76 76
77Use `[[remote_sandbox_config]]` when one managed policy should apply different77Use `[[remote_sandbox_config]]` when one managed policy should apply different
78sandbox requirements on different hosts. For example, you can keep a stricter78sandbox requirements on different hosts. For example, you can keep a stricter
7979default for laptops while allowing workspace writes on matching devboxes or CIdefault for laptops while allowing workspace writes on matching dev boxes or CI
80runners. Host-specific entries currently override `allowed_sandbox_modes` only:80runners. Host-specific entries currently override `allowed_sandbox_modes` only:
81 81
82```toml82```toml
94 94
95The first matching `[[remote_sandbox_config]]` entry wins within the same95The first matching `[[remote_sandbox_config]]` entry wins within the same
96requirements source. If no entry matches, Codex keeps the top-level96requirements source. If no entry matches, Codex keeps the top-level
9797`allowed_sandbox_modes`. Hostname matching is for policy selection only; don't`allowed_sandbox_modes`. Host name matching is for policy selection only; don't
98treat it as authenticated device proof.98treat it as authenticated device proof.
99 99
100You can also constrain web search mode:100You can also constrain web search mode:
106`allowed_web_search_modes = []` allows only `"disabled"`.106`allowed_web_search_modes = []` allows only `"disabled"`.
107For example, `allowed_web_search_modes = ["cached"]` prevents live web search even in `danger-full-access` sessions.107For example, `allowed_web_search_modes = ["cached"]` prevents live web search even in `danger-full-access` sessions.
108 108
109### Configure network access requirements
110
111Use `[experimental_network]` in `requirements.toml` when administrators should
112define network access requirements centrally. These requirements are separate
113from the user `features.network_proxy` toggle: they can configure sandboxed
114networking without that feature flag, but they do not grant command network
115access when the active sandbox keeps networking off.
116
117```toml
118experimental_network.enabled = true
119experimental_network.dangerously_allow_all_unix_sockets = true
120experimental_network.allow_local_binding = true
121experimental_network.allowed_domains = [
122 "api.openai.com",
123 "*.example.com",
124]
125experimental_network.denied_domains = [
126 "blocked.example.com",
127 "*.exfil.example.com",
128]
129```
130
131Use `experimental_network.managed_allowed_domains_only = true` only when you
132also define administrator-owned `allowed_domains` and want that allowlist to be
133exclusive. If it is `true` without managed allow rules, user-added domain allow
134rules do not remain effective.
135
136The domain syntax, local/private destination rules, deny-over-allow behavior,
137and DNS rebinding limitations are the same as the sandboxed networking behavior
138described in [Agent approvals & security](https://developers.openai.com/codex/agent-approvals-security#network-isolation).
139
109### Pin feature flags140### Pin feature flags
110 141
111You can also pin [feature flags](https://developers.openai.com/codex/config-basic/#feature-flags) for users142You can also pin [feature flags](https://developers.openai.com/codex/config-basic/#feature-flags) for users
129- `in_app_browser = false` disables the in-app browser pane.160- `in_app_browser = false` disables the in-app browser pane.
130- `browser_use = false` disables Browser Use and Browser Agent availability.161- `browser_use = false` disables Browser Use and Browser Agent availability.
131- `computer_use = false` disables Computer Use availability and related162- `computer_use = false` disables Computer Use availability and related
132163 install or enablement flows. install or setup flows.
133 164
134If omitted, these features are allowed by policy, subject to normal client,165If omitted, these features are allowed by policy, subject to normal client,
135platform, and rollout availability.166platform, and rollout availability.
187directory where your MDM or endpoint-management tooling installs the referenced218directory where your MDM or endpoint-management tooling installs the referenced
188scripts.219scripts.
189 220
221To enforce managed hooks even for users who disabled hooks locally, pin
222`[features].hooks = true` alongside `[hooks]`.
223
190```toml224```toml
191[features]225[features]
192226codex_hooks = truehooks = true
193 227
194[hooks]228[hooks]
195managed_dir = "/enterprise/hooks"229managed_dir = "/enterprise/hooks"