76 76
77Use `[[remote_sandbox_config]]` when one managed policy should apply different77Use `[[remote_sandbox_config]]` when one managed policy should apply different
78sandbox requirements on different hosts. For example, you can keep a stricter78sandbox requirements on different hosts. For example, you can keep a stricter
7979default for laptops while allowing workspace writes on matching devboxes or CIdefault for laptops while allowing workspace writes on matching dev boxes or CI
80runners. Host-specific entries currently override `allowed_sandbox_modes` only:80runners. Host-specific entries currently override `allowed_sandbox_modes` only:
81 81
82```toml82```toml
94 94
95The first matching `[[remote_sandbox_config]]` entry wins within the same95The first matching `[[remote_sandbox_config]]` entry wins within the same
96requirements source. If no entry matches, Codex keeps the top-level96requirements source. If no entry matches, Codex keeps the top-level
9797`allowed_sandbox_modes`. Hostname matching is for policy selection only; don't`allowed_sandbox_modes`. Host name matching is for policy selection only; don't
98treat it as authenticated device proof.98treat it as authenticated device proof.
99 99
100You can also constrain web search mode:100You can also constrain web search mode:
106`allowed_web_search_modes = []` allows only `"disabled"`.106`allowed_web_search_modes = []` allows only `"disabled"`.
107For example, `allowed_web_search_modes = ["cached"]` prevents live web search even in `danger-full-access` sessions.107For example, `allowed_web_search_modes = ["cached"]` prevents live web search even in `danger-full-access` sessions.
108 108
109### Configure network access requirements
110
111Use `[experimental_network]` in `requirements.toml` when administrators should
112define network access requirements centrally. These requirements are separate
113from the user `features.network_proxy` toggle: they can configure sandboxed
114networking without that feature flag, but they do not grant command network
115access when the active sandbox keeps networking off.
116
117```toml
118experimental_network.enabled = true
119experimental_network.dangerously_allow_all_unix_sockets = true
120experimental_network.allow_local_binding = true
121experimental_network.allowed_domains = [
122 "api.openai.com",
123 "*.example.com",
124]
125experimental_network.denied_domains = [
126 "blocked.example.com",
127 "*.exfil.example.com",
128]
129```
130
131Use `experimental_network.managed_allowed_domains_only = true` only when you
132also define administrator-owned `allowed_domains` and want that allowlist to be
133exclusive. If it is `true` without managed allow rules, user-added domain allow
134rules do not remain effective.
135
136The domain syntax, local/private destination rules, deny-over-allow behavior,
137and DNS rebinding limitations are the same as the sandboxed networking behavior
138described in [Agent approvals & security](https://developers.openai.com/codex/agent-approvals-security#network-isolation).
139
109### Pin feature flags140### Pin feature flags
110 141
111You can also pin [feature flags](https://developers.openai.com/codex/config-basic/#feature-flags) for users142You can also pin [feature flags](https://developers.openai.com/codex/config-basic/#feature-flags) for users
124 155
125Use the canonical feature keys from `config.toml`'s `[features]` table. Codex normalizes the resulting feature set to meet these pins and rejects conflicting writes to `config.toml` or profile-scoped feature settings.156Use the canonical feature keys from `config.toml`'s `[features]` table. Codex normalizes the resulting feature set to meet these pins and rejects conflicting writes to `config.toml` or profile-scoped feature settings.
126 157
158<a id="disable-codex-feature-surfaces"></a>
159
127- `in_app_browser = false` disables the in-app browser pane.160- `in_app_browser = false` disables the in-app browser pane.
128- `browser_use = false` disables Browser Use and Browser Agent availability.161- `browser_use = false` disables Browser Use and Browser Agent availability.
129- `computer_use = false` disables Computer Use availability and related162- `computer_use = false` disables Computer Use availability and related
130163 install or enablement flows. install or setup flows.
131 164
132If omitted, these features are allowed by policy, subject to normal client,165If omitted, these features are allowed by policy, subject to normal client,
133platform, and rollout availability.166platform, and rollout availability.
185directory where your MDM or endpoint-management tooling installs the referenced218directory where your MDM or endpoint-management tooling installs the referenced
186scripts.219scripts.
187 220
221To enforce managed hooks even for users who disabled hooks locally, pin
222`[features].hooks = true` alongside `[hooks]`.
223
188```toml224```toml
189[features]225[features]
190226codex_hooks = truehooks = true
191 227
192[hooks]228[hooks]
193managed_dir = "/enterprise/hooks"229managed_dir = "/enterprise/hooks"