Protected paths in writable roots](https://developers.openai.com/codex/agent-approvals-security#protected-paths-in-writable-roots), and [Network access](https://developers.openai.com/codex/agent-approvals-security#network-access).

10 10 

11| Key | Type / Values | Details |11<ConfigTable

12| --- | --- | --- |12 options={[

13| `agents.<name>.config_file` | `string (path)` | Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role. |13 {

14| `agents.<name>.description` | `string` | Role guidance shown to Codex when choosing and spawning that agent type. |14 key: "model",

15| `agents.<name>.nickname_candidates` | `array<string>` | Optional pool of display nicknames for spawned agents in that role. |15 type: "string",

16| `agents.job_max_runtime_seconds` | `number` | Default per-worker timeout for `spawn_agents_on_csv` jobs. When unset, the tool falls back to 1800 seconds per worker. |16 description: "Model to use (e.g., `gpt-5.5`).",

17| `agents.max_depth` | `number` | Maximum nesting depth allowed for spawned agent threads (root sessions start at depth 0; default: 1). |17 },

18| `agents.max_threads` | `number` | Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset. |18 {

19| `allow_login_shell` | `boolean` | Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells. |19 key: "review_model",

20| `analytics.enabled` | `boolean` | Enable or disable analytics for this machine/profile. When unset, the client default applies. |20 type: "string",

21| `approval_policy` | `untrusted | on-request | never | { granular = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool, request_permissions = bool, skill_approval = bool } }` | Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { granular = { ... } }` to allow or auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs. |21 description:

22| `approval_policy.granular.mcp_elicitations` | `boolean` | When `true`, MCP elicitation prompts are allowed to surface instead of being auto-rejected. |22 "Optional model override used by `/review` (defaults to the current session model).",

23| `approval_policy.granular.request_permissions` | `boolean` | When `true`, prompts from the `request_permissions` tool are allowed to surface. |23 },

24| `approval_policy.granular.rules` | `boolean` | When `true`, approvals triggered by execpolicy `prompt` rules are allowed to surface. |24 {

25| `approval_policy.granular.sandbox_approval` | `boolean` | When `true`, sandbox escalation approval prompts are allowed to surface. |25 key: "model_provider",

26| `approval_policy.granular.skill_approval` | `boolean` | When `true`, skill-script approval prompts are allowed to surface. |26 type: "string",

27| `approvals_reviewer` | `user | auto_review` | Who reviews eligible approval prompts under `on-request` or granular approval policies. Defaults to `user`; `auto_review` uses the reviewer subagent. This setting doesn't change sandboxing or review actions already allowed inside the sandbox. |27 description: "Provider id from `model_providers` (default: `openai`).",

28| `apps._default.destructive_enabled` | `boolean` | Default allow/deny for app tools with `destructive_hint = true`. |28 },

29| `apps._default.enabled` | `boolean` | Default app enabled state for all apps unless overridden per app. |29 {

30| `apps._default.open_world_enabled` | `boolean` | Default allow/deny for app tools with `open_world_hint = true`. |30 key: "openai_base_url",

31| `apps.<id>.default_tools_approval_mode` | `auto | prompt | approve` | Default approval behavior for tools in this app unless a per-tool override exists. |31 type: "string",

32| `apps.<id>.default_tools_enabled` | `boolean` | Default enabled state for tools in this app unless a per-tool override exists. |32 description:

33| `apps.<id>.destructive_enabled` | `boolean` | Allow or block tools in this app that advertise `destructive_hint = true`. |33 "Base URL override for the built-in `openai` model provider.",

34| `apps.<id>.enabled` | `boolean` | Enable or disable a specific app/connector by id (default: true). |34 },

35| `apps.<id>.open_world_enabled` | `boolean` | Allow or block tools in this app that advertise `open_world_hint = true`. |35 {

36| `apps.<id>.tools.<tool>.approval_mode` | `auto | prompt | approve` | Per-tool approval behavior override for a single app tool. |36 key: "model_context_window",

37| `apps.<id>.tools.<tool>.enabled` | `boolean` | Per-tool enabled override for an app tool (for example `repos/list`). |37 type: "number",

38| `auto_review.policy` | `string` | Local Markdown policy instructions for automatic review. Managed `guardian_policy_config` takes precedence. Blank values are ignored. |38 description: "Context window tokens available to the active model.",

39| `background_terminal_max_timeout` | `number` | Maximum poll window in milliseconds for empty `write_stdin` polls (background terminal polling). Default: `300000` (5 minutes). Replaces the older `background_terminal_timeout` key. |39 },

40| `chatgpt_base_url` | `string` | Override the base URL used during the ChatGPT login flow. |40 {

41| `check_for_update_on_startup` | `boolean` | Check for Codex updates on startup (set to false only when updates are centrally managed). |41 key: "model_auto_compact_token_limit",

42| `cli_auth_credentials_store` | `file | keyring | auto` | Control where the CLI stores cached credentials (file-based auth.json vs OS keychain). |42 type: "number",

43| `commit_attribution` | `string` | Override the commit co-author trailer text. Set an empty string to disable automatic attribution. |43 description:

44| `compact_prompt` | `string` | Inline override for the history compaction prompt. |44 "Token threshold that triggers automatic history compaction (unset uses model defaults).",

45| `default_permissions` | `string` | Name of the default permissions profile to apply to sandboxed tool calls. |45 },

46| `developer_instructions` | `string` | Additional developer instructions injected into the session (optional). |46 {

47| `disable_paste_burst` | `boolean` | Disable burst-paste detection in the TUI. |47 key: "model_catalog_json",

48| `experimental_compact_prompt_file` | `string (path)` | Load the compaction prompt override from a file (experimental). |48 type: "string (path)",

49| `experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`. |49 description:

50| `features.apps` | `boolean` | Enable ChatGPT Apps/connectors support (experimental). |50 "Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile.",

51| `features.codex_hooks` | `boolean` | Enable lifecycle hooks loaded from `hooks.json` or inline `[hooks]` config. |51 },

52| `features.enable_request_compression` | `boolean` | Compress streaming request bodies with zstd when supported (stable; on by default). |52 {

53| `features.fast_mode` | `boolean` | Enable Fast mode selection and the `service_tier = "fast"` path (stable; on by default). |53 key: "oss_provider",

54| `features.memories` | `boolean` | Enable [Memories](https://developers.openai.com/codex/memories) (off by default). |54 type: "lmstudio | ollama",

55| `features.multi_agent` | `boolean` | Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait_agent`, and `close_agent`) (stable; on by default). |55 description:

56| `features.personality` | `boolean` | Enable personality selection controls (stable; on by default). |56 "Default local provider used when running with `--oss` (defaults to prompting if unset).",

57| `features.prevent_idle_sleep` | `boolean` | Prevent the machine from sleeping while a turn is actively running (experimental; off by default). |57 },

58| `features.shell_snapshot` | `boolean` | Snapshot shell environment to speed up repeated commands (stable; on by default). |58 {

59| `features.shell_tool` | `boolean` | Enable the default `shell` tool for running commands (stable; on by default). |59 key: "approval_policy",

60| `features.skill_mcp_dependency_install` | `boolean` | Allow prompting and installing missing MCP dependencies for skills (stable; on by default). |60 type: "untrusted | on-request | never | { granular = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool, request_permissions = bool, skill_approval = bool } }",

61| `features.undo` | `boolean` | Enable undo support (stable; off by default). |61 description:

62| `features.unified_exec` | `boolean` | Use the unified PTY-backed exec tool (stable; enabled by default except on Windows). |62 "Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { granular = { ... } }` to allow or auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs.",

63| `features.web_search` | `boolean` | Deprecated legacy toggle; prefer the top-level `web_search` setting. |63 },

64| `features.web_search_cached` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`. |64 {

65| `features.web_search_request` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`. |65 key: "approval_policy.granular.sandbox_approval",

66| `feedback.enabled` | `boolean` | Enable feedback submission via `/feedback` across Codex surfaces (default: true). |66 type: "boolean",

67| `file_opener` | `vscode | vscode-insiders | windsurf | cursor | none` | URI scheme used to open citations from Codex output (default: `vscode`). |67 description:

68| `forced_chatgpt_workspace_id` | `string (uuid)` | Limit ChatGPT logins to a specific workspace identifier. |68 "When `true`, sandbox escalation approval prompts are allowed to surface.",

69| `forced_login_method` | `chatgpt | api` | Restrict Codex to a specific authentication method. |69 },

70| `hide_agent_reasoning` | `boolean` | Suppress reasoning events in both the TUI and `codex exec` output. |70 {

71| `history.max_bytes` | `number` | If set, caps the history file size in bytes by dropping oldest entries. |71 key: "approval_policy.granular.rules",

72| `history.persistence` | `save-all | none` | Control whether Codex saves session transcripts to history.jsonl. |72 type: "boolean",

73| `hooks` | `table` | Lifecycle hooks configured inline in `config.toml`. Uses the same event schema as `hooks.json`; see the Hooks guide for examples and supported events. |73 description:

74| `instructions` | `string` | Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`. |74 "When `true`, approvals triggered by execpolicy `prompt` rules are allowed to surface.",

75| `log_dir` | `string (path)` | Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`. |75 },

76| `mcp_oauth_callback_port` | `integer` | Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS. |76 {

77| `mcp_oauth_callback_url` | `string` | Optional redirect URI override for MCP OAuth login (for example, a devbox ingress URL). `mcp_oauth_callback_port` still controls the callback listener port. |77 key: "approval_policy.granular.mcp_elicitations",

78| `mcp_oauth_credentials_store` | `auto | file | keyring` | Preferred store for MCP OAuth credentials. |78 type: "boolean",

79| `mcp_servers.<id>.args` | `array<string>` | Arguments passed to the MCP stdio server command. |79 description:

80| `mcp_servers.<id>.bearer_token_env_var` | `string` | Environment variable sourcing the bearer token for an MCP HTTP server. |80 "When `true`, MCP elicitation prompts are allowed to surface instead of being auto-rejected.",

81| `mcp_servers.<id>.command` | `string` | Launcher command for an MCP stdio server. |81 },

82| `mcp_servers.<id>.cwd` | `string` | Working directory for the MCP stdio server process. |82 {

83| `mcp_servers.<id>.disabled_tools` | `array<string>` | Deny list applied after `enabled_tools` for the MCP server. |83 key: "approval_policy.granular.request_permissions",

84| `mcp_servers.<id>.enabled` | `boolean` | Disable an MCP server without removing its configuration. |84 type: "boolean",

85| `mcp_servers.<id>.enabled_tools` | `array<string>` | Allow list of tool names exposed by the MCP server. |85 description:

86| `mcp_servers.<id>.env` | `map<string,string>` | Environment variables forwarded to the MCP stdio server. |86 "When `true`, prompts from the `request_permissions` tool are allowed to surface.",

87| `mcp_servers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables for an MCP HTTP server. |87 },

88| `mcp_servers.<id>.env_vars` | `array<string | { name = string, source = "local" | "remote" }>` | Additional environment variables to whitelist for an MCP stdio server. String entries default to `source = "local"`; use `source = "remote"` only with executor-backed remote stdio. |88 {

89| `mcp_servers.<id>.experimental_environment` | `local | remote` | Experimental placement for an MCP server. `remote` starts stdio servers through a remote executor environment; streamable HTTP remote placement is not implemented. |89 key: "approval_policy.granular.skill_approval",

90| `mcp_servers.<id>.http_headers` | `map<string,string>` | Static HTTP headers included with each MCP HTTP request. |90 type: "boolean",

91| `mcp_servers.<id>.oauth_resource` | `string` | Optional RFC 8707 OAuth resource parameter to include during MCP login. |91 description:

92| `mcp_servers.<id>.required` | `boolean` | When true, fail startup/resume if this enabled MCP server cannot initialize. |92 "When `true`, skill-script approval prompts are allowed to surface.",

93| `mcp_servers.<id>.scopes` | `array<string>` | OAuth scopes to request when authenticating to that MCP server. |93 },

94| `mcp_servers.<id>.startup_timeout_ms` | `number` | Alias for `startup_timeout_sec` in milliseconds. |94 {

95| `mcp_servers.<id>.startup_timeout_sec` | `number` | Override the default 10s startup timeout for an MCP server. |95 key: "approvals_reviewer",

96| `mcp_servers.<id>.tool_timeout_sec` | `number` | Override the default 60s per-tool timeout for an MCP server. |96 type: "user | auto_review",

97| `mcp_servers.<id>.url` | `string` | Endpoint for an MCP streamable HTTP server. |97 description:

98| `memories.consolidation_model` | `string` | Optional model override for global memory consolidation. |98 "Who reviews eligible approval prompts under `on-request` or granular approval policies. Defaults to `user`; `auto_review` uses the reviewer subagent. This setting doesn't change sandboxing or review actions already allowed inside the sandbox.",

99| `memories.disable_on_external_context` | `boolean` | When `true`, threads that use external context such as MCP tool calls, web search, or tool search are kept out of memory generation. Defaults to `false`. Legacy alias: `memories.no_memories_if_mcp_or_web_search`. |99 },

100| `memories.extract_model` | `string` | Optional model override for per-thread memory extraction. |100 {

101| `memories.generate_memories` | `boolean` | When `false`, newly created threads are not stored as memory-generation inputs. Defaults to `true`. |101 key: "auto_review.policy",

102| `memories.max_raw_memories_for_consolidation` | `number` | Maximum recent raw memories retained for global consolidation. Defaults to `256` and is capped at `4096`. |102 type: "string",

103| `memories.max_rollout_age_days` | `number` | Maximum age of threads considered for memory generation. Defaults to `30` and is clamped to `0`-`90`. |103 description:

104| `memories.max_rollouts_per_startup` | `number` | Maximum rollout candidates processed per startup pass. Defaults to `16` and is capped at `128`. |104 "Local Markdown policy instructions for automatic review. Managed `guardian_policy_config` takes precedence. Blank values are ignored.",

105| `memories.max_unused_days` | `number` | Maximum days since a memory was last used before it becomes ineligible for consolidation. Defaults to `30` and is clamped to `0`-`365`. |105 },

106| `memories.min_rate_limit_remaining_percent` | `number` | Minimum remaining percentage required in Codex rate-limit windows before memory generation starts. Defaults to `25` and is clamped to `0`-`100`. |106 {

107| `memories.min_rollout_idle_hours` | `number` | Minimum idle time before a thread is considered for memory generation. Defaults to `6` and is clamped to `1`-`48`. |107 key: "allow_login_shell",

108| `memories.use_memories` | `boolean` | When `false`, Codex skips injecting existing memories into future sessions. Defaults to `true`. |108 type: "boolean",

109| `model` | `string` | Model to use (e.g., `gpt-5.5`). |109 description:

110| `model_auto_compact_token_limit` | `number` | Token threshold that triggers automatic history compaction (unset uses model defaults). |110 "Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells.",

111| `model_catalog_json` | `string (path)` | Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile. |111 },

112| `model_context_window` | `number` | Context window tokens available to the active model. |112 {

113| `model_instructions_file` | `string (path)` | Replacement for built-in instructions instead of `AGENTS.md`. |113 key: "sandbox_mode",

114| `model_provider` | `string` | Provider id from `model_providers` (default: `openai`). |114 type: "read-only | workspace-write | danger-full-access",

115| `model_providers.<id>` | `table` | Custom provider definition. Built-in provider IDs (`openai`, `ollama`, and `lmstudio`) are reserved and cannot be overridden. |115 description:

116| `model_providers.<id>.auth` | `table` | Command-backed bearer token configuration for a custom provider. Do not combine with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`. |116 "Sandbox policy for filesystem and network access during command execution.",

117| `model_providers.<id>.auth.args` | `array<string>` | Arguments passed to the token command. |117 },

118| `model_providers.<id>.auth.command` | `string` | Command to run when Codex needs a bearer token. The command must print the token to stdout. |118 {

119| `model_providers.<id>.auth.cwd` | `string (path)` | Working directory for the token command. |119 key: "sandbox_workspace_write.writable_roots",

120| `model_providers.<id>.auth.refresh_interval_ms` | `number` | How often Codex proactively refreshes the token in milliseconds (default: 300000). Set to `0` to refresh only after an authentication retry. |120 type: "array<string>",

121| `model_providers.<id>.auth.timeout_ms` | `number` | Maximum token command runtime in milliseconds (default: 5000). |121 description:

122| `model_providers.<id>.base_url` | `string` | API base URL for the model provider. |122 'Additional writable roots when `sandbox_mode = "workspace-write"`.',

123| `model_providers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables when present. |123 },

124| `model_providers.<id>.env_key` | `string` | Environment variable supplying the provider API key. |124 {

125| `model_providers.<id>.env_key_instructions` | `string` | Optional setup guidance for the provider API key. |125 key: "sandbox_workspace_write.network_access",

126| `model_providers.<id>.experimental_bearer_token` | `string` | Direct bearer token for the provider (discouraged; use `env_key`). |126 type: "boolean",

127| `model_providers.<id>.http_headers` | `map<string,string>` | Static HTTP headers added to provider requests. |127 description:

128| `model_providers.<id>.name` | `string` | Display name for a custom model provider. |128 "Allow outbound network access inside the workspace-write sandbox.",

129| `model_providers.<id>.query_params` | `map<string,string>` | Extra query parameters appended to provider requests. |129 },

130| `model_providers.<id>.request_max_retries` | `number` | Retry count for HTTP requests to the provider (default: 4). |130 {

131| `model_providers.<id>.requires_openai_auth` | `boolean` | The provider uses OpenAI authentication (defaults to false). |131 key: "sandbox_workspace_write.exclude_tmpdir_env_var",

132| `model_providers.<id>.stream_idle_timeout_ms` | `number` | Idle timeout for SSE streams in milliseconds (default: 300000). |132 type: "boolean",

133| `model_providers.<id>.stream_max_retries` | `number` | Retry count for SSE streaming interruptions (default: 5). |133 description:

134| `model_providers.<id>.supports_websockets` | `boolean` | Whether that provider supports the Responses API WebSocket transport. |134 "Exclude `$TMPDIR` from writable roots in workspace-write mode.",

135| `model_providers.<id>.wire_api` | `responses` | Protocol used by the provider. `responses` is the only supported value, and it is the default when omitted. |135 },

136| `model_reasoning_effort` | `minimal | low | medium | high | xhigh` | Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent). |136 {

137| `model_reasoning_summary` | `auto | concise | detailed | none` | Select reasoning summary detail or disable summaries entirely. |137 key: "sandbox_workspace_write.exclude_slash_tmp",

138| `model_supports_reasoning_summaries` | `boolean` | Force Codex to send or not send reasoning metadata. |138 type: "boolean",

139| `model_verbosity` | `low | medium | high` | Optional GPT-5 Responses API verbosity override; when unset, the selected model/preset default is used. |139 description:

140| `notice.hide_full_access_warning` | `boolean` | Track acknowledgement of the full access warning prompt. |140 "Exclude `/tmp` from writable roots in workspace-write mode.",

141| `notice.hide_gpt-5.1-codex-max_migration_prompt` | `boolean` | Track acknowledgement of the gpt-5.1-codex-max migration prompt. |141 },

142| `notice.hide_gpt5_1_migration_prompt` | `boolean` | Track acknowledgement of the GPT-5.1 migration prompt. |142 {

143| `notice.hide_rate_limit_model_nudge` | `boolean` | Track opt-out of the rate limit model switch reminder. |143 key: "windows.sandbox",

144| `notice.hide_world_writable_warning` | `boolean` | Track acknowledgement of the Windows world-writable directories warning. |144 type: "unelevated | elevated",

145| `notice.model_migrations` | `map<string,string>` | Track acknowledged model migrations as old->new mappings. |145 description:

146| `notify` | `array<string>` | Command invoked for notifications; receives a JSON payload from Codex. |146 "Windows-only native sandbox mode when running Codex natively on Windows.",

147| `openai_base_url` | `string` | Base URL override for the built-in `openai` model provider. |147 },

148| `oss_provider` | `lmstudio | ollama` | Default local provider used when running with `--oss` (defaults to prompting if unset). |148 {

149| `otel.environment` | `string` | Environment tag applied to emitted OpenTelemetry events (default: `dev`). |149 key: "windows.sandbox_private_desktop",

150| `otel.exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry exporter and provide any endpoint metadata. |150 type: "boolean",

151| `otel.exporter.<id>.endpoint` | `string` | Exporter endpoint for OTEL logs. |151 description:

152| `otel.exporter.<id>.headers` | `map<string,string>` | Static headers included with OTEL exporter requests. |152 "Run the final sandboxed child process on a private desktop by default on native Windows. Set `false` only for compatibility with the older `Winsta0\\\\Default` behavior.",

153| `otel.exporter.<id>.protocol` | `binary | json` | Protocol used by the OTLP/HTTP exporter. |153 },

154| `otel.exporter.<id>.tls.ca-certificate` | `string` | CA certificate path for OTEL exporter TLS. |154 {

155| `otel.exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL exporter TLS. |155 key: "notify",

156| `otel.exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL exporter TLS. |156 type: "array<string>",

157| `otel.log_user_prompt` | `boolean` | Opt in to exporting raw user prompts with OpenTelemetry logs. |157 description:

158| `otel.metrics_exporter` | `none | statsig | otlp-http | otlp-grpc` | Select the OpenTelemetry metrics exporter (defaults to `statsig`). |158 "Command invoked for notifications; receives a JSON payload from Codex.",

159| `otel.trace_exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry trace exporter and provide any endpoint metadata. |159 },

160| `otel.trace_exporter.<id>.endpoint` | `string` | Trace exporter endpoint for OTEL logs. |160 {

161| `otel.trace_exporter.<id>.headers` | `map<string,string>` | Static headers included with OTEL trace exporter requests. |161 key: "check_for_update_on_startup",

162| `otel.trace_exporter.<id>.protocol` | `binary | json` | Protocol used by the OTLP/HTTP trace exporter. |162 type: "boolean",

163| `otel.trace_exporter.<id>.tls.ca-certificate` | `string` | CA certificate path for OTEL trace exporter TLS. |163 description:

164| `otel.trace_exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL trace exporter TLS. |164 "Check for Codex updates on startup (set to false only when updates are centrally managed).",

165| `otel.trace_exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL trace exporter TLS. |165 },

166| `permissions.<name>.filesystem` | `table` | Named filesystem permission profile. Each key is an absolute path or special token such as `:minimal` or `:project_roots`. |166 {

167| `permissions.<name>.filesystem.":project_roots".<subpath-or-glob>` | `"read" | "write" | "none"` | Scoped filesystem access relative to the detected project roots. Use `"."` for the root itself; glob subpaths such as `"**/*.env"` can deny reads with `"none"`. |167 key: "feedback.enabled",

168| `permissions.<name>.filesystem.<path-or-glob>` | `"read" | "write" | "none" | table` | Grant direct access for a path, glob pattern, or special token, or scope nested entries under that root. Use `"none"` to deny reads for matching paths. |168 type: "boolean",

169| `permissions.<name>.filesystem.glob_scan_max_depth` | `number` | Maximum depth for expanding deny-read glob patterns on platforms that snapshot matches before sandbox startup. Must be at least `1` when set. |169 description:

170| `permissions.<name>.network.allow_local_binding` | `boolean` | Permit local bind/listen operations through the managed proxy. |170 "Enable feedback submission via `/feedback` across Codex surfaces (default: true).",

171| `permissions.<name>.network.allow_upstream_proxy` | `boolean` | Allow the managed proxy to chain to another upstream proxy. |171 },

172| `permissions.<name>.network.dangerously_allow_all_unix_sockets` | `boolean` | Allow the proxy to use arbitrary Unix sockets instead of the default restricted set. |172 {

173| `permissions.<name>.network.dangerously_allow_non_loopback_proxy` | `boolean` | Permit non-loopback bind addresses for the managed proxy listener. |173 key: "analytics.enabled",

174| `permissions.<name>.network.domains` | `map<string, allow | deny>` | Domain rules for the managed proxy. Use domain names or wildcard patterns as keys, with `allow` or `deny` values. |174 type: "boolean",

175| `permissions.<name>.network.enable_socks5` | `boolean` | Expose a SOCKS5 listener when this permissions profile enables the managed network proxy. |175 description:

176| `permissions.<name>.network.enable_socks5_udp` | `boolean` | Allow UDP over the SOCKS5 listener when enabled. |176 "Enable or disable analytics for this machine/profile. When unset, the client default applies.",

177| `permissions.<name>.network.enabled` | `boolean` | Enable network access for this named permissions profile. |177 },

178| `permissions.<name>.network.mode` | `limited | full` | Network proxy mode used for subprocess traffic. |178 {

179| `permissions.<name>.network.proxy_url` | `string` | HTTP proxy endpoint used when this permissions profile enables the managed network proxy. |179 key: "instructions",

180| `permissions.<name>.network.socks_url` | `string` | SOCKS5 proxy endpoint used by this permissions profile. |180 type: "string",

181| `permissions.<name>.network.unix_sockets` | `map<string, allow | none>` | Unix socket rules for the managed proxy. Use socket paths as keys, with `allow` or `none` values. |181 description:

182| `personality` | `none | friendly | pragmatic` | Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`. |182 "Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`.",

183| `plan_mode_reasoning_effort` | `none | minimal | low | medium | high | xhigh` | Plan-mode-specific reasoning override. When unset, Plan mode uses its built-in preset default. |183 },

184| `profile` | `string` | Default profile applied at startup (equivalent to `--profile`). |184 {

185| `profiles.<name>.*` | `various` | Profile-scoped overrides for any of the supported configuration keys. |185 key: "developer_instructions",

186| `profiles.<name>.analytics.enabled` | `boolean` | Profile-scoped analytics enablement override. |186 type: "string",

187| `profiles.<name>.experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec`. |187 description:

188| `profiles.<name>.model_catalog_json` | `string (path)` | Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile). |188 "Additional developer instructions injected into the session (optional).",

189| `profiles.<name>.model_instructions_file` | `string (path)` | Profile-scoped replacement for the built-in instruction file. |189 },

190| `profiles.<name>.oss_provider` | `lmstudio | ollama` | Profile-scoped OSS provider for `--oss` sessions. |190 {

191| `profiles.<name>.personality` | `none | friendly | pragmatic` | Profile-scoped communication style override for supported models. |191 key: "log_dir",

192| `profiles.<name>.plan_mode_reasoning_effort` | `none | minimal | low | medium | high | xhigh` | Profile-scoped Plan-mode reasoning override. |192 type: "string (path)",

193| `profiles.<name>.service_tier` | `flex | fast` | Profile-scoped service tier preference for new turns. |193 description:

194| `profiles.<name>.tools_view_image` | `boolean` | Enable or disable the `view_image` tool in that profile. |194 "Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`.",

195| `profiles.<name>.web_search` | `disabled | cached | live` | Profile-scoped web search mode override (default: `"cached"`). |195 },

196| `profiles.<name>.windows.sandbox` | `unelevated | elevated` | Profile-scoped Windows sandbox mode override. |196 {

197| `project_doc_fallback_filenames` | `array<string>` | Additional filenames to try when `AGENTS.md` is missing. |197 key: "sqlite_home",

198| `project_doc_max_bytes` | `number` | Maximum bytes read from `AGENTS.md` when building project instructions. |198 type: "string (path)",

199| `project_root_markers` | `array<string>` | List of project root marker filenames; used when searching parent directories for the project root. |199 description:

200| `projects.<path>.trust_level` | `string` | Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers, including project-local config, hooks, and rules. |200 "Directory where Codex stores the SQLite-backed state DB used by agent jobs and other resumable runtime state.",

201| `review_model` | `string` | Optional model override used by `/review` (defaults to the current session model). |201 },

202| `sandbox_mode` | `read-only | workspace-write | danger-full-access` | Sandbox policy for filesystem and network access during command execution. |202 {

203| `sandbox_workspace_write.exclude_slash_tmp` | `boolean` | Exclude `/tmp` from writable roots in workspace-write mode. |203 key: "compact_prompt",

204| `sandbox_workspace_write.exclude_tmpdir_env_var` | `boolean` | Exclude `$TMPDIR` from writable roots in workspace-write mode. |204 type: "string",

205| `sandbox_workspace_write.network_access` | `boolean` | Allow outbound network access inside the workspace-write sandbox. |205 description: "Inline override for the history compaction prompt.",

206| `sandbox_workspace_write.writable_roots` | `array<string>` | Additional writable roots when `sandbox_mode = "workspace-write"`. |206 },

207| `service_tier` | `flex | fast` | Preferred service tier for new turns. |207 {

208| `shell_environment_policy.exclude` | `array<string>` | Glob patterns for removing environment variables after the defaults. |208 key: "commit_attribution",

209| `shell_environment_policy.experimental_use_profile` | `boolean` | Use the user shell profile when spawning subprocesses. |209 type: "string",

210| `shell_environment_policy.ignore_default_excludes` | `boolean` | Keep variables containing KEY/SECRET/TOKEN before other filters run. |210 description:

211| `shell_environment_policy.include_only` | `array<string>` | Whitelist of patterns; when set only matching variables are kept. |211 "Override the commit co-author trailer text. Set an empty string to disable automatic attribution.",

212| `shell_environment_policy.inherit` | `all | core | none` | Baseline environment inheritance when spawning subprocesses. |212 },

213| `shell_environment_policy.set` | `map<string,string>` | Explicit environment overrides injected into every subprocess. |213 {

214| `show_raw_agent_reasoning` | `boolean` | Surface raw reasoning content when the active model emits it. |214 key: "model_instructions_file",

215| `skills.config` | `array<object>` | Per-skill enablement overrides stored in config.toml. |215 type: "string (path)",

216| `skills.config.<index>.enabled` | `boolean` | Enable or disable the referenced skill. |216 description:

217| `skills.config.<index>.path` | `string (path)` | Path to a skill folder containing `SKILL.md`. |217 "Replacement for built-in instructions instead of `AGENTS.md`.",

218| `sqlite_home` | `string (path)` | Directory where Codex stores the SQLite-backed state DB used by agent jobs and other resumable runtime state. |218 },

219| `suppress_unstable_features_warning` | `boolean` | Suppress the warning that appears when under-development feature flags are enabled. |219 {

220| `tool_output_token_limit` | `number` | Token budget for storing individual tool/function outputs in history. |220 key: "personality",

221| `tool_suggest.discoverables` | `array<table>` | Allow tool suggestions for additional discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`. |221 type: "none | friendly | pragmatic",

222| `tools.view_image` | `boolean` | Enable the local-image attachment tool `view_image`. |222 description:

223| `tools.web_search` | `boolean | { context_size = "low|medium|high", allowed_domains = [string], location = { country, region, city, timezone } }` | Optional web search tool configuration. The legacy boolean form is still accepted, but the object form lets you set search context size, allowed domains, and approximate user location. |223 "Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`.",

224| `tui` | `table` | TUI-specific options such as enabling inline desktop notifications. |224 },

225| `tui.alternate_screen` | `auto | always | never` | Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback). |225 {

226| `tui.animations` | `boolean` | Enable terminal animations (welcome screen, shimmer, spinner) (default: true). |226 key: "service_tier",

227| `tui.model_availability_nux.<model>` | `integer` | Internal startup-tooltip state keyed by model slug. |227 type: "flex | fast",

228| `tui.notification_condition` | `unfocused | always` | Control whether TUI notifications fire only when the terminal is unfocused or regardless of focus. Defaults to `unfocused`. |228 description: "Preferred service tier for new turns.",

229| `tui.notification_method` | `auto | osc9 | bel` | Notification method for terminal notifications (default: auto). |229 },

230| `tui.notifications` | `boolean | array<string>` | Enable TUI notifications; optionally restrict to specific event types. |230 {

231| `tui.show_tooltips` | `boolean` | Show onboarding tooltips in the TUI welcome screen (default: true). |231 key: "experimental_compact_prompt_file",

232| `tui.status_line` | `array<string> | null` | Ordered list of TUI footer status-line item identifiers. `null` disables the status line. |232 type: "string (path)",

233| `tui.terminal_title` | `array<string> | null` | Ordered list of terminal window/tab title item identifiers. Defaults to `["spinner", "project"]`; `null` disables title updates. |233 description:

234| `tui.theme` | `string` | Syntax-highlighting theme override (kebab-case theme name). |234 "Load the compaction prompt override from a file (experimental).",

235| `web_search` | `disabled | cached | live` | Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool. |235 },

236| `windows_wsl_setup_acknowledged` | `boolean` | Track Windows onboarding acknowledgement (Windows only). |236 {

237| `windows.sandbox` | `unelevated | elevated` | Windows-only native sandbox mode when running Codex natively on Windows. |237 key: "skills.config",

238| `windows.sandbox_private_desktop` | `boolean` | Run the final sandboxed child process on a private desktop by default on native Windows. Set `false` only for compatibility with the older `Winsta0\\Default` behavior. |238 type: "array<object>",

239 239 description: "Per-skill enablement overrides stored in config.toml.",

240Key240 },

241 241 {

242`agents.<name>.config_file`242 key: "skills.config.<index>.path",

243 243 type: "string (path)",

244Type / Values244 description: "Path to a skill folder containing `SKILL.md`.",

245 245 },

246`string (path)`246 {

247 247 key: "skills.config.<index>.enabled",

248Details248 type: "boolean",

249 249 description: "Enable or disable the referenced skill.",

250Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role.250 },

251 251 {

252Key252 key: "apps.<id>.enabled",

253 253 type: "boolean",

254`agents.<name>.description`254 description:

255 255 "Enable or disable a specific app/connector by id (default: true).",

256Type / Values256 },

257 257 {

258`string`258 key: "apps._default.enabled",

259 259 type: "boolean",

260Details260 description:

261 261 "Default app enabled state for all apps unless overridden per app.",

262Role guidance shown to Codex when choosing and spawning that agent type.262 },

263 263 {

264Key264 key: "apps._default.destructive_enabled",

265 265 type: "boolean",

266`agents.<name>.nickname_candidates`266 description:

267 267 "Default allow/deny for app tools with `destructive_hint = true`.",

268Type / Values268 },

269 269 {

270`array<string>`270 key: "apps._default.open_world_enabled",

271 271 type: "boolean",

272Details272 description:

273 273 "Default allow/deny for app tools with `open_world_hint = true`.",

274Optional pool of display nicknames for spawned agents in that role.274 },

275 275 {

276Key276 key: "apps.<id>.destructive_enabled",

277 277 type: "boolean",

278`agents.job_max_runtime_seconds`278 description:

279 279 "Allow or block tools in this app that advertise `destructive_hint = true`.",

280Type / Values280 },

281 281 {

282`number`282 key: "apps.<id>.open_world_enabled",

283 283 type: "boolean",

284Details284 description:

285 285 "Allow or block tools in this app that advertise `open_world_hint = true`.",

286Default per-worker timeout for `spawn_agents_on_csv` jobs. When unset, the tool falls back to 1800 seconds per worker.286 },

287 287 {

288Key288 key: "apps.<id>.default_tools_enabled",

289 289 type: "boolean",

290`agents.max_depth`290 description:

291 291 "Default enabled state for tools in this app unless a per-tool override exists.",

292Type / Values292 },

293 293 {

294`number`294 key: "apps.<id>.default_tools_approval_mode",

295 295 type: "auto | prompt | approve",

296Details296 description:

297 297 "Default approval behavior for tools in this app unless a per-tool override exists.",

298Maximum nesting depth allowed for spawned agent threads (root sessions start at depth 0; default: 1).298 },

299 299 {

300Key300 key: "apps.<id>.tools.<tool>.enabled",

301 301 type: "boolean",

302`agents.max_threads`302 description:

303 303 "Per-tool enabled override for an app tool (for example `repos/list`).",

304Type / Values304 },

305 305 {

306`number`306 key: "apps.<id>.tools.<tool>.approval_mode",

307 307 type: "auto | prompt | approve",

308Details308 description: "Per-tool approval behavior override for a single app tool.",

309 309 },

310Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset.310 {

311 311 key: "tool_suggest.discoverables",

312Key312 type: "array<table>",

313 313 description:

314`allow_login_shell`314 'Allow tool suggestions for additional discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`.',

315 315 },

316Type / Values316 {

317 317 key: "tool_suggest.disabled_tools",

318`boolean`318 type: "array<table>",

319 319 description:

320Details320 'Disable suggestions for specific discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`.',

321 321 },

322Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells.322 {

323 323 key: "features.apps",

324Key324 type: "boolean",

325 325 description: "Enable ChatGPT Apps/connectors support (experimental).",

326`analytics.enabled`326 },

327 327 {

328Type / Values328 key: "features.codex_hooks",

329 329 type: "boolean",

330`boolean`330 description:

331 331 "Enable lifecycle hooks loaded from `hooks.json` or inline `[hooks]` config.",

332Details332 },

333 333 {

334Enable or disable analytics for this machine/profile. When unset, the client default applies.334 key: "hooks",

335 335 type: "table",

336Key336 description:

337 337 "Lifecycle hooks configured inline in `config.toml`. Uses the same event schema as `hooks.json`; see the Hooks guide for examples and supported events.",

338`approval_policy`338 },

339 339 {

340Type / Values340 key: "features.memories",

341 341 type: "boolean",

342`untrusted | on-request | never | { granular = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool, request_permissions = bool, skill_approval = bool } }`342 description: "Enable [Memories](https://developers.openai.com/codex/memories) (off by default).",

343 343 },

344Details344 {

345 345 key: "mcp_servers.<id>.command",

346Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { granular = { ... } }` to allow or auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs.346 type: "string",

347 347 description: "Launcher command for an MCP stdio server.",

348Key348 },

349 349 {

350`approval_policy.granular.mcp_elicitations`350 key: "mcp_servers.<id>.args",

351 351 type: "array<string>",

352Type / Values352 description: "Arguments passed to the MCP stdio server command.",

353 353 },

354`boolean`354 {

355 355 key: "mcp_servers.<id>.env",

356Details356 type: "map<string,string>",

357 357 description: "Environment variables forwarded to the MCP stdio server.",

358When `true`, MCP elicitation prompts are allowed to surface instead of being auto-rejected.358 },

359 359 {

360Key360 key: "mcp_servers.<id>.env_vars",

361 361 type: 'array<string | { name = string, source = "local" | "remote" }>',

362`approval_policy.granular.request_permissions`362 description:

363 363 'Additional environment variables to whitelist for an MCP stdio server. String entries default to `source = "local"`; use `source = "remote"` only with executor-backed remote stdio.',

364Type / Values364 },

365 365 {

366`boolean`366 key: "mcp_servers.<id>.cwd",

367 367 type: "string",

368Details368 description: "Working directory for the MCP stdio server process.",

369 369 },

370When `true`, prompts from the `request_permissions` tool are allowed to surface.370 {

371 371 key: "mcp_servers.<id>.url",

372Key372 type: "string",

373 373 description: "Endpoint for an MCP streamable HTTP server.",

374`approval_policy.granular.rules`374 },

375 375 {

376Type / Values376 key: "mcp_servers.<id>.bearer_token_env_var",

377 377 type: "string",

378`boolean`378 description:

379 379 "Environment variable sourcing the bearer token for an MCP HTTP server.",

380Details380 },

381 381 {

382When `true`, approvals triggered by execpolicy `prompt` rules are allowed to surface.382 key: "mcp_servers.<id>.http_headers",

383 383 type: "map<string,string>",

384Key384 description: "Static HTTP headers included with each MCP HTTP request.",

385 385 },

386`approval_policy.granular.sandbox_approval`386 {

387 387 key: "mcp_servers.<id>.env_http_headers",

388Type / Values388 type: "map<string,string>",

389 389 description:

390`boolean`390 "HTTP headers populated from environment variables for an MCP HTTP server.",

391 391 },

392Details392 {

393 393 key: "mcp_servers.<id>.enabled",

394When `true`, sandbox escalation approval prompts are allowed to surface.394 type: "boolean",

395 395 description: "Disable an MCP server without removing its configuration.",

396Key396 },

397 397 {

398`approval_policy.granular.skill_approval`398 key: "mcp_servers.<id>.required",

399 399 type: "boolean",

400Type / Values400 description:

401 401 "When true, fail startup/resume if this enabled MCP server cannot initialize.",

402`boolean`402 },

403 403 {

404Details404 key: "mcp_servers.<id>.startup_timeout_sec",

405 405 type: "number",

406When `true`, skill-script approval prompts are allowed to surface.406 description:

407 407 "Override the default 10s startup timeout for an MCP server.",

408Key408 },

409 409 {

410`approvals_reviewer`410 key: "mcp_servers.<id>.startup_timeout_ms",

411 411 type: "number",

412Type / Values412 description: "Alias for `startup_timeout_sec` in milliseconds.",

413 413 },

414`user | auto_review`414 {

415 415 key: "mcp_servers.<id>.tool_timeout_sec",

416Details416 type: "number",

417 417 description:

418Who reviews eligible approval prompts under `on-request` or granular approval policies. Defaults to `user`; `auto_review` uses the reviewer subagent. This setting doesn't change sandboxing or review actions already allowed inside the sandbox.418 "Override the default 60s per-tool timeout for an MCP server.",

419 419 },

420Key420 {

421 421 key: "mcp_servers.<id>.enabled_tools",

422`apps._default.destructive_enabled`422 type: "array<string>",

423 423 description: "Allow list of tool names exposed by the MCP server.",

424Type / Values424 },

425 425 {

426`boolean`426 key: "mcp_servers.<id>.disabled_tools",

427 427 type: "array<string>",

428Details428 description:

429 429 "Deny list applied after `enabled_tools` for the MCP server.",

430Default allow/deny for app tools with `destructive_hint = true`.430 },

431 431 {

432Key432 key: "mcp_servers.<id>.scopes",

433 433 type: "array<string>",

434`apps._default.enabled`434 description:

435 435 "OAuth scopes to request when authenticating to that MCP server.",

436Type / Values436 },

437 437 {

438`boolean`438 key: "mcp_servers.<id>.oauth_resource",

439 439 type: "string",

440Details440 description:

441 441 "Optional RFC 8707 OAuth resource parameter to include during MCP login.",

442Default app enabled state for all apps unless overridden per app.442 },

443 443 {

444Key444 key: "mcp_servers.<id>.experimental_environment",

445 445 type: "local | remote",

446`apps._default.open_world_enabled`446 description:

447 447 "Experimental placement for an MCP server. `remote` starts stdio servers through a remote executor environment; streamable HTTP remote placement is not implemented.",

448Type / Values448 },

449 449 {

450`boolean`450 key: "agents.max_threads",

451 451 type: "number",

452Details452 description:

453 453 "Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset.",

454Default allow/deny for app tools with `open_world_hint = true`.454 },

455 455 {

456Key456 key: "agents.max_depth",

457 457 type: "number",

458`apps.<id>.default_tools_approval_mode`458 description:

459 459 "Maximum nesting depth allowed for spawned agent threads (root sessions start at depth 0; default: 1).",

460Type / Values460 },

461 461 {

462`auto | prompt | approve`462 key: "agents.job_max_runtime_seconds",

463 463 type: "number",

464Details464 description:

465 465 "Default per-worker timeout for `spawn_agents_on_csv` jobs. When unset, the tool falls back to 1800 seconds per worker.",

466Default approval behavior for tools in this app unless a per-tool override exists.466 },

467 467 {

468Key468 key: "agents.<name>.description",

469 469 type: "string",

470`apps.<id>.default_tools_enabled`470 description:

471 471 "Role guidance shown to Codex when choosing and spawning that agent type.",

472Type / Values472 },

473 473 {

474`boolean`474 key: "agents.<name>.config_file",

475 475 type: "string (path)",

476Details476 description:

477 477 "Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role.",

478Default enabled state for tools in this app unless a per-tool override exists.478 },

479 479 {

480Key480 key: "agents.<name>.nickname_candidates",

481 481 type: "array<string>",

482`apps.<id>.destructive_enabled`482 description:

483 483 "Optional pool of display nicknames for spawned agents in that role.",

484Type / Values484 },

485 485 {

486`boolean`486 key: "memories.generate_memories",

487 487 type: "boolean",

488Details488 description:

489 489 "When `false`, newly created threads are not stored as memory-generation inputs. Defaults to `true`.",

490Allow or block tools in this app that advertise `destructive_hint = true`.490 },

491 491 {

492Key492 key: "memories.use_memories",

493 493 type: "boolean",

494`apps.<id>.enabled`494 description:

495 495 "When `false`, Codex skips injecting existing memories into future sessions. Defaults to `true`.",

496Type / Values496 },

497 497 {

498`boolean`498 key: "memories.disable_on_external_context",

499 499 type: "boolean",

500Details500 description:

501 501 "When `true`, threads that use external context such as MCP tool calls, web search, or tool search are kept out of memory generation. Defaults to `false`. Legacy alias: `memories.no_memories_if_mcp_or_web_search`.",

502Enable or disable a specific app/connector by id (default: true).502 },

503 503 {

504Key504 key: "memories.max_raw_memories_for_consolidation",

505 505 type: "number",

506`apps.<id>.open_world_enabled`506 description:

507 507 "Maximum recent raw memories retained for global consolidation. Defaults to `256` and is capped at `4096`.",

508Type / Values508 },

509 509 {

510`boolean`510 key: "memories.max_unused_days",

511 511 type: "number",

512Details512 description:

513 513 "Maximum days since a memory was last used before it becomes ineligible for consolidation. Defaults to `30` and is clamped to `0`-`365`.",

514Allow or block tools in this app that advertise `open_world_hint = true`.514 },

515 515 {

516Key516 key: "memories.max_rollout_age_days",

517 517 type: "number",

518`apps.<id>.tools.<tool>.approval_mode`518 description:

519 519 "Maximum age of threads considered for memory generation. Defaults to `30` and is clamped to `0`-`90`.",

520Type / Values520 },

521 521 {

522`auto | prompt | approve`522 key: "memories.max_rollouts_per_startup",

523 523 type: "number",

524Details524 description:

525 525 "Maximum rollout candidates processed per startup pass. Defaults to `16` and is capped at `128`.",

526Per-tool approval behavior override for a single app tool.526 },

527 527 {

528Key528 key: "memories.min_rollout_idle_hours",

529 529 type: "number",

530`apps.<id>.tools.<tool>.enabled`530 description:

531 531 "Minimum idle time before a thread is considered for memory generation. Defaults to `6` and is clamped to `1`-`48`.",

532Type / Values532 },

533 533 {

534`boolean`534 key: "memories.min_rate_limit_remaining_percent",

535 535 type: "number",

536Details536 description:

537 537 "Minimum remaining percentage required in Codex rate-limit windows before memory generation starts. Defaults to `25` and is clamped to `0`-`100`.",

538Per-tool enabled override for an app tool (for example `repos/list`).538 },

539 539 {

540Key540 key: "memories.extract_model",

541 541 type: "string",

542`auto_review.policy`542 description: "Optional model override for per-thread memory extraction.",

543 543 },

544Type / Values544 {

545 545 key: "memories.consolidation_model",

546`string`546 type: "string",

547 547 description: "Optional model override for global memory consolidation.",

548Details548 },

549 549 {

550Local Markdown policy instructions for automatic review. Managed `guardian_policy_config` takes precedence. Blank values are ignored.550 key: "features.unified_exec",

551 551 type: "boolean",

552Key552 description:

553 553 "Use the unified PTY-backed exec tool (stable; enabled by default except on Windows).",

554`background_terminal_max_timeout`554 },

555 555 {

556Type / Values556 key: "features.shell_snapshot",

557 557 type: "boolean",

558`number`558 description:

559 559 "Snapshot shell environment to speed up repeated commands (stable; on by default).",

560Details560 },

561 561 {

562Maximum poll window in milliseconds for empty `write_stdin` polls (background terminal polling). Default: `300000` (5 minutes). Replaces the older `background_terminal_timeout` key.562 key: "features.undo",

563 563 type: "boolean",

564Key564 description: "Enable undo support (stable; off by default).",

565 565 },

566`chatgpt_base_url`566 {

567 567 key: "features.multi_agent",

568Type / Values568 type: "boolean",

569 569 description:

570`string`570 "Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait_agent`, and `close_agent`) (stable; on by default).",

571 571 },

572Details572 {

573 573 key: "features.personality",

574Override the base URL used during the ChatGPT login flow.574 type: "boolean",

575 575 description:

576Key576 "Enable personality selection controls (stable; on by default).",

577 577 },

578`check_for_update_on_startup`578 {

579 579 key: "features.web_search",

580Type / Values580 type: "boolean",

581 581 description:

582`boolean`582 "Deprecated legacy toggle; prefer the top-level `web_search` setting.",

583 583 },

584Details584 {

585 585 key: "features.web_search_cached",

586Check for Codex updates on startup (set to false only when updates are centrally managed).586 type: "boolean",

587 587 description:

588Key588 'Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`.',

589 589 },

590`cli_auth_credentials_store`590 {

591 591 key: "features.web_search_request",

592Type / Values592 type: "boolean",

593 593 description:

594`file | keyring | auto`594 'Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`.',

595 595 },

596Details596 {

597 597 key: "features.shell_tool",

598Control where the CLI stores cached credentials (file-based auth.json vs OS keychain).598 type: "boolean",

599 599 description:

600Key600 "Enable the default `shell` tool for running commands (stable; on by default).",

601 601 },

602`commit_attribution`602 {

603 603 key: "features.enable_request_compression",

604Type / Values604 type: "boolean",

605 605 description:

606`string`606 "Compress streaming request bodies with zstd when supported (stable; on by default).",

607 607 },

608Details608 {

609 609 key: "features.skill_mcp_dependency_install",

610Override the commit co-author trailer text. Set an empty string to disable automatic attribution.610 type: "boolean",

611 611 description:

612Key612 "Allow prompting and installing missing MCP dependencies for skills (stable; on by default).",

613 613 },

614`compact_prompt`614 {

615 615 key: "features.fast_mode",

616Type / Values616 type: "boolean",

617 617 description:

618`string`618 'Enable Fast mode selection and the `service_tier = "fast"` path (stable; on by default).',

619 619 },

620Details620 {

621 621 key: "features.prevent_idle_sleep",

622Inline override for the history compaction prompt.622 type: "boolean",

623 623 description:

624Key624 "Prevent the machine from sleeping while a turn is actively running (experimental; off by default).",

625 625 },

626`default_permissions`626 {

627 627 key: "suppress_unstable_features_warning",

628Type / Values628 type: "boolean",

629 629 description:

630`string`630 "Suppress the warning that appears when under-development feature flags are enabled.",

631 631 },

632Details632 {

633 633 key: "model_providers.<id>",

634Name of the default permissions profile to apply to sandboxed tool calls.634 type: "table",

635 635 description:

636Key636 "Custom provider definition. Built-in provider IDs (`openai`, `ollama`, and `lmstudio`) are reserved and cannot be overridden.",

637 637 },

638`developer_instructions`638 {

639 639 key: "model_providers.<id>.name",

640Type / Values640 type: "string",

641 641 description: "Display name for a custom model provider.",

642`string`642 },

643 643 {

644Details644 key: "model_providers.<id>.base_url",

645 645 type: "string",

646Additional developer instructions injected into the session (optional).646 description: "API base URL for the model provider.",

647 647 },

648Key648 {

649 649 key: "model_providers.<id>.env_key",

650`disable_paste_burst`650 type: "string",

651 651 description: "Environment variable supplying the provider API key.",

652Type / Values652 },

653 653 {

654`boolean`654 key: "model_providers.<id>.env_key_instructions",

655 655 type: "string",

656Details656 description: "Optional setup guidance for the provider API key.",

657 657 },

658Disable burst-paste detection in the TUI.658 {

659 659 key: "model_providers.<id>.experimental_bearer_token",

660Key660 type: "string",

661 661 description:

662`experimental_compact_prompt_file`662 "Direct bearer token for the provider (discouraged; use `env_key`).",

663 663 },

664Type / Values664 {

665 665 key: "model_providers.<id>.requires_openai_auth",

666`string (path)`666 type: "boolean",

667 667 description:

668Details668 "The provider uses OpenAI authentication (defaults to false).",

669 669 },

670Load the compaction prompt override from a file (experimental).670 {

671 671 key: "model_providers.<id>.wire_api",

672Key672 type: "responses",

673 673 description:

674`experimental_use_unified_exec_tool`674 "Protocol used by the provider. `responses` is the only supported value, and it is the default when omitted.",

675 675 },

676Type / Values676 {

677 677 key: "model_providers.<id>.query_params",

678`boolean`678 type: "map<string,string>",

679 679 description: "Extra query parameters appended to provider requests.",

680Details680 },

681 681 {

682Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`.682 key: "model_providers.<id>.http_headers",

683 683 type: "map<string,string>",

684Key684 description: "Static HTTP headers added to provider requests.",

685 685 },

686`features.apps`686 {

687 687 key: "model_providers.<id>.env_http_headers",

688Type / Values688 type: "map<string,string>",

689 689 description:

690`boolean`690 "HTTP headers populated from environment variables when present.",

691 691 },

692Details692 {

693 693 key: "model_providers.<id>.request_max_retries",

694Enable ChatGPT Apps/connectors support (experimental).694 type: "number",

695 695 description:

696Key696 "Retry count for HTTP requests to the provider (default: 4).",

697 697 },

698`features.codex_hooks`698 {

699 699 key: "model_providers.<id>.stream_max_retries",

700Type / Values700 type: "number",

701 701 description: "Retry count for SSE streaming interruptions (default: 5).",

702`boolean`702 },

703 703 {

704Details704 key: "model_providers.<id>.stream_idle_timeout_ms",

705 705 type: "number",

706Enable lifecycle hooks loaded from `hooks.json` or inline `[hooks]` config.706 description:

707 707 "Idle timeout for SSE streams in milliseconds (default: 300000).",

708Key708 },

709 709 {

710`features.enable_request_compression`710 key: "model_providers.<id>.supports_websockets",

711 711 type: "boolean",

712Type / Values712 description:

713 713 "Whether that provider supports the Responses API WebSocket transport.",

714`boolean`714 },

715 715 {

716Details716 key: "model_providers.<id>.auth",

717 717 type: "table",

718Compress streaming request bodies with zstd when supported (stable; on by default).718 description:

719 719 "Command-backed bearer token configuration for a custom provider. Do not combine with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`.",

720Key720 },

721 721 {

722`features.fast_mode`722 key: "model_providers.<id>.auth.command",

723 723 type: "string",

724Type / Values724 description:

725 725 "Command to run when Codex needs a bearer token. The command must print the token to stdout.",

726`boolean`726 },

727 727 {

728Details728 key: "model_providers.<id>.auth.args",

729 729 type: "array<string>",

730Enable Fast mode selection and the `service_tier = "fast"` path (stable; on by default).730 description: "Arguments passed to the token command.",

731 731 },

732Key732 {

733 733 key: "model_providers.<id>.auth.timeout_ms",

734`features.memories`734 type: "number",

735 735 description:

736Type / Values736 "Maximum token command runtime in milliseconds (default: 5000).",

737 737 },

738`boolean`738 {

739 739 key: "model_providers.<id>.auth.refresh_interval_ms",

740Details740 type: "number",

741 741 description:

742Enable [Memories](https://developers.openai.com/codex/memories) (off by default).742 "How often Codex proactively refreshes the token in milliseconds (default: 300000). Set to `0` to refresh only after an authentication retry.",

743 743 },

744Key744 {

745 745 key: "model_providers.<id>.auth.cwd",

746`features.multi_agent`746 type: "string (path)",

747 747 description: "Working directory for the token command.",

748Type / Values748 },

749 749 {

750`boolean`750 key: "model_providers.amazon-bedrock.aws.profile",

751 751 type: "string",

752Details752 description:

753 753 "AWS profile name used by the built-in `amazon-bedrock` provider.",

754Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait_agent`, and `close_agent`) (stable; on by default).754 },

755 755 {

756Key756 key: "model_providers.amazon-bedrock.aws.region",

757 757 type: "string",

758`features.personality`758 description: "AWS region used by the built-in `amazon-bedrock` provider.",

759 759 },

760Type / Values760 {

761 761 key: "model_reasoning_effort",

762`boolean`762 type: "minimal | low | medium | high | xhigh",

763 763 description:

764Details764 "Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent).",

765 765 },

766Enable personality selection controls (stable; on by default).766 {

767 767 key: "plan_mode_reasoning_effort",

768Key768 type: "none | minimal | low | medium | high | xhigh",

769 769 description:

770`features.prevent_idle_sleep`770 "Plan-mode-specific reasoning override. When unset, Plan mode uses its built-in preset default.",

771 771 },

772Type / Values772 {

773 773 key: "model_reasoning_summary",

774`boolean`774 type: "auto | concise | detailed | none",

775 775 description:

776Details776 "Select reasoning summary detail or disable summaries entirely.",

777 777 },

778Prevent the machine from sleeping while a turn is actively running (experimental; off by default).778 {

779 779 key: "model_verbosity",

780Key780 type: "low | medium | high",

781 781 description:

782`features.shell_snapshot`782 "Optional GPT-5 Responses API verbosity override; when unset, the selected model/preset default is used.",

783 783 },

784Type / Values784 {

785 785 key: "model_supports_reasoning_summaries",

786`boolean`786 type: "boolean",

787 787 description: "Force Codex to send or not send reasoning metadata.",

788Details788 },

789 789 {

790Snapshot shell environment to speed up repeated commands (stable; on by default).790 key: "shell_environment_policy.inherit",

791 791 type: "all | core | none",

792Key792 description:

793 793 "Baseline environment inheritance when spawning subprocesses.",

794`features.shell_tool`794 },

795 795 {

796Type / Values796 key: "shell_environment_policy.ignore_default_excludes",

797 797 type: "boolean",

798`boolean`798 description:

799 799 "Keep variables containing KEY/SECRET/TOKEN before other filters run.",

800Details800 },

801 801 {

802Enable the default `shell` tool for running commands (stable; on by default).802 key: "shell_environment_policy.exclude",

803 803 type: "array<string>",

804Key804 description:

805 805 "Glob patterns for removing environment variables after the defaults.",

806`features.skill_mcp_dependency_install`806 },

807 807 {

808Type / Values808 key: "shell_environment_policy.include_only",

809 809 type: "array<string>",