config-sample.md +257 −131
7- [Config basics](https://developers.openai.com/codex/config-basic)7- [Config basics](https://developers.openai.com/codex/config-basic)
8- [Advanced Config](https://developers.openai.com/codex/config-advanced)8- [Advanced Config](https://developers.openai.com/codex/config-advanced)
9- [Config Reference](https://developers.openai.com/codex/config-reference)9- [Config Reference](https://developers.openai.com/codex/config-reference)
1010- [Sandbox and approvals](https://developers.openai.com/codex/security#sandbox-and-approvals)- [Sandbox and approvals](https://developers.openai.com/codex/agent-approvals-security#sandbox-and-approvals)
1111- [Managed configuration](https://developers.openai.com/codex/security#managed-configuration)- [Managed configuration](https://developers.openai.com/codex/enterprise/managed-configuration)
12 12
13Use the snippet below as a reference. Copy only the keys and sections you need into `~/.codex/config.toml` (or into a project-scoped `.codex/config.toml`), then adjust values for your setup.13Use the snippet below as a reference. Copy only the keys and sections you need into `~/.codex/config.toml` (or into a project-scoped `.codex/config.toml`), then adjust values for your setup.
14 14
15```toml15```toml
16# Codex example configuration (config.toml)16# Codex example configuration (config.toml)
17#17#
1818# This file lists all keys Codex reads from config.toml, along with default# This file lists the main keys Codex reads from config.toml, along with default
19# behaviors, recommended examples, and concise explanations. Adjust as needed.19# behaviors, recommended examples, and concise explanations. Adjust as needed.
20#20#
21# Notes21# Notes
27# Core Model Selection27# Core Model Selection
28################################################################################28################################################################################
29 29
3030# Primary model used by Codex. Recommended example for most users: "gpt-5.4".# Primary model used by Codex. Recommended example for most users: "gpt-5.5".
3131model = "gpt-5.4"model = "gpt-5.5"
32 32
3333# Default communication style for supported models. Default: "friendly".# Communication style for supported models. Allowed values: none | friendly | pragmatic
3434# Allowed values: none | friendly | pragmatic# personality = "pragmatic"
35# personality = "friendly"
36 35
37# Optional model override for /review. Default: unset (uses current session model).36# Optional model override for /review. Default: unset (uses current session model).
3837# review_model = "gpt-5.4"# review_model = "gpt-5.5"
39 38
40# Provider id selected from [model_providers]. Default: "openai".39# Provider id selected from [model_providers]. Default: "openai".
41model_provider = "openai"40model_provider = "openai"
43# Default OSS provider for --oss sessions. When unset, Codex prompts. Default: unset.42# Default OSS provider for --oss sessions. When unset, Codex prompts. Default: unset.
44# oss_provider = "ollama"43# oss_provider = "ollama"
45 44
4645# Optional manual model metadata. When unset, Codex auto-detects from model.# Preferred service tier. Built-in examples: fast | flex; model catalogs can add more.
4746# Uncomment to force values.# service_tier = "flex"
47
48# Optional manual model metadata. When unset, Codex uses model or preset defaults.
48# model_context_window = 128000 # tokens; default: auto for model49# model_context_window = 128000 # tokens; default: auto for model
4950# model_auto_compact_token_limit = 0 # tokens; unset uses model defaults# model_auto_compact_token_limit = 64000 # tokens; unset uses model defaults
5051# tool_output_token_limit = 10000 # tokens stored per tool output# tool_output_token_limit = 12000 # tokens stored per tool output
51# model_catalog_json = "/absolute/path/to/models.json" # optional startup-only model catalog override52# model_catalog_json = "/absolute/path/to/models.json" # optional startup-only model catalog override
52# background_terminal_max_timeout = 300000 # ms; max empty write_stdin poll window (default 5m)53# background_terminal_max_timeout = 300000 # ms; max empty write_stdin poll window (default 5m)
53# log_dir = "/absolute/path/to/codex-logs" # directory for Codex logs; default: "$CODEX_HOME/log"54# log_dir = "/absolute/path/to/codex-logs" # directory for Codex logs; default: "$CODEX_HOME/log"
57# Reasoning & Verbosity (Responses API capable models)58# Reasoning & Verbosity (Responses API capable models)
58################################################################################59################################################################################
59 60
6061# Reasoning effort: minimal | low | medium | high | xhigh (default: medium; `xhigh` availability is model-dependent)# Reasoning effort: minimal | low | medium | high | xhigh
6162model_reasoning_effort = "medium"# model_reasoning_effort = "medium"
63
64# Optional override used when Codex runs in plan mode: none | minimal | low | medium | high | xhigh
65# plan_mode_reasoning_effort = "high"
62 66
6367# Reasoning summary: auto | concise | detailed | none (default: auto)# Reasoning summary: auto | concise | detailed | none
64# model_reasoning_summary = "auto"68# model_reasoning_summary = "auto"
65 69
6670# Text verbosity for GPT-5 family (Responses API): low | medium | high (default: medium)# Text verbosity for GPT-5 family (Responses API): low | medium | high
67# model_verbosity = "medium"71# model_verbosity = "medium"
68 72
6973# Force enable or disable reasoning summaries for current model# Force enable or disable reasoning summaries for current model.
70# model_supports_reasoning_summaries = true74# model_supports_reasoning_summaries = true
71 75
72################################################################################76################################################################################
76# Additional user instructions are injected before AGENTS.md. Default: unset.80# Additional user instructions are injected before AGENTS.md. Default: unset.
77# developer_instructions = ""81# developer_instructions = ""
78 82
79# (Ignored) Optional legacy base instructions override (prefer AGENTS.md). Default: unset.
80# instructions = ""
81
82# Inline override for the history compaction prompt. Default: unset.83# Inline override for the history compaction prompt. Default: unset.
83# compact_prompt = ""84# compact_prompt = ""
84 85
86# Override the default commit co-author trailer. This only takes effect when
87# [features].codex_git_commit is enabled. When enabled and unset, Codex uses
88# "Codex <noreply@openai.com>". Set to "" to disable it.
89# commit_attribution = "Jane Doe <jane@example.com>"
90
85# Override built-in base instructions with a file path. Default: unset.91# Override built-in base instructions with a file path. Default: unset.
86# model_instructions_file = "/absolute/or/relative/path/to/instructions.txt"92# model_instructions_file = "/absolute/or/relative/path/to/instructions.txt"
87 93
88# Migration note: experimental_instructions_file was renamed to model_instructions_file (deprecated).
89
90# Load the compact prompt override from a file. Default: unset.94# Load the compact prompt override from a file. Default: unset.
91# experimental_compact_prompt_file = "/absolute/or/relative/path/to/compact_prompt.txt"95# experimental_compact_prompt_file = "/absolute/or/relative/path/to/compact_prompt.txt"
92 96
93# Legacy name for apply_patch_freeform. Default: false
94include_apply_patch_tool = false
95
96################################################################################97################################################################################
97# Notifications98# Notifications
98################################################################################99################################################################################
99 100
100# External notifier program (argv array). When unset: disabled.101# External notifier program (argv array). When unset: disabled.
101102# Example: notify = ["notify-send", "Codex"]# notify = ["notify-send", "Codex"]
102notify = [ ]
103 103
104################################################################################104################################################################################
105# Approval & Sandbox105# Approval & Sandbox
109# - untrusted: only known-safe read-only commands auto-run; others prompt109# - untrusted: only known-safe read-only commands auto-run; others prompt
110# - on-request: model decides when to ask (default)110# - on-request: model decides when to ask (default)
111# - never: never prompt (risky)111# - never: never prompt (risky)
112112# - { reject = { ... } }: auto-reject selected prompt categories# - { granular = { ... } }: allow or auto-reject selected prompt categories
113approval_policy = "on-request"113approval_policy = "on-request"
114114# Example granular auto-reject policy:# Who reviews eligible approval prompts: user (default) | auto_review
115115# approval_policy = { reject = { sandbox_approval = true, rules = false, mcp_elicitations = false } }# approvals_reviewer = "user"
116
117# Example granular policy:
118# approval_policy = { granular = {
119# sandbox_approval = true,
120# rules = true,
121# mcp_elicitations = true,
122# request_permissions = false,
123# skill_approval = false
124# } }
116 125
117# Allow login-shell semantics for shell-based tools when they request `login = true`.126# Allow login-shell semantics for shell-based tools when they request `login = true`.
118# Default: true. Set false to force non-login shells and reject explicit login-shell requests.127# Default: true. Set false to force non-login shells and reject explicit login-shell requests.
123# - workspace-write132# - workspace-write
124# - danger-full-access (no sandbox; extremely risky)133# - danger-full-access (no sandbox; extremely risky)
125sandbox_mode = "read-only"134sandbox_mode = "read-only"
135# Named permissions profile to apply by default. Built-ins:
136# :read-only | :workspace | :danger-no-sandbox
137# Use a custom name such as "workspace" only when you also define [permissions.workspace].
138# default_permissions = ":workspace"
126 139
127140[windows]# Example filesystem profile. Use `"none"` to deny reads for exact paths or
128141# Native Windows sandbox mode (Windows only): unelevated | elevated# glob patterns. On platforms that need pre-expanded glob matches, set
129142sandbox = "unelevated"# glob_scan_max_depth when using unbounded patterns such as `**`.
143# [permissions.workspace.filesystem]
144# glob_scan_max_depth = 3
145# ":project_roots" = { "." = "write", "**/*.env" = "none" }
146# "/absolute/path/to/secrets" = "none"
130 147
131################################################################################148################################################################################
132# Authentication & Login149# Authentication & Login
135# Where to persist CLI login credentials: file (default) | keyring | auto152# Where to persist CLI login credentials: file (default) | keyring | auto
136cli_auth_credentials_store = "file"153cli_auth_credentials_store = "file"
137 154
138155# Base URL for ChatGPT auth flow (not OpenAI API). Default:# Base URL for ChatGPT auth flow (not OpenAI API).
139chatgpt_base_url = "https://chatgpt.com/backend-api/"156chatgpt_base_url = "https://chatgpt.com/backend-api/"
140 157
158# Optional base URL override for the built-in OpenAI provider.
159# openai_base_url = "https://us.api.openai.com/v1"
160
141# Restrict ChatGPT login to a specific workspace id. Default: unset.161# Restrict ChatGPT login to a specific workspace id. Default: unset.
142162# forced_chatgpt_workspace_id = ""# forced_chatgpt_workspace_id = "00000000-0000-0000-0000-000000000000"
143 163
144# Force login mechanism when Codex would normally auto-select. Default: unset.164# Force login mechanism when Codex would normally auto-select. Default: unset.
145# Allowed values: chatgpt | api165# Allowed values: chatgpt | api
204# If you use --yolo or another full access sandbox setting, web search defaults to live.222# If you use --yolo or another full access sandbox setting, web search defaults to live.
205web_search = "cached"223web_search = "cached"
206 224
207################################################################################
208# Profiles (named presets)
209################################################################################
210
211# Active profile name. When unset, no profile is applied.225# Active profile name. When unset, no profile is applied.
212# profile = "default"226# profile = "default"
213 227
228# Suppress the warning shown when under-development feature flags are enabled.
229# suppress_unstable_features_warning = true
230
214################################################################################231################################################################################
215# Agents (multi-agent roles and limits)232# Agents (multi-agent roles and limits)
216################################################################################233################################################################################
217 234
218235# [agents][agents]
219# Maximum concurrently open agent threads. Default: 6236# Maximum concurrently open agent threads. Default: 6
220# max_threads = 6237# max_threads = 6
221# Maximum nested spawn depth. Root session starts at depth 0. Default: 1238# Maximum nested spawn depth. Root session starts at depth 0. Default: 1
224# job_max_runtime_seconds = 1800241# job_max_runtime_seconds = 1800
225 242
226# [agents.reviewer]243# [agents.reviewer]
227244# description = "Find security, correctness, and test risks in code."# description = "Find correctness, security, and test risks in code."
228# config_file = "./agents/reviewer.toml" # relative to the config.toml that defines it245# config_file = "./agents/reviewer.toml" # relative to the config.toml that defines it
246# nickname_candidates = ["Athena", "Ada"]
229 247
230################################################################################248################################################################################
231# Skills (per-skill overrides)249# Skills (per-skill overrides)
236# path = "/path/to/skill/SKILL.md"254# path = "/path/to/skill/SKILL.md"
237# enabled = false255# enabled = false
238 256
239################################################################################
240# Experimental toggles (legacy; prefer [features])
241################################################################################
242
243experimental_use_unified_exec_tool = false
244
245# Include apply_patch via freeform editing path (affects default tool set). Default: false
246experimental_use_freeform_apply_patch = false
247
248################################################################################257################################################################################
249# Sandbox settings (tables)258# Sandbox settings (tables)
250################################################################################259################################################################################
267[shell_environment_policy]276[shell_environment_policy]
268# inherit: all (default) | core | none277# inherit: all (default) | core | none
269inherit = "all"278inherit = "all"
270279# Skip default excludes for names containing KEY/SECRET/TOKEN (case-insensitive). Default: true# Skip default excludes for names containing KEY/SECRET/TOKEN (case-insensitive). Default: false
271280ignore_default_excludes = trueignore_default_excludes = false
272# Case-insensitive glob patterns to remove (e.g., "AWS_*", "AZURE_*"). Default: []281# Case-insensitive glob patterns to remove (e.g., "AWS_*", "AZURE_*"). Default: []
273exclude = []282exclude = []
274# Explicit key/value overrides (always win). Default: {}283# Explicit key/value overrides (always win). Default: {}
278# Experimental: run via user shell profile. Default: false287# Experimental: run via user shell profile. Default: false
279experimental_use_profile = false288experimental_use_profile = false
280 289
290################################################################################
291# Sandboxed networking settings
292################################################################################
293
294# Enable the feature before configuring sandboxed networking rules.
295# [features.network_proxy]
296# enabled = true
297# domains = { "api.openai.com" = "allow", "example.com" = "deny" }
298#
299# Exact hosts match only themselves.
300# "*.example.com" matches subdomains only; "**.example.com" matches the apex plus subdomains.
301# "*" allows any public host that is not denied, so prefer scoped rules when possible.
302# `allow_local_binding = false` blocks loopback and private destinations by default.
303# Add an exact local IP literal or `localhost` allow rule for one target, or set it to true only when broader local access is required.
304#
305# Set `default_permissions = "workspace"` before enabling this profile.
306# [permissions.workspace.network]
307# enabled = true
308# proxy_url = "http://127.0.0.1:43128"
309# admin_url = "http://127.0.0.1:43129"
310# enable_socks5 = false
311# socks_url = "http://127.0.0.1:43130"
312# enable_socks5_udp = false
313# allow_upstream_proxy = false
314# dangerously_allow_non_loopback_proxy = false
315# dangerously_allow_non_loopback_admin = false
316# dangerously_allow_all_unix_sockets = false
317# allow_local_binding = false
318#
319# [permissions.workspace.network.domains]
320# "api.openai.com" = "allow"
321# "example.com" = "deny"
322#
323# [permissions.workspace.network.unix_sockets]
324# "/var/run/docker.sock" = "allow"
325
281################################################################################326################################################################################
282# History (table)327# History (table)
283################################################################################328################################################################################
286# save-all (default) | none331# save-all (default) | none
287persistence = "save-all"332persistence = "save-all"
288# Maximum bytes for history file; oldest entries are trimmed when exceeded. Example: 5242880333# Maximum bytes for history file; oldest entries are trimmed when exceeded. Example: 5242880
289334# max_bytes = 0# max_bytes = 5242880
290 335
291################################################################################336################################################################################
292# UI, Notifications, and Misc (tables)337# UI, Notifications, and Misc (tables)
300# Notification mechanism for terminal alerts: auto | osc9 | bel. Default: "auto"345# Notification mechanism for terminal alerts: auto | osc9 | bel. Default: "auto"
301# notification_method = "auto"346# notification_method = "auto"
302 347
348# When notifications fire: unfocused (default) | always
349# notification_condition = "unfocused"
350
303# Enables welcome/status/spinner animations. Default: true351# Enables welcome/status/spinner animations. Default: true
304animations = true352animations = true
305 353
314# Set to [] to hide the footer.362# Set to [] to hide the footer.
315# status_line = ["model", "context-remaining", "git-branch"]363# status_line = ["model", "context-remaining", "git-branch"]
316 364
365# Ordered list of terminal window/tab title item IDs. When unset, Codex uses:
366# ["spinner", "project"]. Set to [] to clear the title.
367# Available IDs include app-name, project, spinner, status, thread, git-branch, model,
368# and task-progress.
369# terminal_title = ["spinner", "project"]
370
317# Syntax-highlighting theme (kebab-case). Use /theme in the TUI to preview and save.371# Syntax-highlighting theme (kebab-case). Use /theme in the TUI to preview and save.
318# You can also add custom .tmTheme files under $CODEX_HOME/themes.372# You can also add custom .tmTheme files under $CODEX_HOME/themes.
319# theme = "catppuccin-mocha"373# theme = "catppuccin-mocha"
320 374
375# Custom key bindings. Context-specific bindings override [tui.keymap.global].
376# Use [] to unbind an action.
377# [tui.keymap.global]
378# open_transcript = "ctrl-t"
379# open_external_editor = []
380#
381# [tui.keymap.composer]
382# submit = ["enter", "ctrl-m"]
383
384# Internal tooltip state keyed by model slug. Usually managed by Codex.
385# [tui.model_availability_nux]
386# "gpt-5.4" = 1
387
388# Enable or disable analytics for this machine. When unset, Codex uses its default behavior.
389[analytics]
390enabled = true
391
321# Control whether users can submit feedback from `/feedback`. Default: true392# Control whether users can submit feedback from `/feedback`. Default: true
322[feedback]393[feedback]
323enabled = true394enabled = true
329# hide_rate_limit_model_nudge = true400# hide_rate_limit_model_nudge = true
330# hide_gpt5_1_migration_prompt = true401# hide_gpt5_1_migration_prompt = true
331# "hide_gpt-5.1-codex-max_migration_prompt" = true402# "hide_gpt-5.1-codex-max_migration_prompt" = true
332403# model_migrations = { "gpt-4.1" = "gpt-5.1" }# model_migrations = { "gpt-5.3-codex" = "gpt-5.4" }
333
334# Suppress the warning shown when under-development feature flags are enabled.
335# suppress_unstable_features_warning = true
336 404
337################################################################################405################################################################################
338# Centralized Feature Flags (preferred)406# Centralized Feature Flags (preferred)
342# Leave this table empty to accept defaults. Set explicit booleans to opt in/out.410# Leave this table empty to accept defaults. Set explicit booleans to opt in/out.
343# shell_tool = true411# shell_tool = true
344# apps = false412# apps = false
345413# apps_mcp_gateway = false# hooks = false
346414# web_search_cached = false# plugin_hooks = false # Default off; set true to opt into plugin-bundled hooks.
347415# web_search_request = false# codex_git_commit = false
348416# unified_exec = false# unified_exec = true
349417# shell_snapshot = false# shell_snapshot = true
350418# apply_patch_freeform = false# multi_agent = true
351# multi_agent = false
352# search_tool = false
353# personality = true419# personality = true
354420# request_rule = true# network_proxy = false
355421# collaboration_modes = true# fast_mode = true
356422# use_linux_sandbox_bwrap = false# enable_request_compression = true
357423# remote_models = false# skill_mcp_dependency_install = true
358424# runtime_metrics = false# prevent_idle_sleep = false
359425# powershell_utf8 = true
360426# child_agents_md = false################################################################################
427# Memories (table)
428################################################################################
429
430# Enable memories with [features].memories, then tune memory behavior here.
431# [memories]
432# generate_memories = true
433# use_memories = true
434# disable_on_external_context = false # legacy alias: no_memories_if_mcp_or_web_search
435
436################################################################################
437# Lifecycle hooks can be configured here inline or in a sibling hooks.json.
438################################################################################
439
440# [hooks]
441# [[hooks.PreToolUse]]
442# matcher = "^Bash$"
443#
444# [[hooks.PreToolUse.hooks]]
445# type = "command"
446# command = 'python3 "/absolute/path/to/pre_tool_use_policy.py"'
447# timeout = 30
448# statusMessage = "Checking Bash command"
361 449
362################################################################################450################################################################################
363# Define MCP servers under this table. Leave empty to disable.451# Define MCP servers under this table. Leave empty to disable.
372# command = "docs-server" # required460# command = "docs-server" # required
373# args = ["--port", "4000"] # optional461# args = ["--port", "4000"] # optional
374# env = { "API_KEY" = "value" } # optional key/value pairs copied as-is462# env = { "API_KEY" = "value" } # optional key/value pairs copied as-is
375463# env_vars = ["ANOTHER_SECRET"] # optional: forward these from the parent env# env_vars = ["ANOTHER_SECRET"] # optional: forward local parent env vars
464# env_vars = ["LOCAL_TOKEN", { name = "REMOTE_TOKEN", source = "remote" }]
376# cwd = "/path/to/server" # optional working directory override465# cwd = "/path/to/server" # optional working directory override
466# experimental_environment = "remote" # experimental: run stdio via a remote executor
377# startup_timeout_sec = 10.0 # optional; default 10.0 seconds467# startup_timeout_sec = 10.0 # optional; default 10.0 seconds
378# # startup_timeout_ms = 10000 # optional alias for startup timeout (milliseconds)468# # startup_timeout_ms = 10000 # optional alias for startup timeout (milliseconds)
379# tool_timeout_sec = 60.0 # optional; default 60.0 seconds469# tool_timeout_sec = 60.0 # optional; default 60.0 seconds
380# enabled_tools = ["search", "summarize"] # optional allow-list470# enabled_tools = ["search", "summarize"] # optional allow-list
381# disabled_tools = ["slow-tool"] # optional deny-list (applied after allow-list)471# disabled_tools = ["slow-tool"] # optional deny-list (applied after allow-list)
472# scopes = ["read:docs"] # optional OAuth scopes
473# oauth_resource = "https://docs.example.com/" # optional OAuth resource
382 474
383# --- Example: Streamable HTTP transport ---475# --- Example: Streamable HTTP transport ---
384# [mcp_servers.github]476# [mcp_servers.github]
391# startup_timeout_sec = 10.0 # optional483# startup_timeout_sec = 10.0 # optional
392# tool_timeout_sec = 60.0 # optional484# tool_timeout_sec = 60.0 # optional
393# enabled_tools = ["list_issues"] # optional allow-list485# enabled_tools = ["list_issues"] # optional allow-list
486# disabled_tools = ["delete_issue"] # optional deny-list
487# scopes = ["repo"] # optional OAuth scopes
394 488
395################################################################################489################################################################################
396# Model Providers490# Model Providers
397################################################################################491################################################################################
398 492
399# Built-ins include:493# Built-ins include:
400494# - openai (Responses API; requires login or OPENAI_API_KEY via auth flow)# - openai
401495# - oss (Chat Completions API; defaults to http://localhost:11434/v1)# - ollama
496# - lmstudio
497# - amazon-bedrock
498# These IDs are reserved. Use a different ID for custom providers.
402 499
403[model_providers]500[model_providers]
404 501
502# --- Example: built-in Amazon Bedrock provider options ---
503# model_provider = "amazon-bedrock"
504# model = "<bedrock-model-id>"
505# [model_providers.amazon-bedrock.aws]
506# profile = "default"
507# region = "eu-central-1"
508
405# --- Example: OpenAI data residency with explicit base URL or headers ---509# --- Example: OpenAI data residency with explicit base URL or headers ---
406# [model_providers.openaidr]510# [model_providers.openaidr]
407# name = "OpenAI Data Residency"511# name = "OpenAI Data Residency"
408# base_url = "https://us.api.openai.com/v1" # example with 'us' domain prefix512# base_url = "https://us.api.openai.com/v1" # example with 'us' domain prefix
409513# wire_api = "responses" # "responses" | "chat" (default varies)# wire_api = "responses" # only supported value
410514# # requires_openai_auth = true # built-in OpenAI defaults to true# # requires_openai_auth = true # use only for providers backed by OpenAI auth
411# # request_max_retries = 4 # default 4; max 100515# # request_max_retries = 4 # default 4; max 100
412# # stream_max_retries = 5 # default 5; max 100516# # stream_max_retries = 5 # default 5; max 100
413# # stream_idle_timeout_ms = 300000 # default 300_000 (5m)517# # stream_idle_timeout_ms = 300000 # default 300_000 (5m)
518# # supports_websockets = true # optional
414# # experimental_bearer_token = "sk-example" # optional dev-only direct bearer token519# # experimental_bearer_token = "sk-example" # optional dev-only direct bearer token
415# # http_headers = { "X-Example" = "value" }520# # http_headers = { "X-Example" = "value" }
416# # env_http_headers = { "OpenAI-Organization" = "OPENAI_ORGANIZATION", "OpenAI-Project" = "OPENAI_PROJECT" }521# # env_http_headers = { "OpenAI-Organization" = "OPENAI_ORGANIZATION", "OpenAI-Project" = "OPENAI_PROJECT" }
417 522
418523# --- Example: Azure (Chat/Responses depending on endpoint) ---# --- Example: Azure/OpenAI-compatible provider ---
419# [model_providers.azure]524# [model_providers.azure]
420# name = "Azure"525# name = "Azure"
421# base_url = "https://YOUR_PROJECT_NAME.openai.azure.com/openai"526# base_url = "https://YOUR_PROJECT_NAME.openai.azure.com/openai"
422527# wire_api = "responses" # or "chat" per endpoint# wire_api = "responses"
423# query_params = { api-version = "2025-04-01-preview" }528# query_params = { api-version = "2025-04-01-preview" }
424# env_key = "AZURE_OPENAI_API_KEY"529# env_key = "AZURE_OPENAI_API_KEY"
425530# # env_key_instructions = "Set AZURE_OPENAI_API_KEY in your environment"# env_key_instructions = "Set AZURE_OPENAI_API_KEY in your environment"
531# # supports_websockets = false
532
533# --- Example: command-backed bearer token auth ---
534# [model_providers.proxy]
535# name = "OpenAI using LLM proxy"
536# base_url = "https://proxy.example.com/v1"
537# wire_api = "responses"
538#
539# [model_providers.proxy.auth]
540# command = "/usr/local/bin/fetch-codex-token"
541# args = ["--audience", "codex"]
542# timeout_ms = 5000
543# refresh_interval_ms = 300000
426 544
427# --- Example: Local OSS (e.g., Ollama-compatible) ---545# --- Example: Local OSS (e.g., Ollama-compatible) ---
428546# [model_providers.ollama]# [model_providers.local_ollama]
429# name = "Ollama"547# name = "Ollama"
430# base_url = "http://localhost:11434/v1"548# base_url = "http://localhost:11434/v1"
431549# wire_api = "chat"# wire_api = "responses"
432
433################################################################################
434# Profiles (named presets)
435################################################################################
436
437[profiles]
438
439# [profiles.default]
440# model = "gpt-5.4"
441# model_provider = "openai"
442# approval_policy = "on-request"
443# sandbox_mode = "read-only"
444# oss_provider = "ollama"
445# model_reasoning_effort = "medium"
446# model_reasoning_summary = "auto"
447# model_verbosity = "medium"
448# personality = "friendly" # or "pragmatic" or "none"
449# chatgpt_base_url = "https://chatgpt.com/backend-api/"
450# model_catalog_json = "./models.json"
451# experimental_compact_prompt_file = "./compact_prompt.txt"
452# include_apply_patch_tool = false
453# experimental_use_unified_exec_tool = false
454# experimental_use_freeform_apply_patch = false
455# tools.web_search = false # deprecated legacy alias; prefer top-level `web_search`
456# features = { unified_exec = false }
457 550
458################################################################################551################################################################################
459# Apps / Connectors552# Apps / Connectors
477# enabled = false570# enabled = false
478# approval_mode = "approve"571# approval_mode = "approve"
479 572
573# Optional tool suggestion allowlist for connectors or plugins Codex can offer to install.
574# [tool_suggest]
575# discoverables = [
576# { type = "connector", id = "gmail" },
577# { type = "plugin", id = "figma@openai-curated" },
578# ]
579# disabled_tools = [
580# { type = "plugin", id = "slack@openai-curated" },
581# { type = "connector", id = "connector_googlecalendar" },
582# ]
583
584################################################################################
585# Profiles (named presets)
586################################################################################
587
588[profiles]
589
590# [profiles.default]
591# model = "gpt-5.4"
592# model_provider = "openai"
593# approval_policy = "on-request"
594# sandbox_mode = "read-only"
595# service_tier = "flex" # or another supported service tier id
596# oss_provider = "ollama"
597# model_reasoning_effort = "medium"
598# plan_mode_reasoning_effort = "high"
599# model_reasoning_summary = "auto"
600# model_verbosity = "medium"
601# personality = "pragmatic" # or "friendly" or "none"
602# chatgpt_base_url = "https://chatgpt.com/backend-api/"
603# model_catalog_json = "./models.json"
604# model_instructions_file = "/absolute/or/relative/path/to/instructions.txt"
605# experimental_compact_prompt_file = "./compact_prompt.txt"
606# tools_view_image = true
607# features = { unified_exec = false }
608
480################################################################################609################################################################################
481# Projects (trust levels)610# Projects (trust levels)
482################################################################################611################################################################################
483 612
484# Mark specific worktrees as trusted or untrusted.
485[projects]613[projects]
614# Mark specific worktrees as trusted or untrusted.
486# [projects."/absolute/path/to/project"]615# [projects."/absolute/path/to/project"]
487# trust_level = "trusted" # or "untrusted"616# trust_level = "trusted" # or "untrusted"
488 617
618################################################################################
619# Tools
620################################################################################
621
622[tools]
623# view_image = true
624
489################################################################################625################################################################################
490# OpenTelemetry (OTEL) - disabled by default626# OpenTelemetry (OTEL) - disabled by default
491################################################################################627################################################################################
499exporter = "none"635exporter = "none"
500# Trace exporter: none (default) | otlp-http | otlp-grpc636# Trace exporter: none (default) | otlp-http | otlp-grpc
501trace_exporter = "none"637trace_exporter = "none"
638# Metrics exporter: none | statsig | otlp-http | otlp-grpc
639metrics_exporter = "statsig"
502 640
503# Example OTLP/HTTP exporter configuration641# Example OTLP/HTTP exporter configuration
504# [otel.exporter."otlp-http"]642# [otel.exporter."otlp-http"]
508# [otel.exporter."otlp-http".headers]646# [otel.exporter."otlp-http".headers]
509# "x-otlp-api-key" = "${OTLP_TOKEN}"647# "x-otlp-api-key" = "${OTLP_TOKEN}"
510 648
511# Example OTLP/gRPC exporter configuration
512# [otel.exporter."otlp-grpc"]
513# endpoint = "https://otel.example.com:4317",
514# headers = { "x-otlp-meta" = "abc123" }
515
516# Example OTLP exporter with mutual TLS
517# [otel.exporter."otlp-http"]
518# endpoint = "https://otel.example.com/v1/logs"
519# protocol = "binary"
520
521# [otel.exporter."otlp-http".headers]
522# "x-otlp-api-key" = "${OTLP_TOKEN}"
523
524# [otel.exporter."otlp-http".tls]649# [otel.exporter."otlp-http".tls]
525# ca-certificate = "certs/otel-ca.pem"650# ca-certificate = "certs/otel-ca.pem"
526# client-certificate = "/etc/codex/certs/client.pem"651# client-certificate = "/etc/codex/certs/client.pem"
527# client-private-key = "/etc/codex/certs/client-key.pem"652# client-private-key = "/etc/codex/certs/client-key.pem"
528```
529 653
530654################################################################################# Example OTLP/gRPC trace exporter configuration
655# [otel.trace_exporter."otlp-grpc"]
656# endpoint = "https://otel.example.com:4317"
657# headers = { "x-otlp-meta" = "abc123" }
531 658
659################################################################################
532# Windows660# Windows
533
534################################################################################661################################################################################
535 662
536[windows]663[windows]
537664 # Native Windows sandbox mode (Windows only): unelevated | elevated
538665# Native Windows sandbox mode (Windows only). The example below uses thesandbox = "unelevated"
539666 ```
540# recommended elevated mode.
541
542sandbox = “elevated”