config-reference.md Codex Docs, 2026-04-30 18:36 UTC → 2026-05-14 07:00 UTC

8 8 

9For sandbox and approval keys (`approval_policy`, `sandbox_mode`, and `sandbox_workspace_write.*`), pair this reference with [Sandbox and approvals](https://developers.openai.com/codex/agent-approvals-security#sandbox-and-approvals), [Protected paths in writable roots](https://developers.openai.com/codex/agent-approvals-security#protected-paths-in-writable-roots), and [Network access](https://developers.openai.com/codex/agent-approvals-security#network-access).9For sandbox and approval keys (`approval_policy`, `sandbox_mode`, and `sandbox_workspace_write.*`), pair this reference with [Sandbox and approvals](https://developers.openai.com/codex/agent-approvals-security#sandbox-and-approvals), [Protected paths in writable roots](https://developers.openai.com/codex/agent-approvals-security#protected-paths-in-writable-roots), and [Network access](https://developers.openai.com/codex/agent-approvals-security#network-access).

10 10 

11| Key | Type / Values | Details |11<ConfigTable

12| --- | --- | --- |12 options={[

13| `agents.<name>.config_file` | `string (path)` | Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role. |13 {

14| `agents.<name>.description` | `string` | Role guidance shown to Codex when choosing and spawning that agent type. |14 key: "model",

15| `agents.<name>.nickname_candidates` | `array<string>` | Optional pool of display nicknames for spawned agents in that role. |15 type: "string",

16| `agents.job_max_runtime_seconds` | `number` | Default per-worker timeout for `spawn_agents_on_csv` jobs. When unset, the tool falls back to 1800 seconds per worker. |16 description: "Model to use (e.g., `gpt-5.5`).",

17| `agents.max_depth` | `number` | Maximum nesting depth allowed for spawned agent threads (root sessions start at depth 0; default: 1). |17 },

18| `agents.max_threads` | `number` | Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset. |18 {

19| `allow_login_shell` | `boolean` | Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells. |19 key: "review_model",

20| `analytics.enabled` | `boolean` | Enable or disable analytics for this machine/profile. When unset, the client default applies. |20 type: "string",

21| `approval_policy` | `untrusted | on-request | never | { granular = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool, request_permissions = bool, skill_approval = bool } }` | Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { granular = { ... } }` to allow or auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs. |21 description:

22| `approval_policy.granular.mcp_elicitations` | `boolean` | When `true`, MCP elicitation prompts are allowed to surface instead of being auto-rejected. |22 "Optional model override used by `/review` (defaults to the current session model).",

23| `approval_policy.granular.request_permissions` | `boolean` | When `true`, prompts from the `request_permissions` tool are allowed to surface. |23 },

24| `approval_policy.granular.rules` | `boolean` | When `true`, approvals triggered by execpolicy `prompt` rules are allowed to surface. |24 {

25| `approval_policy.granular.sandbox_approval` | `boolean` | When `true`, sandbox escalation approval prompts are allowed to surface. |25 key: "model_provider",

26| `approval_policy.granular.skill_approval` | `boolean` | When `true`, skill-script approval prompts are allowed to surface. |26 type: "string",

27| `approvals_reviewer` | `user | auto_review` | Who reviews eligible approval prompts under `on-request` or granular approval policies. Defaults to `user`; `auto_review` uses the reviewer subagent. This setting doesn't change sandboxing or review actions already allowed inside the sandbox. |27 description: "Provider id from `model_providers` (default: `openai`).",

28| `apps._default.destructive_enabled` | `boolean` | Default allow/deny for app tools with `destructive_hint = true`. |28 },

29| `apps._default.enabled` | `boolean` | Default app enabled state for all apps unless overridden per app. |29 {

30| `apps._default.open_world_enabled` | `boolean` | Default allow/deny for app tools with `open_world_hint = true`. |30 key: "openai_base_url",

31| `apps.<id>.default_tools_approval_mode` | `auto | prompt | approve` | Default approval behavior for tools in this app unless a per-tool override exists. |31 type: "string",

32| `apps.<id>.default_tools_enabled` | `boolean` | Default enabled state for tools in this app unless a per-tool override exists. |32 description:

33| `apps.<id>.destructive_enabled` | `boolean` | Allow or block tools in this app that advertise `destructive_hint = true`. |33 "Base URL override for the built-in `openai` model provider.",

34| `apps.<id>.enabled` | `boolean` | Enable or disable a specific app/connector by id (default: true). |34 },

35| `apps.<id>.open_world_enabled` | `boolean` | Allow or block tools in this app that advertise `open_world_hint = true`. |35 {

36| `apps.<id>.tools.<tool>.approval_mode` | `auto | prompt | approve` | Per-tool approval behavior override for a single app tool. |36 key: "model_context_window",

37| `apps.<id>.tools.<tool>.enabled` | `boolean` | Per-tool enabled override for an app tool (for example `repos/list`). |37 type: "number",

38| `auto_review.policy` | `string` | Local Markdown policy instructions for automatic review. Managed `guardian_policy_config` takes precedence. Blank values are ignored. |38 description: "Context window tokens available to the active model.",

39| `background_terminal_max_timeout` | `number` | Maximum poll window in milliseconds for empty `write_stdin` polls (background terminal polling). Default: `300000` (5 minutes). Replaces the older `background_terminal_timeout` key. |39 },

40| `chatgpt_base_url` | `string` | Override the base URL used during the ChatGPT login flow. |40 {

41| `check_for_update_on_startup` | `boolean` | Check for Codex updates on startup (set to false only when updates are centrally managed). |41 key: "model_auto_compact_token_limit",

42| `cli_auth_credentials_store` | `file | keyring | auto` | Control where the CLI stores cached credentials (file-based auth.json vs OS keychain). |42 type: "number",

43| `commit_attribution` | `string` | Override the commit co-author trailer text. Set an empty string to disable automatic attribution. |43 description:

44| `compact_prompt` | `string` | Inline override for the history compaction prompt. |44 "Token threshold that triggers automatic history compaction (unset uses model defaults).",

45| `default_permissions` | `string` | Name of the default permissions profile to apply to sandboxed tool calls. Built-ins are `:read-only`, `:workspace`, and `:danger-no-sandbox`; custom profile names require matching `[permissions.<name>]` tables. |45 },

46| `developer_instructions` | `string` | Additional developer instructions injected into the session (optional). |46 {

47| `disable_paste_burst` | `boolean` | Disable burst-paste detection in the TUI. |47 key: "model_catalog_json",

48| `experimental_compact_prompt_file` | `string (path)` | Load the compaction prompt override from a file (experimental). |48 type: "string (path)",

49| `experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`. |49 description:

50| `features.apps` | `boolean` | Enable ChatGPT Apps/connectors support (experimental). |50 "Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile.",

51| `features.codex_hooks` | `boolean` | Enable lifecycle hooks loaded from `hooks.json` or inline `[hooks]` config. |51 },

52| `features.enable_request_compression` | `boolean` | Compress streaming request bodies with zstd when supported (stable; on by default). |52 {

53| `features.fast_mode` | `boolean` | Enable Fast mode selection and the `service_tier = "fast"` path (stable; on by default). |53 key: "oss_provider",

54| `features.memories` | `boolean` | Enable [Memories](https://developers.openai.com/codex/memories) (off by default). |54 type: "lmstudio | ollama",

55| `features.multi_agent` | `boolean` | Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait_agent`, and `close_agent`) (stable; on by default). |55 description:

56| `features.personality` | `boolean` | Enable personality selection controls (stable; on by default). |56 "Default local provider used when running with `--oss` (defaults to prompting if unset).",

57| `features.prevent_idle_sleep` | `boolean` | Prevent the machine from sleeping while a turn is actively running (experimental; off by default). |57 },

58| `features.shell_snapshot` | `boolean` | Snapshot shell environment to speed up repeated commands (stable; on by default). |58 {

59| `features.shell_tool` | `boolean` | Enable the default `shell` tool for running commands (stable; on by default). |59 key: "approval_policy",

60| `features.skill_mcp_dependency_install` | `boolean` | Allow prompting and installing missing MCP dependencies for skills (stable; on by default). |60 type: "untrusted | on-request | never | { granular = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool, request_permissions = bool, skill_approval = bool } }",

61| `features.undo` | `boolean` | Enable undo support (stable; off by default). |61 description:

62| `features.unified_exec` | `boolean` | Use the unified PTY-backed exec tool (stable; enabled by default except on Windows). |62 "Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { granular = { ... } }` to allow or auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs.",

63| `features.web_search` | `boolean` | Deprecated legacy toggle; prefer the top-level `web_search` setting. |63 },

64| `features.web_search_cached` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`. |64 {

65| `features.web_search_request` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`. |65 key: "approval_policy.granular.sandbox_approval",

66| `feedback.enabled` | `boolean` | Enable feedback submission via `/feedback` across Codex surfaces (default: true). |66 type: "boolean",

67| `file_opener` | `vscode | vscode-insiders | windsurf | cursor | none` | URI scheme used to open citations from Codex output (default: `vscode`). |67 description:

68| `forced_chatgpt_workspace_id` | `string (uuid)` | Limit ChatGPT logins to a specific workspace identifier. |68 "When `true`, sandbox escalation approval prompts are allowed to surface.",

69| `forced_login_method` | `chatgpt | api` | Restrict Codex to a specific authentication method. |69 },

70| `hide_agent_reasoning` | `boolean` | Suppress reasoning events in both the TUI and `codex exec` output. |70 {

71| `history.max_bytes` | `number` | If set, caps the history file size in bytes by dropping oldest entries. |71 key: "approval_policy.granular.rules",

72| `history.persistence` | `save-all | none` | Control whether Codex saves session transcripts to history.jsonl. |72 type: "boolean",

73| `hooks` | `table` | Lifecycle hooks configured inline in `config.toml`. Uses the same event schema as `hooks.json`; see the Hooks guide for examples and supported events. |73 description:

74| `instructions` | `string` | Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`. |74 "When `true`, approvals triggered by execpolicy `prompt` rules are allowed to surface.",

75| `log_dir` | `string (path)` | Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`. |75 },

76| `mcp_oauth_callback_port` | `integer` | Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS. |76 {

77| `mcp_oauth_callback_url` | `string` | Optional redirect URI override for MCP OAuth login (for example, a devbox ingress URL). `mcp_oauth_callback_port` still controls the callback listener port. |77 key: "approval_policy.granular.mcp_elicitations",

78| `mcp_oauth_credentials_store` | `auto | file | keyring` | Preferred store for MCP OAuth credentials. |78 type: "boolean",

79| `mcp_servers.<id>.args` | `array<string>` | Arguments passed to the MCP stdio server command. |79 description:

80| `mcp_servers.<id>.bearer_token_env_var` | `string` | Environment variable sourcing the bearer token for an MCP HTTP server. |80 "When `true`, MCP elicitation prompts are allowed to surface instead of being auto-rejected.",

81| `mcp_servers.<id>.command` | `string` | Launcher command for an MCP stdio server. |81 },

82| `mcp_servers.<id>.cwd` | `string` | Working directory for the MCP stdio server process. |82 {

83| `mcp_servers.<id>.disabled_tools` | `array<string>` | Deny list applied after `enabled_tools` for the MCP server. |83 key: "approval_policy.granular.request_permissions",

84| `mcp_servers.<id>.enabled` | `boolean` | Disable an MCP server without removing its configuration. |84 type: "boolean",

85| `mcp_servers.<id>.enabled_tools` | `array<string>` | Allow list of tool names exposed by the MCP server. |85 description:

86| `mcp_servers.<id>.env` | `map<string,string>` | Environment variables forwarded to the MCP stdio server. |86 "When `true`, prompts from the `request_permissions` tool are allowed to surface.",

87| `mcp_servers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables for an MCP HTTP server. |87 },

88| `mcp_servers.<id>.env_vars` | `array<string | { name = string, source = "local" | "remote" }>` | Additional environment variables to whitelist for an MCP stdio server. String entries default to `source = "local"`; use `source = "remote"` only with executor-backed remote stdio. |88 {

89| `mcp_servers.<id>.experimental_environment` | `local | remote` | Experimental placement for an MCP server. `remote` starts stdio servers through a remote executor environment; streamable HTTP remote placement is not implemented. |89 key: "approval_policy.granular.skill_approval",

90| `mcp_servers.<id>.http_headers` | `map<string,string>` | Static HTTP headers included with each MCP HTTP request. |90 type: "boolean",

91| `mcp_servers.<id>.oauth_resource` | `string` | Optional RFC 8707 OAuth resource parameter to include during MCP login. |91 description:

92| `mcp_servers.<id>.required` | `boolean` | When true, fail startup/resume if this enabled MCP server cannot initialize. |92 "When `true`, skill-script approval prompts are allowed to surface.",

93| `mcp_servers.<id>.scopes` | `array<string>` | OAuth scopes to request when authenticating to that MCP server. |93 },

94| `mcp_servers.<id>.startup_timeout_ms` | `number` | Alias for `startup_timeout_sec` in milliseconds. |94 {

95| `mcp_servers.<id>.startup_timeout_sec` | `number` | Override the default 10s startup timeout for an MCP server. |95 key: "approvals_reviewer",

96| `mcp_servers.<id>.tool_timeout_sec` | `number` | Override the default 60s per-tool timeout for an MCP server. |96 type: "user | auto_review",

97| `mcp_servers.<id>.url` | `string` | Endpoint for an MCP streamable HTTP server. |97 description:

98| `memories.consolidation_model` | `string` | Optional model override for global memory consolidation. |98 "Who reviews eligible approval prompts under `on-request` or granular approval policies. Defaults to `user`; `auto_review` uses the reviewer subagent. This setting doesn't change sandboxing or review actions already allowed inside the sandbox.",

99| `memories.disable_on_external_context` | `boolean` | When `true`, threads that use external context such as MCP tool calls, web search, or tool search are kept out of memory generation. Defaults to `false`. Legacy alias: `memories.no_memories_if_mcp_or_web_search`. |99 },

100| `memories.extract_model` | `string` | Optional model override for per-thread memory extraction. |100 {

101| `memories.generate_memories` | `boolean` | When `false`, newly created threads are not stored as memory-generation inputs. Defaults to `true`. |101 key: "auto_review.policy",

102| `memories.max_raw_memories_for_consolidation` | `number` | Maximum recent raw memories retained for global consolidation. Defaults to `256` and is capped at `4096`. |102 type: "string",

103| `memories.max_rollout_age_days` | `number` | Maximum age of threads considered for memory generation. Defaults to `30` and is clamped to `0`-`90`. |103 description:

104| `memories.max_rollouts_per_startup` | `number` | Maximum rollout candidates processed per startup pass. Defaults to `16` and is capped at `128`. |104 "Local Markdown policy instructions for automatic review. Managed `guardian_policy_config` takes precedence. Blank values are ignored.",

105| `memories.max_unused_days` | `number` | Maximum days since a memory was last used before it becomes ineligible for consolidation. Defaults to `30` and is clamped to `0`-`365`. |105 },

106| `memories.min_rate_limit_remaining_percent` | `number` | Minimum remaining percentage required in Codex rate-limit windows before memory generation starts. Defaults to `25` and is clamped to `0`-`100`. |106 {

107| `memories.min_rollout_idle_hours` | `number` | Minimum idle time before a thread is considered for memory generation. Defaults to `6` and is clamped to `1`-`48`. |107 key: "allow_login_shell",

108| `memories.use_memories` | `boolean` | When `false`, Codex skips injecting existing memories into future sessions. Defaults to `true`. |108 type: "boolean",

109| `model` | `string` | Model to use (e.g., `gpt-5.5`). |109 description:

110| `model_auto_compact_token_limit` | `number` | Token threshold that triggers automatic history compaction (unset uses model defaults). |110 "Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells.",

111| `model_catalog_json` | `string (path)` | Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile. |111 },

112| `model_context_window` | `number` | Context window tokens available to the active model. |112 {

113| `model_instructions_file` | `string (path)` | Replacement for built-in instructions instead of `AGENTS.md`. |113 key: "sandbox_mode",

114| `model_provider` | `string` | Provider id from `model_providers` (default: `openai`). |114 type: "read-only | workspace-write | danger-full-access",

115| `model_providers.<id>` | `table` | Custom provider definition. Built-in provider IDs (`openai`, `ollama`, and `lmstudio`) are reserved and cannot be overridden. |115 description:

116| `model_providers.<id>.auth` | `table` | Command-backed bearer token configuration for a custom provider. Do not combine with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`. |116 "Sandbox policy for filesystem and network access during command execution.",

117| `model_providers.<id>.auth.args` | `array<string>` | Arguments passed to the token command. |117 },

118| `model_providers.<id>.auth.command` | `string` | Command to run when Codex needs a bearer token. The command must print the token to stdout. |118 {

119| `model_providers.<id>.auth.cwd` | `string (path)` | Working directory for the token command. |119 key: "sandbox_workspace_write.writable_roots",

120| `model_providers.<id>.auth.refresh_interval_ms` | `number` | How often Codex proactively refreshes the token in milliseconds (default: 300000). Set to `0` to refresh only after an authentication retry. |120 type: "array<string>",

121| `model_providers.<id>.auth.timeout_ms` | `number` | Maximum token command runtime in milliseconds (default: 5000). |121 description:

122| `model_providers.<id>.base_url` | `string` | API base URL for the model provider. |122 'Additional writable roots when `sandbox_mode = "workspace-write"`.',

123| `model_providers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables when present. |123 },

124| `model_providers.<id>.env_key` | `string` | Environment variable supplying the provider API key. |124 {

125| `model_providers.<id>.env_key_instructions` | `string` | Optional setup guidance for the provider API key. |125 key: "sandbox_workspace_write.network_access",

126| `model_providers.<id>.experimental_bearer_token` | `string` | Direct bearer token for the provider (discouraged; use `env_key`). |126 type: "boolean",

127| `model_providers.<id>.http_headers` | `map<string,string>` | Static HTTP headers added to provider requests. |127 description:

128| `model_providers.<id>.name` | `string` | Display name for a custom model provider. |128 "Allow outbound network access inside the workspace-write sandbox.",

129| `model_providers.<id>.query_params` | `map<string,string>` | Extra query parameters appended to provider requests. |129 },

130| `model_providers.<id>.request_max_retries` | `number` | Retry count for HTTP requests to the provider (default: 4). |130 {

131| `model_providers.<id>.requires_openai_auth` | `boolean` | The provider uses OpenAI authentication (defaults to false). |131 key: "sandbox_workspace_write.exclude_tmpdir_env_var",

132| `model_providers.<id>.stream_idle_timeout_ms` | `number` | Idle timeout for SSE streams in milliseconds (default: 300000). |132 type: "boolean",

133| `model_providers.<id>.stream_max_retries` | `number` | Retry count for SSE streaming interruptions (default: 5). |133 description:

134| `model_providers.<id>.supports_websockets` | `boolean` | Whether that provider supports the Responses API WebSocket transport. |134 "Exclude `$TMPDIR` from writable roots in workspace-write mode.",

135| `model_providers.<id>.wire_api` | `responses` | Protocol used by the provider. `responses` is the only supported value, and it is the default when omitted. |135 },

136| `model_providers.amazon-bedrock.aws.profile` | `string` | AWS profile name used by the built-in `amazon-bedrock` provider. |136 {

137| `model_providers.amazon-bedrock.aws.region` | `string` | AWS region used by the built-in `amazon-bedrock` provider. |137 key: "sandbox_workspace_write.exclude_slash_tmp",

138| `model_reasoning_effort` | `minimal | low | medium | high | xhigh` | Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent). |138 type: "boolean",

139| `model_reasoning_summary` | `auto | concise | detailed | none` | Select reasoning summary detail or disable summaries entirely. |139 description:

140| `model_supports_reasoning_summaries` | `boolean` | Force Codex to send or not send reasoning metadata. |140 "Exclude `/tmp` from writable roots in workspace-write mode.",

141| `model_verbosity` | `low | medium | high` | Optional GPT-5 Responses API verbosity override; when unset, the selected model/preset default is used. |141 },

142| `notice.hide_full_access_warning` | `boolean` | Track acknowledgement of the full access warning prompt. |142 {

143| `notice.hide_gpt-5.1-codex-max_migration_prompt` | `boolean` | Track acknowledgement of the gpt-5.1-codex-max migration prompt. |143 key: "windows.sandbox",

144| `notice.hide_gpt5_1_migration_prompt` | `boolean` | Track acknowledgement of the GPT-5.1 migration prompt. |144 type: "unelevated | elevated",

145| `notice.hide_rate_limit_model_nudge` | `boolean` | Track opt-out of the rate limit model switch reminder. |145 description:

146| `notice.hide_world_writable_warning` | `boolean` | Track acknowledgement of the Windows world-writable directories warning. |146 "Windows-only native sandbox mode when running Codex natively on Windows.",

147| `notice.model_migrations` | `map<string,string>` | Track acknowledged model migrations as old->new mappings. |147 },

148| `notify` | `array<string>` | Command invoked for notifications; receives a JSON payload from Codex. |148 {

149| `openai_base_url` | `string` | Base URL override for the built-in `openai` model provider. |149 key: "windows.sandbox_private_desktop",

150| `oss_provider` | `lmstudio | ollama` | Default local provider used when running with `--oss` (defaults to prompting if unset). |150 type: "boolean",

151| `otel.environment` | `string` | Environment tag applied to emitted OpenTelemetry events (default: `dev`). |151 description:

152| `otel.exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry exporter and provide any endpoint metadata. |152 "Run the final sandboxed child process on a private desktop by default on native Windows. Set `false` only for compatibility with the older `Winsta0\\\\Default` behavior.",

153| `otel.exporter.<id>.endpoint` | `string` | Exporter endpoint for OTEL logs. |153 },

154| `otel.exporter.<id>.headers` | `map<string,string>` | Static headers included with OTEL exporter requests. |154 {

155| `otel.exporter.<id>.protocol` | `binary | json` | Protocol used by the OTLP/HTTP exporter. |155 key: "notify",

156| `otel.exporter.<id>.tls.ca-certificate` | `string` | CA certificate path for OTEL exporter TLS. |156 type: "array<string>",

157| `otel.exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL exporter TLS. |157 description:

158| `otel.exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL exporter TLS. |158 "Command invoked for notifications; receives a JSON payload from Codex.",

159| `otel.log_user_prompt` | `boolean` | Opt in to exporting raw user prompts with OpenTelemetry logs. |159 },

160| `otel.metrics_exporter` | `none | statsig | otlp-http | otlp-grpc` | Select the OpenTelemetry metrics exporter (defaults to `statsig`). |160 {

161| `otel.trace_exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry trace exporter and provide any endpoint metadata. |161 key: "check_for_update_on_startup",

162| `otel.trace_exporter.<id>.endpoint` | `string` | Trace exporter endpoint for OTEL logs. |162 type: "boolean",

163| `otel.trace_exporter.<id>.headers` | `map<string,string>` | Static headers included with OTEL trace exporter requests. |163 description:

164| `otel.trace_exporter.<id>.protocol` | `binary | json` | Protocol used by the OTLP/HTTP trace exporter. |164 "Check for Codex updates on startup (set to false only when updates are centrally managed).",

165| `otel.trace_exporter.<id>.tls.ca-certificate` | `string` | CA certificate path for OTEL trace exporter TLS. |165 },

166| `otel.trace_exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL trace exporter TLS. |166 {

167| `otel.trace_exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL trace exporter TLS. |167 key: "feedback.enabled",

168| `permissions.<name>.filesystem` | `table` | Named filesystem permission profile. Each key is an absolute path or special token such as `:minimal` or `:project_roots`. |168 type: "boolean",

169| `permissions.<name>.filesystem.":project_roots".<subpath-or-glob>` | `"read" | "write" | "none"` | Scoped filesystem access relative to the detected project roots. Use `"."` for the root itself; glob subpaths such as `"**/*.env"` can deny reads with `"none"`. |169 description:

170| `permissions.<name>.filesystem.<path-or-glob>` | `"read" | "write" | "none" | table` | Grant direct access for a path, glob pattern, or special token, or scope nested entries under that root. Use `"none"` to deny reads for matching paths. |170 "Enable feedback submission via `/feedback` across Codex surfaces (default: true).",

171| `permissions.<name>.filesystem.glob_scan_max_depth` | `number` | Maximum depth for expanding deny-read glob patterns on platforms that snapshot matches before sandbox startup. Must be at least `1` when set. |171 },

172| `permissions.<name>.network.allow_local_binding` | `boolean` | Permit local bind/listen operations through the managed proxy. |172 {

173| `permissions.<name>.network.allow_upstream_proxy` | `boolean` | Allow the managed proxy to chain to another upstream proxy. |173 key: "analytics.enabled",

174| `permissions.<name>.network.dangerously_allow_all_unix_sockets` | `boolean` | Allow the proxy to use arbitrary Unix sockets instead of the default restricted set. |174 type: "boolean",

175| `permissions.<name>.network.dangerously_allow_non_loopback_proxy` | `boolean` | Permit non-loopback bind addresses for the managed proxy listener. |175 description:

176| `permissions.<name>.network.domains` | `map<string, allow | deny>` | Domain rules for the managed proxy. Use domain names or wildcard patterns as keys, with `allow` or `deny` values. |176 "Enable or disable analytics for this machine/profile. When unset, the client default applies.",

177| `permissions.<name>.network.enable_socks5` | `boolean` | Expose a SOCKS5 listener when this permissions profile enables the managed network proxy. |177 },

178| `permissions.<name>.network.enable_socks5_udp` | `boolean` | Allow UDP over the SOCKS5 listener when enabled. |178 {

179| `permissions.<name>.network.enabled` | `boolean` | Enable network access for this named permissions profile. |179 key: "instructions",

180| `permissions.<name>.network.mode` | `limited | full` | Network proxy mode used for subprocess traffic. |180 type: "string",

181| `permissions.<name>.network.proxy_url` | `string` | HTTP proxy endpoint used when this permissions profile enables the managed network proxy. |181 description:

182| `permissions.<name>.network.socks_url` | `string` | SOCKS5 proxy endpoint used by this permissions profile. |182 "Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`.",

183| `permissions.<name>.network.unix_sockets` | `map<string, allow | none>` | Unix socket rules for the managed proxy. Use socket paths as keys, with `allow` or `none` values. |183 },

184| `personality` | `none | friendly | pragmatic` | Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`. |184 {

185| `plan_mode_reasoning_effort` | `none | minimal | low | medium | high | xhigh` | Plan-mode-specific reasoning override. When unset, Plan mode uses its built-in preset default. |185 key: "developer_instructions",

186| `profile` | `string` | Default profile applied at startup (equivalent to `--profile`). |186 type: "string",

187| `profiles.<name>.*` | `various` | Profile-scoped overrides for any of the supported configuration keys. |187 description:

188| `profiles.<name>.analytics.enabled` | `boolean` | Profile-scoped analytics enablement override. |188 "Additional developer instructions injected into the session (optional).",

189| `profiles.<name>.experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec`. |189 },

190| `profiles.<name>.model_catalog_json` | `string (path)` | Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile). |190 {

191| `profiles.<name>.model_instructions_file` | `string (path)` | Profile-scoped replacement for the built-in instruction file. |191 key: "log_dir",

192| `profiles.<name>.oss_provider` | `lmstudio | ollama` | Profile-scoped OSS provider for `--oss` sessions. |192 type: "string (path)",

193| `profiles.<name>.personality` | `none | friendly | pragmatic` | Profile-scoped communication style override for supported models. |193 description:

194| `profiles.<name>.plan_mode_reasoning_effort` | `none | minimal | low | medium | high | xhigh` | Profile-scoped Plan-mode reasoning override. |194 "Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`.",

195| `profiles.<name>.service_tier` | `flex | fast` | Profile-scoped service tier preference for new turns. |195 },

196| `profiles.<name>.tools_view_image` | `boolean` | Enable or disable the `view_image` tool in that profile. |196 {

197| `profiles.<name>.web_search` | `disabled | cached | live` | Profile-scoped web search mode override (default: `"cached"`). |197 key: "sqlite_home",

198| `profiles.<name>.windows.sandbox` | `unelevated | elevated` | Profile-scoped Windows sandbox mode override. |198 type: "string (path)",

199| `project_doc_fallback_filenames` | `array<string>` | Additional filenames to try when `AGENTS.md` is missing. |199 description:

200| `project_doc_max_bytes` | `number` | Maximum bytes read from `AGENTS.md` when building project instructions. |200 "Directory where Codex stores the SQLite-backed state DB used by agent jobs and other resumable runtime state.",

201| `project_root_markers` | `array<string>` | List of project root marker filenames; used when searching parent directories for the project root. |201 },

202| `projects.<path>.trust_level` | `string` | Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers, including project-local config, hooks, and rules. |202 {

203| `review_model` | `string` | Optional model override used by `/review` (defaults to the current session model). |203 key: "compact_prompt",

204| `sandbox_mode` | `read-only | workspace-write | danger-full-access` | Sandbox policy for filesystem and network access during command execution. |204 type: "string",

205| `sandbox_workspace_write.exclude_slash_tmp` | `boolean` | Exclude `/tmp` from writable roots in workspace-write mode. |205 description: "Inline override for the history compaction prompt.",

206| `sandbox_workspace_write.exclude_tmpdir_env_var` | `boolean` | Exclude `$TMPDIR` from writable roots in workspace-write mode. |206 },

207| `sandbox_workspace_write.network_access` | `boolean` | Allow outbound network access inside the workspace-write sandbox. |207 {

208| `sandbox_workspace_write.writable_roots` | `array<string>` | Additional writable roots when `sandbox_mode = "workspace-write"`. |208 key: "commit_attribution",

209| `service_tier` | `flex | fast` | Preferred service tier for new turns. |209 type: "string",

210| `shell_environment_policy.exclude` | `array<string>` | Glob patterns for removing environment variables after the defaults. |210 description:

211| `shell_environment_policy.experimental_use_profile` | `boolean` | Use the user shell profile when spawning subprocesses. |211 'Commit co-author trailer used when `[features].codex_git_commit` is enabled. Defaults to `Codex <noreply@openai.com>`; set `""` to disable.',

212| `shell_environment_policy.ignore_default_excludes` | `boolean` | Keep variables containing KEY/SECRET/TOKEN before other filters run. |212 },

213| `shell_environment_policy.include_only` | `array<string>` | Whitelist of patterns; when set only matching variables are kept. |213 {

214| `shell_environment_policy.inherit` | `all | core | none` | Baseline environment inheritance when spawning subprocesses. |214 key: "model_instructions_file",

215| `shell_environment_policy.set` | `map<string,string>` | Explicit environment overrides injected into every subprocess. |215 type: "string (path)",

216| `show_raw_agent_reasoning` | `boolean` | Surface raw reasoning content when the active model emits it. |216 description:

217| `skills.config` | `array<object>` | Per-skill enablement overrides stored in config.toml. |217 "Replacement for built-in instructions instead of `AGENTS.md`.",

218| `skills.config.<index>.enabled` | `boolean` | Enable or disable the referenced skill. |218 },

219| `skills.config.<index>.path` | `string (path)` | Path to a skill folder containing `SKILL.md`. |219 {

220| `sqlite_home` | `string (path)` | Directory where Codex stores the SQLite-backed state DB used by agent jobs and other resumable runtime state. |220 key: "personality",

221| `suppress_unstable_features_warning` | `boolean` | Suppress the warning that appears when under-development feature flags are enabled. |221 type: "none | friendly | pragmatic",

222| `tool_output_token_limit` | `number` | Token budget for storing individual tool/function outputs in history. |222 description:

223| `tool_suggest.disabled_tools` | `array<table>` | Disable suggestions for specific discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`. |223 "Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`.",

224| `tool_suggest.discoverables` | `array<table>` | Allow tool suggestions for additional discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`. |224 },

225| `tools.view_image` | `boolean` | Enable the local-image attachment tool `view_image`. |225 {

226| `tools.web_search` | `boolean | { context_size = "low|medium|high", allowed_domains = [string], location = { country, region, city, timezone } }` | Optional web search tool configuration. The legacy boolean form is still accepted, but the object form lets you set search context size, allowed domains, and approximate user location. |226 key: "service_tier",

227| `tui` | `table` | TUI-specific options such as enabling inline desktop notifications. |227 type: "flex | fast",

228| `tui.alternate_screen` | `auto | always | never` | Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback). |228 description: "Preferred service tier for new turns.",

229| `tui.animations` | `boolean` | Enable terminal animations (welcome screen, shimmer, spinner) (default: true). |229 },

230| `tui.keymap.<context>.<action>` | `string | array<string>` | Keyboard shortcut binding for a TUI action. Supported contexts include `global`, `chat`, `composer`, `editor`, `pager`, `list`, and `approval`; context-specific bindings override `tui.keymap.global`. |230 {

231| `tui.keymap.<context>.<action> = []` | `empty array` | Unbind the action in that keymap context. Key names use normalized strings such as `ctrl-a`, `shift-enter`, or `page-down`. |231 key: "experimental_compact_prompt_file",

232| `tui.model_availability_nux.<model>` | `integer` | Internal startup-tooltip state keyed by model slug. |232 type: "string (path)",

233| `tui.notification_condition` | `unfocused | always` | Control whether TUI notifications fire only when the terminal is unfocused or regardless of focus. Defaults to `unfocused`. |233 description:

234| `tui.notification_method` | `auto | osc9 | bel` | Notification method for terminal notifications (default: auto). |234 "Load the compaction prompt override from a file (experimental).",

235| `tui.notifications` | `boolean | array<string>` | Enable TUI notifications; optionally restrict to specific event types. |235 },

236| `tui.show_tooltips` | `boolean` | Show onboarding tooltips in the TUI welcome screen (default: true). |236 {

237| `tui.status_line` | `array<string> | null` | Ordered list of TUI footer status-line item identifiers. `null` disables the status line. |237 key: "skills.config",

238| `tui.terminal_title` | `array<string> | null` | Ordered list of terminal window/tab title item identifiers. Defaults to `["spinner", "project"]`; `null` disables title updates. |238 type: "array<object>",

239| `tui.theme` | `string` | Syntax-highlighting theme override (kebab-case theme name). |239 description: "Per-skill enablement overrides stored in config.toml.",

240| `web_search` | `disabled | cached | live` | Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool. |240 },

241| `windows_wsl_setup_acknowledged` | `boolean` | Track Windows onboarding acknowledgement (Windows only). |241 {

242| `windows.sandbox` | `unelevated | elevated` | Windows-only native sandbox mode when running Codex natively on Windows. |242 key: "skills.config.<index>.path",

243| `windows.sandbox_private_desktop` | `boolean` | Run the final sandboxed child process on a private desktop by default on native Windows. Set `false` only for compatibility with the older `Winsta0\\Default` behavior. |243 type: "string (path)",

244 244 description: "Path to a skill folder containing `SKILL.md`.",

245Key245 },

246 246 {

247`agents.<name>.config_file`247 key: "skills.config.<index>.enabled",

248 248 type: "boolean",

249Type / Values249 description: "Enable or disable the referenced skill.",

250 250 },

251`string (path)`251 {

252 252 key: "apps.<id>.enabled",

253Details253 type: "boolean",

254 254 description:

255Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role.255 "Enable or disable a specific app/connector by id (default: true).",

256 256 },

257Key257 {

258 258 key: "apps._default.enabled",

259`agents.<name>.description`259 type: "boolean",

260 260 description:

261Type / Values261 "Default app enabled state for all apps unless overridden per app.",

262 262 },

263`string`263 {

264 264 key: "apps._default.destructive_enabled",

265Details265 type: "boolean",

266 266 description:

267Role guidance shown to Codex when choosing and spawning that agent type.267 "Default allow/deny for app tools with `destructive_hint = true`.",

268 268 },

269Key269 {

270 270 key: "apps._default.open_world_enabled",

271`agents.<name>.nickname_candidates`271 type: "boolean",

272 272 description:

273Type / Values273 "Default allow/deny for app tools with `open_world_hint = true`.",

274 274 },

275`array<string>`275 {

276 276 key: "apps.<id>.destructive_enabled",

277Details277 type: "boolean",

278 278 description:

279Optional pool of display nicknames for spawned agents in that role.279 "Allow or block tools in this app that advertise `destructive_hint = true`.",

280 280 },

281Key281 {

282 282 key: "apps.<id>.open_world_enabled",

283`agents.job_max_runtime_seconds`283 type: "boolean",

284 284 description:

285Type / Values285 "Allow or block tools in this app that advertise `open_world_hint = true`.",

286 286 },

287`number`287 {

288 288 key: "apps.<id>.default_tools_enabled",

289Details289 type: "boolean",

290 290 description:

291Default per-worker timeout for `spawn_agents_on_csv` jobs. When unset, the tool falls back to 1800 seconds per worker.291 "Default enabled state for tools in this app unless a per-tool override exists.",

292 292 },

293Key293 {

294 294 key: "apps.<id>.default_tools_approval_mode",

295`agents.max_depth`295 type: "auto | prompt | approve",

296 296 description:

297Type / Values297 "Default approval behavior for tools in this app unless a per-tool override exists.",

298 298 },

299`number`299 {

300 300 key: "apps.<id>.tools.<tool>.enabled",

301Details301 type: "boolean",

302 302 description:

303Maximum nesting depth allowed for spawned agent threads (root sessions start at depth 0; default: 1).303 "Per-tool enabled override for an app tool (for example `repos/list`).",

304 304 },

305Key305 {

306 306 key: "apps.<id>.tools.<tool>.approval_mode",

307`agents.max_threads`307 type: "auto | prompt | approve",

308 308 description: "Per-tool approval behavior override for a single app tool.",

309Type / Values309 },

310 310 {

311`number`311 key: "tool_suggest.discoverables",

312 312 type: "array<table>",

313Details313 description:

314 314 'Allow tool suggestions for additional discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`.',

315Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset.315 },

316 316 {

317Key317 key: "tool_suggest.disabled_tools",

318 318 type: "array<table>",

319`allow_login_shell`319 description:

320 320 'Disable suggestions for specific discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`.',

321Type / Values321 },

322 322 {

323`boolean`323 key: "features.apps",

324 324 type: "boolean",

325Details325 description: "Enable ChatGPT Apps/connectors support (experimental).",

326 326 },

327Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells.327 {

328 328 key: "features.codex_hooks",

329Key329 type: "boolean",

330 330 description:

331`analytics.enabled`331 "Enable lifecycle hooks loaded from `hooks.json` or inline `[hooks]` config.",

332 332 },

333Type / Values333 {

334 334 key: "features.codex_git_commit",

335`boolean`335 type: "boolean",

336 336 description:

337Details337 "Enable Codex-generated git commits. When enabled, Codex uses `commit_attribution` to append a `Co-authored-by:` trailer to generated commit messages.",

338 338 },

339Enable or disable analytics for this machine/profile. When unset, the client default applies.339 {

340 340 key: "hooks",

341Key341 type: "table",

342 342 description:

343`approval_policy`343 "Lifecycle hooks configured inline in `config.toml`. Uses the same event schema as `hooks.json`; see the Hooks guide for examples and supported events.",

344 344 },

345Type / Values345 {

346 346 key: "features.memories",

347`untrusted | on-request | never | { granular = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool, request_permissions = bool, skill_approval = bool } }`347 type: "boolean",

348 348 description: "Enable [Memories](https://developers.openai.com/codex/memories) (off by default).",

349Details349 },

350 350 {

351Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { granular = { ... } }` to allow or auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs.351 key: "mcp_servers.<id>.command",

352 352 type: "string",

353Key353 description: "Launcher command for an MCP stdio server.",

354 354 },

355`approval_policy.granular.mcp_elicitations`355 {

356 356 key: "mcp_servers.<id>.args",

357Type / Values357 type: "array<string>",

358 358 description: "Arguments passed to the MCP stdio server command.",

359`boolean`359 },

360 360 {

361Details361 key: "mcp_servers.<id>.env",

362 362 type: "map<string,string>",

363When `true`, MCP elicitation prompts are allowed to surface instead of being auto-rejected.363 description: "Environment variables forwarded to the MCP stdio server.",

364 364 },

365Key365 {

366 366 key: "mcp_servers.<id>.env_vars",

367`approval_policy.granular.request_permissions`367 type: 'array<string | { name = string, source = "local" | "remote" }>',

368 368 description:

369Type / Values369 'Additional environment variables to whitelist for an MCP stdio server. String entries default to `source = "local"`; use `source = "remote"` only with executor-backed remote stdio.',

370 370 },

371`boolean`371 {

372 372 key: "mcp_servers.<id>.cwd",

373Details373 type: "string",

374 374 description: "Working directory for the MCP stdio server process.",

375When `true`, prompts from the `request_permissions` tool are allowed to surface.375 },

376 376 {

377Key377 key: "mcp_servers.<id>.url",

378 378 type: "string",

379`approval_policy.granular.rules`379 description: "Endpoint for an MCP streamable HTTP server.",

380 380 },

381Type / Values381 {

382 382 key: "mcp_servers.<id>.bearer_token_env_var",

383`boolean`383 type: "string",

384 384 description:

385Details385 "Environment variable sourcing the bearer token for an MCP HTTP server.",

386 386 },

387When `true`, approvals triggered by execpolicy `prompt` rules are allowed to surface.387 {

388 388 key: "mcp_servers.<id>.http_headers",

389Key389 type: "map<string,string>",

390 390 description: "Static HTTP headers included with each MCP HTTP request.",

391`approval_policy.granular.sandbox_approval`391 },

392 392 {

393Type / Values393 key: "mcp_servers.<id>.env_http_headers",

394 394 type: "map<string,string>",

395`boolean`395 description:

396 396 "HTTP headers populated from environment variables for an MCP HTTP server.",

397Details397 },

398 398 {

399When `true`, sandbox escalation approval prompts are allowed to surface.399 key: "mcp_servers.<id>.enabled",

400 400 type: "boolean",

401Key401 description: "Disable an MCP server without removing its configuration.",

402 402 },

403`approval_policy.granular.skill_approval`403 {

404 404 key: "mcp_servers.<id>.required",

405Type / Values405 type: "boolean",

406 406 description:

407`boolean`407 "When true, fail startup/resume if this enabled MCP server cannot initialize.",

408 408 },

409Details409 {

410 410 key: "mcp_servers.<id>.startup_timeout_sec",

411When `true`, skill-script approval prompts are allowed to surface.411 type: "number",

412 412 description:

413Key413 "Override the default 10s startup timeout for an MCP server.",

414 414 },

415`approvals_reviewer`415 {

416 416 key: "mcp_servers.<id>.startup_timeout_ms",

417Type / Values417 type: "number",

418 418 description: "Alias for `startup_timeout_sec` in milliseconds.",

419`user | auto_review`419 },

420 420 {

421Details421 key: "mcp_servers.<id>.tool_timeout_sec",

422 422 type: "number",

423Who reviews eligible approval prompts under `on-request` or granular approval policies. Defaults to `user`; `auto_review` uses the reviewer subagent. This setting doesn't change sandboxing or review actions already allowed inside the sandbox.423 description:

424 424 "Override the default 60s per-tool timeout for an MCP server.",

425Key425 },

426 426 {

427`apps._default.destructive_enabled`427 key: "mcp_servers.<id>.enabled_tools",

428 428 type: "array<string>",

429Type / Values429 description: "Allow list of tool names exposed by the MCP server.",

430 430 },

431`boolean`431 {

432 432 key: "mcp_servers.<id>.disabled_tools",

433Details433 type: "array<string>",

434 434 description:

435Default allow/deny for app tools with `destructive_hint = true`.435 "Deny list applied after `enabled_tools` for the MCP server.",

436 436 },

437Key437 {

438 438 key: "mcp_servers.<id>.scopes",

439`apps._default.enabled`439 type: "array<string>",

440 440 description:

441Type / Values441 "OAuth scopes to request when authenticating to that MCP server.",

442 442 },

443`boolean`443 {

444 444 key: "mcp_servers.<id>.oauth_resource",

445Details445 type: "string",

446 446 description:

447Default app enabled state for all apps unless overridden per app.447 "Optional RFC 8707 OAuth resource parameter to include during MCP login.",

448 448 },

449Key449 {

450 450 key: "mcp_servers.<id>.experimental_environment",

451`apps._default.open_world_enabled`451 type: "local | remote",

452 452 description:

453Type / Values453 "Experimental placement for an MCP server. `remote` starts stdio servers through a remote executor environment; streamable HTTP remote placement is not implemented.",

454 454 },

455`boolean`455 {

456 456 key: "agents.max_threads",

457Details457 type: "number",

458 458 description:

459Default allow/deny for app tools with `open_world_hint = true`.459 "Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset.",

460 460 },

461Key461 {

462 462 key: "agents.max_depth",

463`apps.<id>.default_tools_approval_mode`463 type: "number",

464 464 description:

465Type / Values465 "Maximum nesting depth allowed for spawned agent threads (root sessions start at depth 0; default: 1).",

466 466 },

467`auto | prompt | approve`467 {

468 468 key: "agents.job_max_runtime_seconds",

469Details469 type: "number",

470 470 description:

471Default approval behavior for tools in this app unless a per-tool override exists.471 "Default per-worker timeout for `spawn_agents_on_csv` jobs. When unset, the tool falls back to 1800 seconds per worker.",

472 472 },

473Key473 {

474 474 key: "agents.<name>.description",

475`apps.<id>.default_tools_enabled`475 type: "string",

476 476 description:

477Type / Values477 "Role guidance shown to Codex when choosing and spawning that agent type.",

478 478 },

479`boolean`479 {

480 480 key: "agents.<name>.config_file",

481Details481 type: "string (path)",

482 482 description:

483Default enabled state for tools in this app unless a per-tool override exists.483 "Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role.",

484 484 },

485Key485 {

486 486 key: "agents.<name>.nickname_candidates",

487`apps.<id>.destructive_enabled`487 type: "array<string>",

488 488 description:

489Type / Values489 "Optional pool of display nicknames for spawned agents in that role.",

490 490 },

491`boolean`491 {

492 492 key: "memories.generate_memories",

493Details493 type: "boolean",

494 494 description:

495Allow or block tools in this app that advertise `destructive_hint = true`.495 "When `false`, newly created threads are not stored as memory-generation inputs. Defaults to `true`.",

496 496 },

497Key497 {

498 498 key: "memories.use_memories",

499`apps.<id>.enabled`499 type: "boolean",

500 500 description:

501Type / Values501 "When `false`, Codex skips injecting existing memories into future sessions. Defaults to `true`.",

502 502 },

503`boolean`503 {

504 504 key: "memories.disable_on_external_context",

505Details505 type: "boolean",

506 506 description:

507Enable or disable a specific app/connector by id (default: true).507 "When `true`, threads that use external context such as MCP tool calls, web search, or tool search are kept out of memory generation. Defaults to `false`. Legacy alias: `memories.no_memories_if_mcp_or_web_search`.",

508 508 },

509Key509 {

510 510 key: "memories.max_raw_memories_for_consolidation",

511`apps.<id>.open_world_enabled`511 type: "number",

512 512 description:

513Type / Values513 "Maximum recent raw memories retained for global consolidation. Defaults to `256` and is capped at `4096`.",

514 514 },

515`boolean`515 {

516 516 key: "memories.max_unused_days",

517Details517 type: "number",

518 518 description:

519Allow or block tools in this app that advertise `open_world_hint = true`.519 "Maximum days since a memory was last used before it becomes ineligible for consolidation. Defaults to `30` and is clamped to `0`-`365`.",

520 520 },

521Key521 {

522 522 key: "memories.max_rollout_age_days",

523`apps.<id>.tools.<tool>.approval_mode`523 type: "number",

524 524 description:

525Type / Values525 "Maximum age of threads considered for memory generation. Defaults to `30` and is clamped to `0`-`90`.",

526 526 },

527`auto | prompt | approve`527 {

528 528 key: "memories.max_rollouts_per_startup",

529Details529 type: "number",

530 530 description:

531Per-tool approval behavior override for a single app tool.531 "Maximum rollout candidates processed per startup pass. Defaults to `16` and is capped at `128`.",

532 532 },

533Key533 {

534 534 key: "memories.min_rollout_idle_hours",

535`apps.<id>.tools.<tool>.enabled`535 type: "number",

536 536 description:

537Type / Values537 "Minimum idle time before a thread is considered for memory generation. Defaults to `6` and is clamped to `1`-`48`.",

538 538 },

539`boolean`539 {

540 540 key: "memories.min_rate_limit_remaining_percent",

541Details541 type: "number",

542 542 description:

543Per-tool enabled override for an app tool (for example `repos/list`).543 "Minimum remaining percentage required in Codex rate-limit windows before memory generation starts. Defaults to `25` and is clamped to `0`-`100`.",

544 544 },

545Key545 {

546 546 key: "memories.extract_model",

547`auto_review.policy`547 type: "string",

548 548 description: "Optional model override for per-thread memory extraction.",

549Type / Values549 },

550 550 {

551`string`551 key: "memories.consolidation_model",

552 552 type: "string",

553Details553 description: "Optional model override for global memory consolidation.",

554 554 },

555Local Markdown policy instructions for automatic review. Managed `guardian_policy_config` takes precedence. Blank values are ignored.555 {

556 556 key: "features.unified_exec",

557Key557 type: "boolean",

558 558 description:

559`background_terminal_max_timeout`559 "Use the unified PTY-backed exec tool (stable; enabled by default except on Windows).",

560 560 },

561Type / Values561 {

562 562 key: "features.shell_snapshot",

563`number`563 type: "boolean",

564 564 description:

565Details565 "Snapshot shell environment to speed up repeated commands (stable; on by default).",

566 566 },

567Maximum poll window in milliseconds for empty `write_stdin` polls (background terminal polling). Default: `300000` (5 minutes). Replaces the older `background_terminal_timeout` key.567 {

568 568 key: "features.undo",

569Key569 type: "boolean",

570 570 description: "Enable undo support (stable; off by default).",

571`chatgpt_base_url`571 },

572 572 {

573Type / Values573 key: "features.multi_agent",

574 574 type: "boolean",

575`string`575 description:

576 576 "Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait_agent`, and `close_agent`) (stable; on by default).",

577Details577 },

578 578 {

579Override the base URL used during the ChatGPT login flow.579 key: "features.personality",

580 580 type: "boolean",

581Key581 description:

582 582 "Enable personality selection controls (stable; on by default).",

583`check_for_update_on_startup`583 },

584 584 {

585Type / Values585 key: "features.web_search",

586 586 type: "boolean",

587`boolean`587 description:

588 588 "Deprecated legacy toggle; prefer the top-level `web_search` setting.",

589Details589 },

590 590 {

591Check for Codex updates on startup (set to false only when updates are centrally managed).591 key: "features.web_search_cached",

592 592 type: "boolean",

593Key593 description:

594 594 'Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`.',

595`cli_auth_credentials_store`595 },

596 596 {

597Type / Values597 key: "features.web_search_request",

598 598 type: "boolean",

599`file | keyring | auto`599 description:

600 600 'Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`.',

601Details601 },

602 602 {

603Control where the CLI stores cached credentials (file-based auth.json vs OS keychain).603 key: "features.shell_tool",

604 604 type: "boolean",

605Key605 description:

606 606 "Enable the default `shell` tool for running commands (stable; on by default).",

607`commit_attribution`607 },

608 608 {

609Type / Values609 key: "features.enable_request_compression",

610 610 type: "boolean",

611`string`611 description:

612 612 "Compress streaming request bodies with zstd when supported (stable; on by default).",

613Details613 },

614 614 {

615Override the commit co-author trailer text. Set an empty string to disable automatic attribution.615 key: "features.skill_mcp_dependency_install",

616 616 type: "boolean",

617Key617 description:

618 618 "Allow prompting and installing missing MCP dependencies for skills (stable; on by default).",

619`compact_prompt`619 },

620 620 {

621Type / Values621 key: "features.fast_mode",

622 622 type: "boolean",

623`string`623 description:

624 624 'Enable Fast mode selection and the `service_tier = "fast"` path (stable; on by default).',

625Details625 },

626 626 {

627Inline override for the history compaction prompt.627 key: "features.prevent_idle_sleep",

628 628 type: "boolean",

629Key629 description:

630 630 "Prevent the machine from sleeping while a turn is actively running (experimental; off by default).",

631`default_permissions`631 },

632 632 {

633Type / Values633 key: "suppress_unstable_features_warning",

634 634 type: "boolean",

635`string`635 description:

636 636 "Suppress the warning that appears when under-development feature flags are enabled.",

637Details637 },

638 638 {

639Name of the default permissions profile to apply to sandboxed tool calls. Built-ins are `:read-only`, `:workspace`, and `:danger-no-sandbox`; custom profile names require matching `[permissions.<name>]` tables.639 key: "model_providers.<id>",

640 640 type: "table",

641Key641 description:

642 642 "Custom provider definition. Built-in provider IDs (`openai`, `ollama`, and `lmstudio`) are reserved and cannot be overridden.",

643`developer_instructions`643 },

644 644 {

645Type / Values645 key: "model_providers.<id>.name",

646 646 type: "string",

647`string`647 description: "Display name for a custom model provider.",

648 648 },

649Details649 {

650 650 key: "model_providers.<id>.base_url",

651Additional developer instructions injected into the session (optional).651 type: "string",

652 652 description: "API base URL for the model provider.",

653Key653 },

654 654 {

655`disable_paste_burst`655 key: "model_providers.<id>.env_key",

656 656 type: "string",

657Type / Values657 description: "Environment variable supplying the provider API key.",

658 658 },

659`boolean`659 {

660 660 key: "model_providers.<id>.env_key_instructions",

661Details661 type: "string",

662 662 description: "Optional setup guidance for the provider API key.",

663Disable burst-paste detection in the TUI.663 },

664 664 {

665Key665 key: "model_providers.<id>.experimental_bearer_token",

666 666 type: "string",

667`experimental_compact_prompt_file`667 description:

668 668 "Direct bearer token for the provider (discouraged; use `env_key`).",

669Type / Values669 },

670 670 {

671`string (path)`671 key: "model_providers.<id>.requires_openai_auth",

672 672 type: "boolean",

673Details673 description:

674 674 "The provider uses OpenAI authentication (defaults to false).",

675Load the compaction prompt override from a file (experimental).675 },

676 676 {

677Key677 key: "model_providers.<id>.wire_api",

678 678 type: "responses",

679`experimental_use_unified_exec_tool`679 description:

680 680 "Protocol used by the provider. `responses` is the only supported value, and it is the default when omitted.",

681Type / Values681 },

682 682 {

683`boolean`683 key: "model_providers.<id>.query_params",

684 684 type: "map<string,string>",

685Details685 description: "Extra query parameters appended to provider requests.",

686 686 },

687Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`.687 {

688 688 key: "model_providers.<id>.http_headers",

689Key689 type: "map<string,string>",

690 690 description: "Static HTTP headers added to provider requests.",

691`features.apps`691 },

692 692 {

693Type / Values693 key: "model_providers.<id>.env_http_headers",

694 694 type: "map<string,string>",

695`boolean`695 description:

696 696 "HTTP headers populated from environment variables when present.",

697Details697 },

698 698 {

699Enable ChatGPT Apps/connectors support (experimental).699 key: "model_providers.<id>.request_max_retries",

700 700 type: "number",

701Key701 description:

702 702 "Retry count for HTTP requests to the provider (default: 4).",

703`features.codex_hooks`703 },

704 704 {

705Type / Values705 key: "model_providers.<id>.stream_max_retries",

706 706 type: "number",

707`boolean`707 description: "Retry count for SSE streaming interruptions (default: 5).",

708 708 },

709Details709 {

710 710 key: "model_providers.<id>.stream_idle_timeout_ms",

711Enable lifecycle hooks loaded from `hooks.json` or inline `[hooks]` config.711 type: "number",

712 712 description:

713Key713 "Idle timeout for SSE streams in milliseconds (default: 300000).",

714 714 },

715`features.enable_request_compression`715 {

716 716 key: "model_providers.<id>.supports_websockets",

717Type / Values717 type: "boolean",

718 718 description:

719`boolean`719 "Whether that provider supports the Responses API WebSocket transport.",

720 720 },

721Details721 {

722 722 key: "model_providers.<id>.auth",

723Compress streaming request bodies with zstd when supported (stable; on by default).723 type: "table",

724 724 description:

725Key725 "Command-backed bearer token configuration for a custom provider. Do not combine with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`.",

726 726 },

727`features.fast_mode`727 {

728 728 key: "model_providers.<id>.auth.command",

729Type / Values729 type: "string",

730 730 description:

731`boolean`731 "Command to run when Codex needs a bearer token. The command must print the token to stdout.",

732 732 },

733Details733 {

734 734 key: "model_providers.<id>.auth.args",

735Enable Fast mode selection and the `service_tier = "fast"` path (stable; on by default).735 type: "array<string>",

736 736 description: "Arguments passed to the token command.",

737Key737 },

738 738 {

739`features.memories`739 key: "model_providers.<id>.auth.timeout_ms",

740 740 type: "number",

741Type / Values741 description:

742 742 "Maximum token command runtime in milliseconds (default: 5000).",

743`boolean`743 },

744 744 {

745Details745 key: "model_providers.<id>.auth.refresh_interval_ms",

746 746 type: "number",

747Enable [Memories](https://developers.openai.com/codex/memories) (off by default).747 description:

748 748 "How often Codex proactively refreshes the token in milliseconds (default: 300000). Set to `0` to refresh only after an authentication retry.",

749Key749 },

750 750 {

751`features.multi_agent`751 key: "model_providers.<id>.auth.cwd",

752 752 type: "string (path)",

753Type / Values753 description: "Working directory for the token command.",

754 754 },

755`boolean`755 {

756 756 key: "model_providers.amazon-bedrock.aws.profile",

757Details757 type: "string",

758 758 description:

759Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait_agent`, and `close_agent`) (stable; on by default).759 "AWS profile name used by the built-in `amazon-bedrock` provider.",

760 760 },

761Key761 {

762 762 key: "model_providers.amazon-bedrock.aws.region",

763`features.personality`763 type: "string",

764 764 description: "AWS region used by the built-in `amazon-bedrock` provider.",

765Type / Values765 },

766 766 {