@minniexcode/codex-switch 0.0.6 → 0.0.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.AI.md +5 -2
- package/README.md +12 -6
- package/dist/app/add-provider.js +21 -3
- package/dist/app/edit-provider.js +39 -11
- package/dist/app/get-status.js +8 -1
- package/dist/app/init-codex.js +68 -0
- package/dist/app/list-providers.js +1 -0
- package/dist/app/run-doctor.js +60 -0
- package/dist/app/setup-codex.js +17 -8
- package/dist/app/show-config.js +9 -1
- package/dist/app/switch-provider.js +14 -7
- package/dist/cli/add-interactive.js +4 -2
- package/dist/cli/args.js +3 -0
- package/dist/cli/help.js +3 -0
- package/dist/cli/interactive.js +3 -0
- package/dist/cli/output.js +20 -5
- package/dist/cli/prompt.js +3 -0
- package/dist/cli.js +1 -1
- package/dist/commands/handlers.js +80 -11
- package/dist/commands/help.js +2 -1
- package/dist/commands/registry.js +73 -13
- package/dist/domain/config.js +137 -0
- package/dist/domain/providers.js +16 -2
- package/dist/domain/setup.js +1 -0
- package/dist/infra/backup-repo.js +3 -0
- package/dist/infra/codex-cli.js +3 -0
- package/dist/infra/codex-paths.js +3 -0
- package/dist/infra/fs-utils.js +3 -0
- package/dist/infra/lock-repo.js +3 -0
- package/dist/infra/providers-repo.js +3 -0
- package/dist/interaction/add-interactive.js +9 -18
- package/dist/interaction/interactive.js +84 -11
- package/dist/runtime/codex-probe.js +7 -0
- package/dist/storage/auth-repo.js +160 -0
- package/dist/storage/config-repo.js +58 -0
- package/docs/Design/codex-switch-v0.0.7-design.md +862 -0
- package/docs/PRD/codex-switch-prd-v0.0.5-to-v0.1.0.md +131 -25
- package/docs/Reference/codex-config-reference.md +604 -0
- package/docs/Reference/codex-config-reference.zh-CN.md +633 -0
- package/docs/cli-usage.md +77 -29
- package/docs/test-report-0.0.7.md +118 -0
- package/docs/testing.md +67 -47
- package/package.json +1 -1
|
@@ -0,0 +1,604 @@
|
|
|
1
|
+
# Codex Config Reference
|
|
2
|
+
|
|
3
|
+
This document reorganizes the official Codex configuration docs into a practical reference for day-to-day use.
|
|
4
|
+
|
|
5
|
+
It is not an official OpenAI document and it is not a line-by-line translation of the upstream pages.
|
|
6
|
+
|
|
7
|
+
Sources used for this summary:
|
|
8
|
+
|
|
9
|
+
- Advanced Configuration: https://developers.openai.com/codex/config-advanced
|
|
10
|
+
- Configuration Reference: https://developers.openai.com/codex/config-reference
|
|
11
|
+
|
|
12
|
+
Current against the official pages fetched on 2026-05-14.
|
|
13
|
+
|
|
14
|
+
## 1. What this reference covers
|
|
15
|
+
|
|
16
|
+
This guide focuses on three things:
|
|
17
|
+
|
|
18
|
+
- where Codex reads configuration from
|
|
19
|
+
- which configuration families matter most in practice
|
|
20
|
+
- how the most important `config.toml` and `requirements.toml` keys fit together
|
|
21
|
+
|
|
22
|
+
It intentionally summarizes and groups the official reference instead of reproducing every single key.
|
|
23
|
+
|
|
24
|
+
## 2. Config files and state locations
|
|
25
|
+
|
|
26
|
+
Codex stores local state under `CODEX_HOME`, which defaults to `~/.codex`.
|
|
27
|
+
|
|
28
|
+
Common files there include:
|
|
29
|
+
|
|
30
|
+
- `config.toml`: user-level local configuration
|
|
31
|
+
- `auth.json`: file-based credentials when applicable
|
|
32
|
+
- OS keychain/keyring: credential storage on supported systems
|
|
33
|
+
- `history.jsonl`: local session history when history persistence is enabled
|
|
34
|
+
- caches, logs, and other per-user state
|
|
35
|
+
|
|
36
|
+
The official docs also distinguish between:
|
|
37
|
+
|
|
38
|
+
- user config: `~/.codex/config.toml`
|
|
39
|
+
- project config: `<repo>/.codex/config.toml`
|
|
40
|
+
- admin-enforced requirements: `requirements.toml`
|
|
41
|
+
|
|
42
|
+
## 3. Configuration layers and precedence
|
|
43
|
+
|
|
44
|
+
Codex supports several ways to influence configuration.
|
|
45
|
+
|
|
46
|
+
### 3.1 User config
|
|
47
|
+
|
|
48
|
+
Your baseline settings usually live in:
|
|
49
|
+
|
|
50
|
+
```toml
|
|
51
|
+
~/.codex/config.toml
|
|
52
|
+
```
|
|
53
|
+
|
|
54
|
+
Use this for persistent defaults such as model choice, approval policy, sandbox mode, providers, notifications, and telemetry settings.
|
|
55
|
+
|
|
56
|
+
### 3.2 Project config
|
|
57
|
+
|
|
58
|
+
Codex can load repo-scoped overrides from:
|
|
59
|
+
|
|
60
|
+
```toml
|
|
61
|
+
<repo>/.codex/config.toml
|
|
62
|
+
```
|
|
63
|
+
|
|
64
|
+
Important behavior from the official docs:
|
|
65
|
+
|
|
66
|
+
- Codex walks from the project root to the current working directory.
|
|
67
|
+
- It loads every `.codex/config.toml` found along the way.
|
|
68
|
+
- If the same key is defined multiple times, the layer closest to the current working directory wins.
|
|
69
|
+
- Project-scoped config is loaded only for trusted projects.
|
|
70
|
+
- If a project is untrusted, Codex ignores project-local `.codex/` config, hooks, and rules.
|
|
71
|
+
- Relative paths inside a project config are resolved relative to the `.codex/` directory that contains that file.
|
|
72
|
+
|
|
73
|
+
Related keys:
|
|
74
|
+
|
|
75
|
+
- `project_root_markers`
|
|
76
|
+
- `projects.<path>.trust_level`
|
|
77
|
+
- `project_doc_max_bytes`
|
|
78
|
+
- `project_doc_fallback_filenames`
|
|
79
|
+
|
|
80
|
+
### 3.3 One-off CLI overrides
|
|
81
|
+
|
|
82
|
+
For a single run, you can override settings from the command line.
|
|
83
|
+
|
|
84
|
+
Preferred options:
|
|
85
|
+
|
|
86
|
+
- use dedicated flags when available, such as `--model`
|
|
87
|
+
- use `-c` or `--config` for arbitrary keys
|
|
88
|
+
|
|
89
|
+
Examples from the official docs:
|
|
90
|
+
|
|
91
|
+
```bash
|
|
92
|
+
codex --model gpt-5.4
|
|
93
|
+
codex --config model='"gpt-5.4"'
|
|
94
|
+
codex --config sandbox_workspace_write.network_access=true
|
|
95
|
+
codex --config 'shell_environment_policy.include_only=["PATH","HOME"]'
|
|
96
|
+
```
|
|
97
|
+
|
|
98
|
+
Important note:
|
|
99
|
+
|
|
100
|
+
- `--config` values are parsed as TOML, not JSON
|
|
101
|
+
- nested keys can use dot notation
|
|
102
|
+
- if a value cannot be parsed as TOML, Codex treats it as a string
|
|
103
|
+
|
|
104
|
+
### 3.4 Profiles
|
|
105
|
+
|
|
106
|
+
Profiles are named sets of config overrides stored in `config.toml`.
|
|
107
|
+
|
|
108
|
+
Official behavior:
|
|
109
|
+
|
|
110
|
+
- define them under `[profiles.<name>]`
|
|
111
|
+
- select one with `codex --profile <name>`
|
|
112
|
+
- set a default profile with top-level `profile = "<name>"`
|
|
113
|
+
- profiles are experimental
|
|
114
|
+
- profiles are not currently supported in the Codex IDE extension
|
|
115
|
+
- a selected profile can override `model_catalog_json`
|
|
116
|
+
|
|
117
|
+
Core keys:
|
|
118
|
+
|
|
119
|
+
- `profile`
|
|
120
|
+
- `profiles.<name>.*`
|
|
121
|
+
- `profiles.<name>.model_catalog_json`
|
|
122
|
+
- `profiles.<name>.model_instructions_file`
|
|
123
|
+
- `profiles.<name>.web_search`
|
|
124
|
+
- `profiles.<name>.windows.sandbox`
|
|
125
|
+
- profile-scoped versions of analytics, reasoning, personality, service tier, and OSS provider settings
|
|
126
|
+
|
|
127
|
+
Example:
|
|
128
|
+
|
|
129
|
+
```toml
|
|
130
|
+
model = "gpt-5.4"
|
|
131
|
+
approval_policy = "on-request"
|
|
132
|
+
profile = "deep-review"
|
|
133
|
+
|
|
134
|
+
[profiles.deep-review]
|
|
135
|
+
model = "gpt-5-pro"
|
|
136
|
+
model_reasoning_effort = "high"
|
|
137
|
+
approval_policy = "never"
|
|
138
|
+
```
|
|
139
|
+
|
|
140
|
+
## 4. `config.toml` by topic
|
|
141
|
+
|
|
142
|
+
### 4.1 Model, reasoning, and response style
|
|
143
|
+
|
|
144
|
+
These keys define what model Codex uses and how it behaves.
|
|
145
|
+
|
|
146
|
+
Common keys:
|
|
147
|
+
|
|
148
|
+
- `model`: active model id, for example `gpt-5.5`
|
|
149
|
+
- `model_reasoning_effort`: `minimal | low | medium | high | xhigh`
|
|
150
|
+
- `model_reasoning_summary`: `auto | concise | detailed | none`
|
|
151
|
+
- `model_verbosity`: `low | medium | high`
|
|
152
|
+
- `model_context_window`: context window size
|
|
153
|
+
- `model_auto_compact_token_limit`: threshold for automatic compaction
|
|
154
|
+
- `service_tier`: `flex | fast`
|
|
155
|
+
- `personality`: `none | friendly | pragmatic`
|
|
156
|
+
- `plan_mode_reasoning_effort`: Plan-mode reasoning override
|
|
157
|
+
|
|
158
|
+
Important notes from the official docs:
|
|
159
|
+
|
|
160
|
+
- `model_reasoning_effort` applies to supported models using the Responses API
|
|
161
|
+
- `model_verbosity` applies only to providers using the Responses API
|
|
162
|
+
- Chat Completions providers ignore `model_verbosity`
|
|
163
|
+
|
|
164
|
+
### 4.2 Web search
|
|
165
|
+
|
|
166
|
+
Codex exposes web search as a first-class setting.
|
|
167
|
+
|
|
168
|
+
Key:
|
|
169
|
+
|
|
170
|
+
- `web_search`: `disabled | cached | live`
|
|
171
|
+
|
|
172
|
+
Official behavior:
|
|
173
|
+
|
|
174
|
+
- default is `"cached"`
|
|
175
|
+
- cached mode uses an OpenAI-maintained index and does not fetch live pages
|
|
176
|
+
- if you use `--yolo` or another full access sandbox setup, the default becomes `"live"`
|
|
177
|
+
- use `"live"` for the most recent data
|
|
178
|
+
- use `"disabled"` to remove the tool
|
|
179
|
+
|
|
180
|
+
Legacy feature flags such as `features.web_search`, `features.web_search_cached`, and `features.web_search_request` still exist, but the official reference treats them as deprecated in favor of the top-level `web_search` key.
|
|
181
|
+
|
|
182
|
+
### 4.3 Providers and API routing
|
|
183
|
+
|
|
184
|
+
Codex separates the active provider id from the provider definitions.
|
|
185
|
+
|
|
186
|
+
Core keys:
|
|
187
|
+
|
|
188
|
+
- `model_provider`
|
|
189
|
+
- `model_providers.<id>`
|
|
190
|
+
- `model_providers.<id>.base_url`
|
|
191
|
+
- `model_providers.<id>.env_key`
|
|
192
|
+
- `model_providers.<id>.env_key_instructions`
|
|
193
|
+
- `model_providers.<id>.http_headers`
|
|
194
|
+
- `model_providers.<id>.env_http_headers`
|
|
195
|
+
- `model_providers.<id>.query_params`
|
|
196
|
+
- `model_providers.<id>.request_max_retries`
|
|
197
|
+
|
|
198
|
+
Authentication options for custom providers include:
|
|
199
|
+
|
|
200
|
+
- `env_key`
|
|
201
|
+
- `experimental_bearer_token`
|
|
202
|
+
- command-backed bearer token auth via `model_providers.<id>.auth.*`
|
|
203
|
+
|
|
204
|
+
The official docs explicitly recommend `env_key` over direct bearer tokens.
|
|
205
|
+
|
|
206
|
+
Built-in or reserved provider behavior:
|
|
207
|
+
|
|
208
|
+
- `openai`, `ollama`, and `lmstudio` are reserved ids
|
|
209
|
+
- they cannot be overridden by custom providers
|
|
210
|
+
- `amazon-bedrock` is available as a built-in provider with nested AWS settings
|
|
211
|
+
|
|
212
|
+
Related Bedrock keys:
|
|
213
|
+
|
|
214
|
+
- `model_providers.amazon-bedrock.aws.profile`
|
|
215
|
+
- `model_providers.amazon-bedrock.aws.region`
|
|
216
|
+
|
|
217
|
+
### 4.3.1 `openai_base_url` vs custom providers
|
|
218
|
+
|
|
219
|
+
If you only want to point the built-in OpenAI provider to a proxy, router, or residency-specific endpoint, use:
|
|
220
|
+
|
|
221
|
+
```toml
|
|
222
|
+
openai_base_url = "https://us.api.openai.com/v1"
|
|
223
|
+
```
|
|
224
|
+
|
|
225
|
+
Use a custom `model_providers.<id>` entry when you need a separate provider identity, different auth wiring, or custom headers/query params.
|
|
226
|
+
|
|
227
|
+
### 4.3.2 OSS mode
|
|
228
|
+
|
|
229
|
+
Codex can target local open-source backends when run with `--oss`.
|
|
230
|
+
|
|
231
|
+
Key:
|
|
232
|
+
|
|
233
|
+
- `oss_provider`: `lmstudio | ollama`
|
|
234
|
+
|
|
235
|
+
If `--oss` is passed without an explicit provider, Codex uses `oss_provider` as the default local provider.
|
|
236
|
+
|
|
237
|
+
### 4.4 Approval policy and sandboxing
|
|
238
|
+
|
|
239
|
+
These keys control how much Codex can do without pausing and how much local access subprocesses receive.
|
|
240
|
+
|
|
241
|
+
Main keys:
|
|
242
|
+
|
|
243
|
+
- `approval_policy`
|
|
244
|
+
- `approvals_reviewer`
|
|
245
|
+
- `sandbox_mode`
|
|
246
|
+
- `sandbox_workspace_write.network_access`
|
|
247
|
+
- `sandbox_workspace_write.writable_roots`
|
|
248
|
+
- `sandbox_workspace_write.exclude_slash_tmp`
|
|
249
|
+
- `sandbox_workspace_write.exclude_tmpdir_env_var`
|
|
250
|
+
- `windows.sandbox`
|
|
251
|
+
- `windows.sandbox_private_desktop`
|
|
252
|
+
|
|
253
|
+
Top-level `approval_policy` supports:
|
|
254
|
+
|
|
255
|
+
- `untrusted`
|
|
256
|
+
- `on-request`
|
|
257
|
+
- `never`
|
|
258
|
+
- granular mode:
|
|
259
|
+
|
|
260
|
+
```toml
|
|
261
|
+
approval_policy = { granular = {
|
|
262
|
+
sandbox_approval = true,
|
|
263
|
+
rules = true,
|
|
264
|
+
mcp_elicitations = false,
|
|
265
|
+
request_permissions = true,
|
|
266
|
+
skill_approval = true
|
|
267
|
+
} }
|
|
268
|
+
```
|
|
269
|
+
|
|
270
|
+
Granular subkeys include:
|
|
271
|
+
|
|
272
|
+
- `approval_policy.granular.sandbox_approval`
|
|
273
|
+
- `approval_policy.granular.rules`
|
|
274
|
+
- `approval_policy.granular.mcp_elicitations`
|
|
275
|
+
- `approval_policy.granular.request_permissions`
|
|
276
|
+
- `approval_policy.granular.skill_approval`
|
|
277
|
+
|
|
278
|
+
Sandbox mode values:
|
|
279
|
+
|
|
280
|
+
- `read-only`
|
|
281
|
+
- `workspace-write`
|
|
282
|
+
- `danger-full-access`
|
|
283
|
+
|
|
284
|
+
This is the main policy combination most teams tune first:
|
|
285
|
+
|
|
286
|
+
- approval strictness determines when Codex pauses
|
|
287
|
+
- sandbox mode determines file and network boundaries
|
|
288
|
+
|
|
289
|
+
### 4.5 Named permission profiles
|
|
290
|
+
|
|
291
|
+
Codex also supports reusable permission profiles through:
|
|
292
|
+
|
|
293
|
+
- `default_permissions`
|
|
294
|
+
- `[permissions.<name>]`
|
|
295
|
+
|
|
296
|
+
Built-in profile names:
|
|
297
|
+
|
|
298
|
+
- `:read-only`
|
|
299
|
+
- `:workspace`
|
|
300
|
+
- `:danger-no-sandbox`
|
|
301
|
+
|
|
302
|
+
Custom profiles can define filesystem and network policy, including:
|
|
303
|
+
|
|
304
|
+
- `permissions.<name>.filesystem`
|
|
305
|
+
- `permissions.<name>.network.enabled`
|
|
306
|
+
- `permissions.<name>.network.mode`
|
|
307
|
+
- `permissions.<name>.network.domains`
|
|
308
|
+
- `permissions.<name>.network.proxy_url`
|
|
309
|
+
- `permissions.<name>.network.socks_url`
|
|
310
|
+
- `permissions.<name>.network.unix_sockets`
|
|
311
|
+
|
|
312
|
+
Use this when sandbox defaults are not enough and you need a reusable local policy shape.
|
|
313
|
+
|
|
314
|
+
### 4.6 Shell environment policy
|
|
315
|
+
|
|
316
|
+
Codex lets you control which environment variables are passed to subprocesses.
|
|
317
|
+
|
|
318
|
+
Main table:
|
|
319
|
+
|
|
320
|
+
```toml
|
|
321
|
+
[shell_environment_policy]
|
|
322
|
+
inherit = "none"
|
|
323
|
+
set = { PATH = "/usr/bin", MY_FLAG = "1" }
|
|
324
|
+
ignore_default_excludes = false
|
|
325
|
+
exclude = ["AWS_*", "AZURE_*"]
|
|
326
|
+
include_only = ["PATH", "HOME"]
|
|
327
|
+
```
|
|
328
|
+
|
|
329
|
+
Important keys:
|
|
330
|
+
|
|
331
|
+
- `shell_environment_policy.inherit`: `all | core | none`
|
|
332
|
+
- `shell_environment_policy.set`
|
|
333
|
+
- `shell_environment_policy.exclude`
|
|
334
|
+
- `shell_environment_policy.include_only`
|
|
335
|
+
- `shell_environment_policy.ignore_default_excludes`
|
|
336
|
+
- `shell_environment_policy.experimental_use_profile`
|
|
337
|
+
|
|
338
|
+
Official behavior:
|
|
339
|
+
|
|
340
|
+
- filters are case-insensitive glob patterns
|
|
341
|
+
- when `ignore_default_excludes = false`, Codex keeps the automatic `KEY` / `SECRET` / `TOKEN` filtering before your rules run
|
|
342
|
+
|
|
343
|
+
This is the main tool for preventing secret leakage to subprocesses while still supplying required paths or flags.
|
|
344
|
+
|
|
345
|
+
### 4.7 Instructions, AGENTS.md, and project guidance
|
|
346
|
+
|
|
347
|
+
Codex supports both built-in instruction replacement and project document discovery.
|
|
348
|
+
|
|
349
|
+
Relevant keys:
|
|
350
|
+
|
|
351
|
+
- `model_instructions_file`
|
|
352
|
+
- `project_doc_max_bytes`
|
|
353
|
+
- `project_doc_fallback_filenames`
|
|
354
|
+
|
|
355
|
+
Official behavior:
|
|
356
|
+
|
|
357
|
+
- `model_instructions_file` replaces built-in instructions instead of relying on `AGENTS.md`
|
|
358
|
+
- Codex reads `AGENTS.md` and related files and includes a limited amount of project guidance in the first turn
|
|
359
|
+
- `project_doc_max_bytes` limits how much is read from each `AGENTS.md`
|
|
360
|
+
- `project_doc_fallback_filenames` adds alternate filenames when `AGENTS.md` is missing
|
|
361
|
+
|
|
362
|
+
### 4.8 Hooks, agents, and feature flags
|
|
363
|
+
|
|
364
|
+
Codex has a large feature surface, but a few keys matter most for local config.
|
|
365
|
+
|
|
366
|
+
Useful feature keys:
|
|
367
|
+
|
|
368
|
+
- `features.codex_hooks`
|
|
369
|
+
- `features.codex_git_commit`
|
|
370
|
+
- `features.apps`
|
|
371
|
+
- `features.memories`
|
|
372
|
+
- `features.multi_agent`
|
|
373
|
+
- `features.personality`
|
|
374
|
+
- `features.shell_tool`
|
|
375
|
+
- `features.shell_snapshot`
|
|
376
|
+
- `features.fast_mode`
|
|
377
|
+
|
|
378
|
+
The advanced config guide calls out hooks as experimental.
|
|
379
|
+
|
|
380
|
+
Hook-related locations:
|
|
381
|
+
|
|
382
|
+
- `~/.codex/hooks.json`
|
|
383
|
+
- `~/.codex/config.toml`
|
|
384
|
+
- `<repo>/.codex/hooks.json`
|
|
385
|
+
- `<repo>/.codex/config.toml`
|
|
386
|
+
|
|
387
|
+
Project-local hooks follow the same trust behavior as project-local config.
|
|
388
|
+
|
|
389
|
+
### 4.9 Notifications and TUI options
|
|
390
|
+
|
|
391
|
+
Codex supports both external notifications and TUI-native notifications.
|
|
392
|
+
|
|
393
|
+
External notification key:
|
|
394
|
+
|
|
395
|
+
- `notify`: command array that receives a JSON payload
|
|
396
|
+
|
|
397
|
+
TUI notification keys:
|
|
398
|
+
|
|
399
|
+
- `tui.notifications`
|
|
400
|
+
- `tui.notification_method`: `auto | osc9 | bel`
|
|
401
|
+
- `tui.notification_condition`: `unfocused | always`
|
|
402
|
+
|
|
403
|
+
Other common TUI keys:
|
|
404
|
+
|
|
405
|
+
- `tui.animations`
|
|
406
|
+
- `tui.alternate_screen`
|
|
407
|
+
- `tui.status_line`
|
|
408
|
+
- `tui.terminal_title`
|
|
409
|
+
- `tui.theme`
|
|
410
|
+
- `tui.show_tooltips`
|
|
411
|
+
|
|
412
|
+
The advanced config guide distinguishes:
|
|
413
|
+
|
|
414
|
+
- `notify`: use this for webhooks, desktop notifiers, CI hooks, or any external side-channel
|
|
415
|
+
- `tui.notifications`: built-in terminal notifications for the interactive UI
|
|
416
|
+
|
|
417
|
+
### 4.10 History, citations, and local UX
|
|
418
|
+
|
|
419
|
+
History keys:
|
|
420
|
+
|
|
421
|
+
- `history.persistence`: `save-all | none`
|
|
422
|
+
- `history.max_bytes`
|
|
423
|
+
|
|
424
|
+
Official behavior:
|
|
425
|
+
|
|
426
|
+
- local history is stored under `CODEX_HOME`
|
|
427
|
+
- setting `history.persistence = "none"` disables local history persistence
|
|
428
|
+
- if `history.max_bytes` is exceeded, Codex compacts the file by dropping the oldest entries
|
|
429
|
+
|
|
430
|
+
Citation/terminal integration key:
|
|
431
|
+
|
|
432
|
+
- `file_opener`: `vscode | vscode-insiders | windsurf | cursor | none`
|
|
433
|
+
|
|
434
|
+
This controls how file citations are rewritten into clickable editor links in supporting terminals or editor integrations.
|
|
435
|
+
|
|
436
|
+
### 4.11 Telemetry and analytics
|
|
437
|
+
|
|
438
|
+
Codex distinguishes between lightweight analytics and full OpenTelemetry export.
|
|
439
|
+
|
|
440
|
+
Analytics key:
|
|
441
|
+
|
|
442
|
+
- `analytics.enabled`
|
|
443
|
+
|
|
444
|
+
OpenTelemetry keys:
|
|
445
|
+
|
|
446
|
+
- `otel.environment`
|
|
447
|
+
- `otel.exporter`
|
|
448
|
+
- `otel.exporter.<id>.endpoint`
|
|
449
|
+
- `otel.exporter.<id>.headers`
|
|
450
|
+
- `otel.exporter.<id>.protocol`
|
|
451
|
+
- `otel.exporter.<id>.tls.*`
|
|
452
|
+
- `otel.log_user_prompt`
|
|
453
|
+
- `otel.metrics_exporter`
|
|
454
|
+
- `otel.trace_exporter`
|
|
455
|
+
- `otel.trace_exporter.<id>.*`
|
|
456
|
+
|
|
457
|
+
Important official behavior:
|
|
458
|
+
|
|
459
|
+
- `otel.exporter = "none"` means Codex records events but sends nothing
|
|
460
|
+
- exporters batch asynchronously and flush on shutdown
|
|
461
|
+
- event metadata includes model, sandbox settings, approval settings, CLI version, conversation id, and related fields
|
|
462
|
+
- `otel.log_user_prompt` is opt-in for exporting raw user prompts
|
|
463
|
+
|
|
464
|
+
Use `analytics.enabled` when you only need a high-level machine/profile switch.
|
|
465
|
+
|
|
466
|
+
Use `otel.*` when you need structured logs, traces, or metrics in your observability stack.
|
|
467
|
+
|
|
468
|
+
## 5. `requirements.toml`
|
|
469
|
+
|
|
470
|
+
`requirements.toml` is an admin-enforced configuration layer for security-sensitive settings that users cannot override.
|
|
471
|
+
|
|
472
|
+
The official reference describes it as a constraint system rather than a convenience layer.
|
|
473
|
+
|
|
474
|
+
High-level purpose:
|
|
475
|
+
|
|
476
|
+
- restrict which approval policies are allowed
|
|
477
|
+
- restrict which sandbox modes are allowed
|
|
478
|
+
- restrict which web search modes are allowed
|
|
479
|
+
- pin or disable selected features
|
|
480
|
+
|
|
481
|
+
Key families called out in the official reference:
|
|
482
|
+
|
|
483
|
+
- `allowed_approval_policies`
|
|
484
|
+
- `allowed_approvals_reviewers`
|
|
485
|
+
- `allowed_sandbox_modes`
|
|
486
|
+
- `allowed_web_search_modes`
|
|
487
|
+
- `[features]`
|
|
488
|
+
- `features.<name>`
|
|
489
|
+
|
|
490
|
+
Examples of feature constraints explicitly called out:
|
|
491
|
+
|
|
492
|
+
- `features.browser_use = false`
|
|
493
|
+
- `features.computer_use = false`
|
|
494
|
+
- `features.in_app_browser = false`
|
|
495
|
+
|
|
496
|
+
The official docs also note that:
|
|
497
|
+
|
|
498
|
+
- omitted feature keys remain unconstrained
|
|
499
|
+
- `disabled` is always allowed for `web_search`
|
|
500
|
+
- an empty `allowed_web_search_modes` list effectively allows only `disabled`
|
|
501
|
+
|
|
502
|
+
For enterprise setups, the reference also points to managed or cloud-fetched requirements and to admin/security documentation for precedence details.
|
|
503
|
+
|
|
504
|
+
## 6. Practical examples
|
|
505
|
+
|
|
506
|
+
### 6.1 Conservative daily default
|
|
507
|
+
|
|
508
|
+
```toml
|
|
509
|
+
model = "gpt-5.5"
|
|
510
|
+
approval_policy = "on-request"
|
|
511
|
+
sandbox_mode = "workspace-write"
|
|
512
|
+
web_search = "cached"
|
|
513
|
+
profile = "daily"
|
|
514
|
+
|
|
515
|
+
[profiles.daily]
|
|
516
|
+
model_reasoning_effort = "medium"
|
|
517
|
+
service_tier = "flex"
|
|
518
|
+
```
|
|
519
|
+
|
|
520
|
+
### 6.2 OpenAI through a proxy
|
|
521
|
+
|
|
522
|
+
```toml
|
|
523
|
+
model = "gpt-5.5"
|
|
524
|
+
openai_base_url = "https://us.api.openai.com/v1"
|
|
525
|
+
```
|
|
526
|
+
|
|
527
|
+
Use this when you still want the built-in `openai` provider behavior and only need a different base URL.
|
|
528
|
+
|
|
529
|
+
### 6.3 Custom provider with env-based auth
|
|
530
|
+
|
|
531
|
+
```toml
|
|
532
|
+
model = "gpt-5.4"
|
|
533
|
+
model_provider = "proxy"
|
|
534
|
+
|
|
535
|
+
[model_providers.proxy]
|
|
536
|
+
name = "OpenAI via team gateway"
|
|
537
|
+
base_url = "https://proxy.example.com/v1"
|
|
538
|
+
env_key = "OPENAI_API_KEY"
|
|
539
|
+
http_headers = { "X-Team" = "platform" }
|
|
540
|
+
```
|
|
541
|
+
|
|
542
|
+
### 6.4 Locked-down shell environment
|
|
543
|
+
|
|
544
|
+
```toml
|
|
545
|
+
[shell_environment_policy]
|
|
546
|
+
inherit = "none"
|
|
547
|
+
include_only = ["PATH", "HOME"]
|
|
548
|
+
exclude = ["AWS_*", "AZURE_*"]
|
|
549
|
+
ignore_default_excludes = false
|
|
550
|
+
```
|
|
551
|
+
|
|
552
|
+
### 6.5 Disable local history
|
|
553
|
+
|
|
554
|
+
```toml
|
|
555
|
+
[history]
|
|
556
|
+
persistence = "none"
|
|
557
|
+
```
|
|
558
|
+
|
|
559
|
+
### 6.6 Basic OTEL logging
|
|
560
|
+
|
|
561
|
+
```toml
|
|
562
|
+
[otel]
|
|
563
|
+
environment = "prod"
|
|
564
|
+
exporter = { otlp-http = {
|
|
565
|
+
endpoint = "https://otel.example.com/v1/logs",
|
|
566
|
+
protocol = "binary"
|
|
567
|
+
}}
|
|
568
|
+
log_user_prompt = false
|
|
569
|
+
```
|
|
570
|
+
|
|
571
|
+
### 6.7 Admin-enforced requirements
|
|
572
|
+
|
|
573
|
+
```toml
|
|
574
|
+
allowed_approval_policies = ["on-request", "never"]
|
|
575
|
+
allowed_sandbox_modes = ["read-only", "workspace-write"]
|
|
576
|
+
allowed_web_search_modes = ["cached"]
|
|
577
|
+
|
|
578
|
+
[features]
|
|
579
|
+
browser_use = false
|
|
580
|
+
computer_use = false
|
|
581
|
+
```
|
|
582
|
+
|
|
583
|
+
## 7. Recommended reading strategy
|
|
584
|
+
|
|
585
|
+
Use this document for:
|
|
586
|
+
|
|
587
|
+
- understanding how the config system is organized
|
|
588
|
+
- choosing the right config layer
|
|
589
|
+
- finding the right key family quickly
|
|
590
|
+
|
|
591
|
+
Go back to the official reference when you need:
|
|
592
|
+
|
|
593
|
+
- every single supported key
|
|
594
|
+
- full type information for a rare key
|
|
595
|
+
- exact nested schema for provider auth, permissions, hooks, or OTEL exporters
|
|
596
|
+
- the latest values added after 2026-05-14
|
|
597
|
+
|
|
598
|
+
## 8. Notable update notes from the official pages
|
|
599
|
+
|
|
600
|
+
- `experimental_instructions_file` has been renamed to `model_instructions_file`
|
|
601
|
+
- `approval_policy = "on-failure"` is deprecated
|
|
602
|
+
- legacy `features.web_search*` toggles are deprecated in favor of top-level `web_search`
|
|
603
|
+
- profiles are still experimental
|
|
604
|
+
- profiles are not currently supported in the Codex IDE extension
|