config-sample.md +129 −19
27# Core Model Selection27# Core Model Selection
28################################################################################28################################################################################
29 29
3030# Primary model used by Codex. Recommended example for most users: "gpt-5.4".# Primary model used by Codex. Recommended example for most users: "gpt-5.5".
3131model = "gpt-5.4"model = "gpt-5.5"
32 32
33# Communication style for supported models. Allowed values: none | friendly | pragmatic33# Communication style for supported models. Allowed values: none | friendly | pragmatic
34# personality = "pragmatic"34# personality = "pragmatic"
35 35
36# Optional model override for /review. Default: unset (uses current session model).36# Optional model override for /review. Default: unset (uses current session model).
3737# review_model = "gpt-5.4"# review_model = "gpt-5.5"
38 38
39# Provider id selected from [model_providers]. Default: "openai".39# Provider id selected from [model_providers]. Default: "openai".
40model_provider = "openai"40model_provider = "openai"
42# Default OSS provider for --oss sessions. When unset, Codex prompts. Default: unset.42# Default OSS provider for --oss sessions. When unset, Codex prompts. Default: unset.
43# oss_provider = "ollama"43# oss_provider = "ollama"
44 44
4545# Preferred service tier. `fast` is honored only when enabled in [features].# Preferred service tier. Built-in examples: fast | flex; model catalogs can add more.
4646# service_tier = "flex" # fast | flex# service_tier = "flex"
47 47
48# Optional manual model metadata. When unset, Codex uses model or preset defaults.48# Optional manual model metadata. When unset, Codex uses model or preset defaults.
49# model_context_window = 128000 # tokens; default: auto for model49# model_context_window = 128000 # tokens; default: auto for model
83# Inline override for the history compaction prompt. Default: unset.83# Inline override for the history compaction prompt. Default: unset.
84# compact_prompt = ""84# compact_prompt = ""
85 85
8686# Override the default commit co-author trailer. Set to "" to disable it.# Override the default commit co-author trailer. This only takes effect when
87# [features].codex_git_commit is enabled. When enabled and unset, Codex uses
88# "Codex <noreply@openai.com>". Set to "" to disable it.
87# commit_attribution = "Jane Doe <jane@example.com>"89# commit_attribution = "Jane Doe <jane@example.com>"
88 90
89# Override built-in base instructions with a file path. Default: unset.91# Override built-in base instructions with a file path. Default: unset.
109# - never: never prompt (risky)111# - never: never prompt (risky)
110# - { granular = { ... } }: allow or auto-reject selected prompt categories112# - { granular = { ... } }: allow or auto-reject selected prompt categories
111approval_policy = "on-request"113approval_policy = "on-request"
114# Who reviews eligible approval prompts: user (default) | auto_review
115# approvals_reviewer = "user"
116
112# Example granular policy:117# Example granular policy:
113# approval_policy = { granular = {118# approval_policy = { granular = {
114# sandbox_approval = true,119# sandbox_approval = true,
127# - workspace-write132# - workspace-write
128# - danger-full-access (no sandbox; extremely risky)133# - danger-full-access (no sandbox; extremely risky)
129sandbox_mode = "read-only"134sandbox_mode = "read-only"
135# Named permissions profile to apply by default. Built-ins:
136# :read-only | :workspace | :danger-no-sandbox
137# Use a custom name such as "workspace" only when you also define [permissions.workspace].
138# default_permissions = ":workspace"
139
140# Example filesystem profile. Use `"none"` to deny reads for exact paths or
141# glob patterns. On platforms that need pre-expanded glob matches, set
142# glob_scan_max_depth when using unbounded patterns such as `**`.
143# [permissions.workspace.filesystem]
144# glob_scan_max_depth = 3
145# ":project_roots" = { "." = "write", "**/*.env" = "none" }
146# "/absolute/path/to/secrets" = "none"
130 147
131################################################################################148################################################################################
132# Authentication & Login149# Authentication & Login
271experimental_use_profile = false288experimental_use_profile = false
272 289
273################################################################################290################################################################################
274291# Managed network proxy settings# Sandboxed networking settings
275################################################################################292################################################################################
276 293
277294[permissions.network]# Enable the feature before configuring sandboxed networking rules.
295# [features.network_proxy]
296# enabled = true
297# domains = { "api.openai.com" = "allow", "example.com" = "deny" }
298#
299# Exact hosts match only themselves.
300# "*.example.com" matches subdomains only; "**.example.com" matches the apex plus subdomains.
301# "*" allows any public host that is not denied, so prefer scoped rules when possible.
302# `allow_local_binding = false` blocks loopback and private destinations by default.
303# Add an exact local IP literal or `localhost` allow rule for one target, or set it to true only when broader local access is required.
304#
305# Set `default_permissions = "workspace"` before enabling this profile.
306# [permissions.workspace.network]
278# enabled = true307# enabled = true
279# proxy_url = "http://127.0.0.1:43128"308# proxy_url = "http://127.0.0.1:43128"
280# admin_url = "http://127.0.0.1:43129"309# admin_url = "http://127.0.0.1:43129"
285# dangerously_allow_non_loopback_proxy = false314# dangerously_allow_non_loopback_proxy = false
286# dangerously_allow_non_loopback_admin = false315# dangerously_allow_non_loopback_admin = false
287# dangerously_allow_all_unix_sockets = false316# dangerously_allow_all_unix_sockets = false
288# mode = "limited" # limited | full
289# allowed_domains = ["api.openai.com"]
290# denied_domains = ["example.com"]
291# allow_unix_sockets = ["/var/run/docker.sock"]
292# allow_local_binding = false317# allow_local_binding = false
318#
319# [permissions.workspace.network.domains]
320# "api.openai.com" = "allow"
321# "example.com" = "deny"
322#
323# [permissions.workspace.network.unix_sockets]
324# "/var/run/docker.sock" = "allow"
293 325
294################################################################################326################################################################################
295# History (table)327# History (table)
313# Notification mechanism for terminal alerts: auto | osc9 | bel. Default: "auto"345# Notification mechanism for terminal alerts: auto | osc9 | bel. Default: "auto"
314# notification_method = "auto"346# notification_method = "auto"
315 347
348# When notifications fire: unfocused (default) | always
349# notification_condition = "unfocused"
350
316# Enables welcome/status/spinner animations. Default: true351# Enables welcome/status/spinner animations. Default: true
317animations = true352animations = true
318 353
327# Set to [] to hide the footer.362# Set to [] to hide the footer.
328# status_line = ["model", "context-remaining", "git-branch"]363# status_line = ["model", "context-remaining", "git-branch"]
329 364
365# Ordered list of terminal window/tab title item IDs. When unset, Codex uses:
366# ["spinner", "project"]. Set to [] to clear the title.
367# Available IDs include app-name, project, spinner, status, thread, git-branch, model,
368# and task-progress.
369# terminal_title = ["spinner", "project"]
370
330# Syntax-highlighting theme (kebab-case). Use /theme in the TUI to preview and save.371# Syntax-highlighting theme (kebab-case). Use /theme in the TUI to preview and save.
331# You can also add custom .tmTheme files under $CODEX_HOME/themes.372# You can also add custom .tmTheme files under $CODEX_HOME/themes.
332# theme = "catppuccin-mocha"373# theme = "catppuccin-mocha"
333 374
375# Custom key bindings. Context-specific bindings override [tui.keymap.global].
376# Use [] to unbind an action.
377# [tui.keymap.global]
378# open_transcript = "ctrl-t"
379# open_external_editor = []
380#
381# [tui.keymap.composer]
382# submit = ["enter", "ctrl-m"]
383
334# Internal tooltip state keyed by model slug. Usually managed by Codex.384# Internal tooltip state keyed by model slug. Usually managed by Codex.
335# [tui.model_availability_nux]385# [tui.model_availability_nux]
336# "gpt-5.4" = 1386# "gpt-5.4" = 1
350# hide_rate_limit_model_nudge = true400# hide_rate_limit_model_nudge = true
351# hide_gpt5_1_migration_prompt = true401# hide_gpt5_1_migration_prompt = true
352# "hide_gpt-5.1-codex-max_migration_prompt" = true402# "hide_gpt-5.1-codex-max_migration_prompt" = true
353403# model_migrations = { "gpt-4.1" = "gpt-5.1" }# model_migrations = { "gpt-5.3-codex" = "gpt-5.4" }
354 404
355################################################################################405################################################################################
356# Centralized Feature Flags (preferred)406# Centralized Feature Flags (preferred)
360# Leave this table empty to accept defaults. Set explicit booleans to opt in/out.410# Leave this table empty to accept defaults. Set explicit booleans to opt in/out.
361# shell_tool = true411# shell_tool = true
362# apps = false412# apps = false
363413# codex_hooks = false# hooks = false
414# plugin_hooks = false # Default off; set true to opt into plugin-bundled hooks.
415# codex_git_commit = false
364# unified_exec = true416# unified_exec = true
365# shell_snapshot = true417# shell_snapshot = true
366# multi_agent = true418# multi_agent = true
367# personality = true419# personality = true
420# network_proxy = false
368# fast_mode = true421# fast_mode = true
369# smart_approvals = false
370# enable_request_compression = true422# enable_request_compression = true
371# skill_mcp_dependency_install = true423# skill_mcp_dependency_install = true
372# prevent_idle_sleep = false424# prevent_idle_sleep = false
373 425
426################################################################################
427# Memories (table)
428################################################################################
429
430# Enable memories with [features].memories, then tune memory behavior here.
431# [memories]
432# generate_memories = true
433# use_memories = true
434# disable_on_external_context = false # legacy alias: no_memories_if_mcp_or_web_search
435
436################################################################################
437# Lifecycle hooks can be configured here inline or in a sibling hooks.json.
438################################################################################
439
440# [hooks]
441# [[hooks.PreToolUse]]
442# matcher = "^Bash$"
443#
444# [[hooks.PreToolUse.hooks]]
445# type = "command"
446# command = 'python3 "/absolute/path/to/pre_tool_use_policy.py"'
447# timeout = 30
448# statusMessage = "Checking Bash command"
449
374################################################################################450################################################################################
375# Define MCP servers under this table. Leave empty to disable.451# Define MCP servers under this table. Leave empty to disable.
376################################################################################452################################################################################
384# command = "docs-server" # required460# command = "docs-server" # required
385# args = ["--port", "4000"] # optional461# args = ["--port", "4000"] # optional
386# env = { "API_KEY" = "value" } # optional key/value pairs copied as-is462# env = { "API_KEY" = "value" } # optional key/value pairs copied as-is
387463# env_vars = ["ANOTHER_SECRET"] # optional: forward these from the parent env# env_vars = ["ANOTHER_SECRET"] # optional: forward local parent env vars
464# env_vars = ["LOCAL_TOKEN", { name = "REMOTE_TOKEN", source = "remote" }]
388# cwd = "/path/to/server" # optional working directory override465# cwd = "/path/to/server" # optional working directory override
466# experimental_environment = "remote" # experimental: run stdio via a remote executor
389# startup_timeout_sec = 10.0 # optional; default 10.0 seconds467# startup_timeout_sec = 10.0 # optional; default 10.0 seconds
390# # startup_timeout_ms = 10000 # optional alias for startup timeout (milliseconds)468# # startup_timeout_ms = 10000 # optional alias for startup timeout (milliseconds)
391# tool_timeout_sec = 60.0 # optional; default 60.0 seconds469# tool_timeout_sec = 60.0 # optional; default 60.0 seconds
416# - openai494# - openai
417# - ollama495# - ollama
418# - lmstudio496# - lmstudio
497# - amazon-bedrock
498# These IDs are reserved. Use a different ID for custom providers.
419 499
420[model_providers]500[model_providers]
421 501
502# --- Example: built-in Amazon Bedrock provider options ---
503# model_provider = "amazon-bedrock"
504# model = "<bedrock-model-id>"
505# [model_providers.amazon-bedrock.aws]
506# profile = "default"
507# region = "eu-central-1"
508
422# --- Example: OpenAI data residency with explicit base URL or headers ---509# --- Example: OpenAI data residency with explicit base URL or headers ---
423# [model_providers.openaidr]510# [model_providers.openaidr]
424# name = "OpenAI Data Residency"511# name = "OpenAI Data Residency"
425# base_url = "https://us.api.openai.com/v1" # example with 'us' domain prefix512# base_url = "https://us.api.openai.com/v1" # example with 'us' domain prefix
426# wire_api = "responses" # only supported value513# wire_api = "responses" # only supported value
427514# # requires_openai_auth = true # built-in OpenAI defaults to true# # requires_openai_auth = true # use only for providers backed by OpenAI auth
428# # request_max_retries = 4 # default 4; max 100515# # request_max_retries = 4 # default 4; max 100
429# # stream_max_retries = 5 # default 5; max 100516# # stream_max_retries = 5 # default 5; max 100
430# # stream_idle_timeout_ms = 300000 # default 300_000 (5m)517# # stream_idle_timeout_ms = 300000 # default 300_000 (5m)
443# env_key_instructions = "Set AZURE_OPENAI_API_KEY in your environment"530# env_key_instructions = "Set AZURE_OPENAI_API_KEY in your environment"
444# # supports_websockets = false531# # supports_websockets = false
445 532
533# --- Example: command-backed bearer token auth ---
534# [model_providers.proxy]
535# name = "OpenAI using LLM proxy"
536# base_url = "https://proxy.example.com/v1"
537# wire_api = "responses"
538#
539# [model_providers.proxy.auth]
540# command = "/usr/local/bin/fetch-codex-token"
541# args = ["--audience", "codex"]
542# timeout_ms = 5000
543# refresh_interval_ms = 300000
544
446# --- Example: Local OSS (e.g., Ollama-compatible) ---545# --- Example: Local OSS (e.g., Ollama-compatible) ---
447546# [model_providers.ollama]# [model_providers.local_ollama]
448# name = "Ollama"547# name = "Ollama"
449# base_url = "http://localhost:11434/v1"548# base_url = "http://localhost:11434/v1"
450# wire_api = "responses"549# wire_api = "responses"
471# enabled = false570# enabled = false
472# approval_mode = "approve"571# approval_mode = "approve"
473 572
573# Optional tool suggestion allowlist for connectors or plugins Codex can offer to install.
574# [tool_suggest]
575# discoverables = [
576# { type = "connector", id = "gmail" },
577# { type = "plugin", id = "figma@openai-curated" },
578# ]
579# disabled_tools = [
580# { type = "plugin", id = "slack@openai-curated" },
581# { type = "connector", id = "connector_googlecalendar" },
582# ]
583
474################################################################################584################################################################################
475# Profiles (named presets)585# Profiles (named presets)
476################################################################################586################################################################################
482# model_provider = "openai"592# model_provider = "openai"
483# approval_policy = "on-request"593# approval_policy = "on-request"
484# sandbox_mode = "read-only"594# sandbox_mode = "read-only"
485595# service_tier = "flex"# service_tier = "flex" # or another supported service tier id
486# oss_provider = "ollama"596# oss_provider = "ollama"
487# model_reasoning_effort = "medium"597# model_reasoning_effort = "medium"
488# plan_mode_reasoning_effort = "high"598# plan_mode_reasoning_effort = "high"