config-sample.md +82 −20
1# Sample Configuration1# Sample Configuration
2 2
3A complete example config.toml you can copy and adapt
4
5Use this example configuration as a starting point. It includes most keys Codex reads from `config.toml`, along with defaults and short notes.3Use this example configuration as a starting point. It includes most keys Codex reads from `config.toml`, along with defaults and short notes.
6 4
7For explanations and guidance, see:5For explanations and guidance, see:
9- [Config basics](https://developers.openai.com/codex/config-basic)7- [Config basics](https://developers.openai.com/codex/config-basic)
10- [Advanced Config](https://developers.openai.com/codex/config-advanced)8- [Advanced Config](https://developers.openai.com/codex/config-advanced)
11- [Config Reference](https://developers.openai.com/codex/config-reference)9- [Config Reference](https://developers.openai.com/codex/config-reference)
10- [Sandbox and approvals](https://developers.openai.com/codex/security#sandbox-and-approvals)
11- [Managed configuration](https://developers.openai.com/codex/security#managed-configuration)
12 12
13Use the snippet below as a reference. Copy only the keys and sections you need into `~/.codex/config.toml` (or into a project-scoped `.codex/config.toml`), then adjust values for your setup.13Use the snippet below as a reference. Copy only the keys and sections you need into `~/.codex/config.toml` (or into a project-scoped `.codex/config.toml`), then adjust values for your setup.
14 14
49# model_context_window = 128000 # tokens; default: auto for model49# model_context_window = 128000 # tokens; default: auto for model
50# model_auto_compact_token_limit = 0 # tokens; unset uses model defaults50# model_auto_compact_token_limit = 0 # tokens; unset uses model defaults
51# tool_output_token_limit = 10000 # tokens stored per tool output; default: 10000 for gpt-5.2-codex51# tool_output_token_limit = 10000 # tokens stored per tool output; default: 10000 for gpt-5.2-codex
52# model_catalog_json = "/absolute/path/to/models.json" # optional startup-only model catalog override
53# background_terminal_max_timeout = 300000 # ms; max empty write_stdin poll window (default 5m)
52# log_dir = "/absolute/path/to/codex-logs" # directory for Codex logs; default: "$CODEX_HOME/log"54# log_dir = "/absolute/path/to/codex-logs" # directory for Codex logs; default: "$CODEX_HOME/log"
55# sqlite_home = "/absolute/path/to/codex-state" # optional SQLite-backed runtime state directory
53 56
54################################################################################57################################################################################
55# Reasoning & Verbosity (Responses API capable models)58# Reasoning & Verbosity (Responses API capable models)
107# - untrusted: only known-safe read-only commands auto-run; others prompt110# - untrusted: only known-safe read-only commands auto-run; others prompt
108# - on-request: model decides when to ask (default)111# - on-request: model decides when to ask (default)
109# - never: never prompt (risky)112# - never: never prompt (risky)
113# - { reject = { ... } }: auto-reject selected prompt categories
110approval_policy = "on-request"114approval_policy = "on-request"
115# Example granular auto-reject policy:
116# approval_policy = { reject = { sandbox_approval = true, rules = false, mcp_elicitations = false } }
117
118# Allow login-shell semantics for shell-based tools when they request `login = true`.
119# Default: true. Set false to force non-login shells and reject explicit login-shell requests.
120allow_login_shell = true
111 121
112# Filesystem/network sandbox policy for tool calls:122# Filesystem/network sandbox policy for tool calls:
113# - read-only (default)123# - read-only (default)
115# - danger-full-access (no sandbox; extremely risky)125# - danger-full-access (no sandbox; extremely risky)
116sandbox_mode = "read-only"126sandbox_mode = "read-only"
117 127
128[windows]
129# Native Windows sandbox mode (Windows only): unelevated | elevated
130sandbox = "unelevated"
131
118################################################################################132################################################################################
119# Authentication & Login133# Authentication & Login
120################################################################################134################################################################################
138# Optional fixed port for MCP OAuth callback: 1-65535. Default: unset.152# Optional fixed port for MCP OAuth callback: 1-65535. Default: unset.
139# mcp_oauth_callback_port = 4321153# mcp_oauth_callback_port = 4321
140 154
155# Optional redirect URI override for MCP OAuth login (for example, remote devbox ingress).
156# Custom callback paths are supported. `mcp_oauth_callback_port` still controls the listener port.
157# mcp_oauth_callback_url = "https://devbox.example.internal/callback"
158
141################################################################################159################################################################################
142# Project Documentation Controls160# Project Documentation Controls
143################################################################################161################################################################################
194# Active profile name. When unset, no profile is applied.212# Active profile name. When unset, no profile is applied.
195# profile = "default"213# profile = "default"
196 214
215################################################################################
216# Agents (multi-agent roles and limits)
217################################################################################
218
219# [agents]
220# Maximum concurrently open agent threads. Default: 6
221# max_threads = 6
222# Maximum nested spawn depth. Root session starts at depth 0. Default: 1
223# max_depth = 1
224# Default timeout per worker for spawn_agents_on_csv jobs. When unset, the tool defaults to 1800 seconds.
225# job_max_runtime_seconds = 1800
226
227# [agents.reviewer]
228# description = "Find security, correctness, and test risks in code."
229# config_file = "./agents/reviewer.toml" # relative to the config.toml that defines it
230
197################################################################################231################################################################################
198# Skills (per-skill overrides)232# Skills (per-skill overrides)
199################################################################################233################################################################################
200 234
201# Disable or re-enable a specific skill without deleting it.235# Disable or re-enable a specific skill without deleting it.
202[[skills.config]]236[[skills.config]]
203237# path = "/path/to/skill"# path = "/path/to/skill/SKILL.md"
204# enabled = false238# enabled = false
205 239
206################################################################################240################################################################################
276# Control alternate screen usage (auto skips it in Zellij to preserve scrollback).310# Control alternate screen usage (auto skips it in Zellij to preserve scrollback).
277# alternate_screen = "auto"311# alternate_screen = "auto"
278 312
279313# Ordered list of footer status-line item IDs. Default: null (disabled).# Ordered list of footer status-line item IDs. When unset, Codex uses:
314# ["model-with-reasoning", "context-remaining", "current-dir"].
315# Set to [] to hide the footer.
280# status_line = ["model", "context-remaining", "git-branch"]316# status_line = ["model", "context-remaining", "git-branch"]
281 317
318# Syntax-highlighting theme (kebab-case). Use /theme in the TUI to preview and save.
319# You can also add custom .tmTheme files under $CODEX_HOME/themes.
320# theme = "catppuccin-mocha"
321
282# Control whether users can submit feedback from `/feedback`. Default: true322# Control whether users can submit feedback from `/feedback`. Default: true
283[feedback]323[feedback]
284enabled = true324enabled = true
301 341
302[features]342[features]
303# Leave this table empty to accept defaults. Set explicit booleans to opt in/out.343# Leave this table empty to accept defaults. Set explicit booleans to opt in/out.
304344shell_tool = true# shell_tool = true
305# apps = false345# apps = false
306# apps_mcp_gateway = false346# apps_mcp_gateway = false
307# Deprecated legacy toggles; prefer the top-level `web_search` setting.
308# web_search = false
309# web_search_cached = false347# web_search_cached = false
310# web_search_request = false348# web_search_request = false
311349unified_exec = false# unified_exec = false
312350shell_snapshot = false# shell_snapshot = false
313351apply_patch_freeform = false# apply_patch_freeform = false
352# multi_agent = false
314# search_tool = false353# search_tool = false
315# personality = true354# personality = true
316355request_rule = true# request_rule = true
317356collaboration_modes = true# collaboration_modes = true
318357use_linux_sandbox_bwrap = false# use_linux_sandbox_bwrap = false
319358experimental_windows_sandbox = false# remote_models = false
320359elevated_windows_sandbox = false# runtime_metrics = false
321360remote_models = false# powershell_utf8 = true
322361runtime_metrics = false# child_agents_md = false
323powershell_utf8 = true
324child_agents_md = false
325 362
326################################################################################363################################################################################
327# Define MCP servers under this table. Leave empty to disable.364# Define MCP servers under this table. Leave empty to disable.
411# model_verbosity = "medium"448# model_verbosity = "medium"
412# personality = "friendly" # or "pragmatic" or "none"449# personality = "friendly" # or "pragmatic" or "none"
413# chatgpt_base_url = "https://chatgpt.com/backend-api/"450# chatgpt_base_url = "https://chatgpt.com/backend-api/"
451# model_catalog_json = "./models.json"
414# experimental_compact_prompt_file = "./compact_prompt.txt"452# experimental_compact_prompt_file = "./compact_prompt.txt"
415# include_apply_patch_tool = false453# include_apply_patch_tool = false
416# experimental_use_unified_exec_tool = false454# experimental_use_unified_exec_tool = false
424 462
425# Optional per-app controls.463# Optional per-app controls.
426[apps]464[apps]
465# [_default] applies to all apps unless overridden per app.
466# [apps._default]
467# enabled = true
468# destructive_enabled = true
469# open_world_enabled = true
470#
427# [apps.google_drive]471# [apps.google_drive]
428# enabled = false472# enabled = false
429473# disabled_reason = "user" # or "unknown"# destructive_enabled = false # block destructive-hint tools for this app
474# default_tools_enabled = true
475# default_tools_approval_mode = "prompt" # auto | prompt | approve
476#
477# [apps.google_drive.tools."files/delete"]
478# enabled = false
479# approval_mode = "approve"
430 480
431################################################################################481################################################################################
432# Projects (trust levels)482# Projects (trust levels)
477# client-certificate = "/etc/codex/certs/client.pem"527# client-certificate = "/etc/codex/certs/client.pem"
478# client-private-key = "/etc/codex/certs/client-key.pem"528# client-private-key = "/etc/codex/certs/client-key.pem"
479```529```
530
531################################################################################
532
533# Windows
534
535################################################################################
536
537[windows]
538
539# Native Windows sandbox mode (Windows only): unelevated | elevated
540
541sandbox = "unelevated"