구성 참조
출처 URL: https://developers.openai.com/codex/config-reference
구성 참조
섹션 제목: “구성 참조”이 페이지는 Codex 구성 파일을 위한 검색 가능한 참조입니다. 개념적 안내와 예제를 보려면 Config basics와 Advanced Config부터 시작하세요.
config.toml
섹션 제목: “config.toml”사용자 수준 구성은 ~/.codex/config.toml에 저장됩니다. 프로젝트 범위의 오버라이드는 .codex/config.toml 파일에서 추가할 수 있습니다. Codex는 해당 프로젝트를 신뢰하는 경우에만 프로젝트 범위 구성 파일을 로드합니다.
샌드박스 및 승인 키(approval_policy, sandbox_mode, sandbox_workspace_write.*)에 대해서는 Sandbox and approvals, Protected paths in writable roots, Network access 문서를 함께 참고하세요.
<ConfigTable options={[ { key: "model", type: "string", description: "Model to use (e.g., `gpt-5-codex`).", }, { key: "review_model", type: "string", description: "Optional model override used by `/review` (defaults to the current session model).", }, { key: "model_provider", type: "string", description: "Provider id from `model_providers` (default: `openai`).", }, { key: "model_context_window", type: "number", description: "Context window tokens available to the active model.", }, { key: "model_auto_compact_token_limit", type: "number", description: "Token threshold that triggers automatic history compaction (unset uses model defaults).", }, { key: "oss_provider", type: "lmstudio | ollama", description: "Default local provider used when running with `--oss` (defaults to prompting if unset).", }, { key: "approval_policy", type: "untrusted | on-request | never", description: "Controls when Codex pauses for approval before executing commands. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs.", }, { key: "sandbox_mode", type: "read-only | workspace-write | danger-full-access", description: "Sandbox policy for filesystem and network access during command execution.", }, { key: "sandbox_workspace_write.writable_roots", type: "array<string>", description: 'Additional writable roots when `sandbox_mode = "workspace-write"`.', }, { key: "sandbox_workspace_write.network_access", type: "boolean", description: "Allow outbound network access inside the workspace-write sandbox.", }, { key: "sandbox_workspace_write.exclude_tmpdir_env_var", type: "boolean", description: "Exclude `$TMPDIR` from writable roots in workspace-write mode.", }, { key: "sandbox_workspace_write.exclude_slash_tmp", type: "boolean", description: "Exclude `/tmp` from writable roots in workspace-write mode.", }, { key: "notify", type: "array<string>", description: "Command invoked for notifications; receives a JSON payload from Codex.", }, { key: "check_for_update_on_startup", type: "boolean", description: "Check for Codex updates on startup (set to false only when updates are centrally managed).", }, { key: "feedback.enabled", type: "boolean", description: "Enable feedback submission via `/feedback` across Codex surfaces (default: true).", }, { key: "instructions", type: "string", description: "Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`.", }, { key: "developer_instructions", type: "string", description: "Additional developer instructions injected into the session (optional).", }, { key: "log_dir", type: "string (path)", description: "Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`.", }, { key: "compact_prompt", type: "string", description: "Inline override for the history compaction prompt.", }, { key: "model_instructions_file", type: "string (path)", description: "Replacement for built-in instructions instead of `AGENTS.md`.", }, { key: "personality", type: "none | friendly | pragmatic", description: "Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`.", }, { key: "experimental_compact_prompt_file", type: "string (path)", description: "Load the compaction prompt override from a file (experimental).", }, { key: "skills.config", type: "array<object>", description: "Per-skill enablement overrides stored in config.toml.", }, { key: "skills.config.<index>.path", type: "string (path)", description: "Path to a skill folder containing `SKILL.md`.", }, { key: "skills.config.<index>.enabled", type: "boolean", description: "Enable or disable the referenced skill.", }, { key: "apps.<id>.enabled", type: "boolean", description: "Enable or disable a specific app/connector by id (default: true).", }, { key: "apps.<id>.disabled_reason", type: "unknown | user", description: "Optional reason attached when an app/connector is disabled.", }, { key: "features.apps", type: "boolean", description: "Enable ChatGPT Apps/connectors support (experimental).", }, { key: "features.apps_mcp_gateway", type: "boolean", description: "Route Apps MCP calls through the OpenAI connectors MCP gateway (`https://api.openai.com/v1/connectors/mcp/`) instead of legacy routing (experimental).", }, { key: "mcp_servers.<id>.command", type: "string", description: "Launcher command for an MCP stdio server.", }, { key: "mcp_servers.<id>.args", type: "array<string>", description: "Arguments passed to the MCP stdio server command.", }, { key: "mcp_servers.<id>.env", type: "map<string,string>", description: "Environment variables forwarded to the MCP stdio server.", }, { key: "mcp_servers.<id>.env_vars", type: "array<string>", description: "Additional environment variables to whitelist for an MCP stdio server.", }, { key: "mcp_servers.<id>.cwd", type: "string", description: "Working directory for the MCP stdio server process.", }, { key: "mcp_servers.<id>.url", type: "string", description: "Endpoint for an MCP streamable HTTP server.", }, { key: "mcp_servers.<id>.bearer_token_env_var", type: "string", description: "Environment variable sourcing the bearer token for an MCP HTTP server.", }, { key: "mcp_servers.<id>.http_headers", type: "map<string,string>", description: "Static HTTP headers included with each MCP HTTP request.", }, { key: "mcp_servers.<id>.env_http_headers", type: "map<string,string>", description: "HTTP headers populated from environment variables for an MCP HTTP server.", }, { key: "mcp_servers.<id>.enabled", type: "boolean", description: "Disable an MCP server without removing its configuration.", }, { key: "mcp_servers.<id>.required", type: "boolean", description: "When true, fail startup/resume if this enabled MCP server cannot initialize.", }, { key: "mcp_servers.<id>.startup_timeout_sec", type: "number", description: "Override the default 10s startup timeout for an MCP server.", }, { key: "mcp_servers.<id>.startup_timeout_ms", type: "number", description: "Alias for `startup_timeout_sec` in milliseconds.", }, { key: "mcp_servers.<id>.tool_timeout_sec", type: "number", description: "Override the default 60s per-tool timeout for an MCP server.", }, { key: "mcp_servers.<id>.enabled_tools", type: "array<string>", description: "Allow list of tool names exposed by the MCP server.", }, { key: "mcp_servers.<id>.disabled_tools", type: "array<string>", description: "Deny list applied after `enabled_tools` for the MCP server.", }, { key: "agents.max_threads", type: "number", description: "Maximum number of agent threads that can be open concurrently.", }, { key: "agents.<name>.description", type: "string", description: "Role guidance shown to Codex when choosing and spawning that agent type.", }, { key: "agents.<name>.config_file", type: "string (path)", description: "Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role.", }, { key: "features.unified_exec", type: "boolean", description: "Use the unified PTY-backed exec tool (beta).", }, { key: "features.shell_snapshot", type: "boolean", description: "Snapshot shell environment to speed up repeated commands (beta).", }, { key: "features.apply_patch_freeform", type: "boolean", description: "Expose the freeform `apply_patch` tool (experimental).", }, { key: "features.multi_agent", type: "boolean", description: "Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait`, and `close_agent`) (experimental; off by default).", }, { key: "features.personality", type: "boolean", description: "Enable personality selection controls (stable; on by default).", }, { key: "features.web_search", type: "boolean", description: "Deprecated legacy toggle; prefer the top-level `web_search` setting.", }, { key: "features.web_search_cached", type: "boolean", description: 'Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`.', }, { key: "features.web_search_request", type: "boolean", description: 'Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`.', }, { key: "features.shell_tool", type: "boolean", description: "Enable the default `shell` tool for running commands (stable; on by default).", }, { key: "features.request_rule", type: "boolean", description: "Enable Smart approvals (`prefix_rule` suggestions on escalation requests; stable; on by default).", }, { key: "features.search_tool", type: "boolean", description: "Enable `search_tool_bm25` for Apps tool discovery before invoking app MCP tools (experimental).", }, { key: "features.collaboration_modes", type: "boolean", description: "Enable collaboration modes such as plan mode (stable; on by default).", }, { key: "features.use_linux_sandbox_bwrap", type: "boolean", description: "Use the bubblewrap-based Linux sandbox pipeline (experimental; off by default).", }, { key: "features.experimental_windows_sandbox", type: "boolean", description: "Run the Windows restricted-token sandbox (experimental).", }, { key: "features.elevated_windows_sandbox", type: "boolean", description: "Enable the elevated Windows sandbox pipeline (experimental).", }, { key: "features.remote_models", type: "boolean", description: "Refresh remote model list before showing readiness (experimental).", }, { key: "features.runtime_metrics", type: "boolean", description: "Show runtime metrics summary in TUI turn separators (experimental).", }, { key: "features.powershell_utf8", type: "boolean", description: "Force PowerShell UTF-8 output (defaults to true).", }, { key: "features.child_agents_md", type: "boolean", description: "Append AGENTS.md scope/precedence guidance even when no AGENTS.md is present (experimental).", }, { key: "suppress_unstable_features_warning", type: "boolean", description: "Suppress the warning that appears when under-development feature flags are enabled.", }, { key: "model_providers.<id>.name", type: "string", description: "Display name for a custom model provider.", }, { key: "model_providers.<id>.base_url", type: "string", description: "API base URL for the model provider.", }, { key: "model_providers.<id>.env_key", type: "string", description: "Environment variable supplying the provider API key.", }, { key: "model_providers.<id>.env_key_instructions", type: "string", description: "Optional setup guidance for the provider API key.", }, { key: "model_providers.<id>.experimental_bearer_token", type: "string", description: "Direct bearer token for the provider (discouraged; use `env_key`).", }, { key: "model_providers.<id>.requires_openai_auth", type: "boolean", description: "The provider uses OpenAI authentication (defaults to false).", }, { key: "model_providers.<id>.wire_api", type: "chat | responses", description: "Protocol used by the provider (defaults to `chat` if omitted).", }, { key: "model_providers.<id>.query_params", type: "map<string,string>", description: "Extra query parameters appended to provider requests.", }, { key: "model_providers.<id>.http_headers", type: "map<string,string>", description: "Static HTTP headers added to provider requests.", }, { key: "model_providers.<id>.env_http_headers", type: "map<string,string>", description: "HTTP headers populated from environment variables when present.", }, { key: "model_providers.<id>.request_max_retries", type: "number", description: "Retry count for HTTP requests to the provider (default: 4).", }, { key: "model_providers.<id>.stream_max_retries", type: "number", description: "Retry count for SSE streaming interruptions (default: 5).", }, { key: "model_providers.<id>.stream_idle_timeout_ms", type: "number", description: "Idle timeout for SSE streams in milliseconds (default: 300000).", }, { key: "model_reasoning_effort", type: "minimal | low | medium | high | xhigh", description: "Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent).", }, { key: "model_reasoning_summary", type: "auto | concise | detailed | none", description: "Select reasoning summary detail or disable summaries entirely.", }, { key: "model_verbosity", type: "low | medium | high", description: "Control GPT-5 Responses API verbosity (defaults to `medium`).", }, { key: "model_supports_reasoning_summaries", type: "boolean", description: "Force Codex to send or not send reasoning metadata.", }, { key: "shell_environment_policy.inherit", type: "all | core | none", description: "Baseline environment inheritance when spawning subprocesses.", }, { key: "shell_environment_policy.ignore_default_excludes", type: "boolean", description: "Keep variables containing KEY/SECRET/TOKEN before other filters run.", }, { key: "shell_environment_policy.exclude", type: "array<string>", description: "Glob patterns for removing environment variables after the defaults.", }, { key: "shell_environment_policy.include_only", type: "array<string>", description: "Whitelist of patterns; when set only matching variables are kept.", }, { key: "shell_environment_policy.set", type: "map<string,string>", description: "Explicit environment overrides injected into every subprocess.", }, { key: "shell_environment_policy.experimental_use_profile", type: "boolean", description: "Use the user shell profile when spawning subprocesses.", }, { key: "project_root_markers", type: "array<string>", description: "List of project root marker filenames; used when searching parent directories for the project root.", }, { key: "project_doc_max_bytes", type: "number", description: "Maximum bytes read from `AGENTS.md` when building project instructions.", }, { key: "project_doc_fallback_filenames", type: "array<string>", description: "Additional filenames to try when `AGENTS.md` is missing.", }, { key: "profile", type: "string", description: "Default profile applied at startup (equivalent to `--profile`).", }, { key: "profiles.<name>.*", type: "various", description: "Profile-scoped overrides for any of the supported configuration keys.", }, { key: "profiles.<name>.include_apply_patch_tool", type: "boolean", description: "Legacy name for enabling freeform apply_patch; prefer `[features].apply_patch_freeform`.", }, { key: "profiles.<name>.web_search", type: "disabled | cached | live", description: 'Profile-scoped web search mode override (default: `"cached"`).', }, { key: "profiles.<name>.personality", type: "none | friendly | pragmatic", description: "Profile-scoped communication style override for supported models.", }, { key: "profiles.<name>.experimental_use_unified_exec_tool", type: "boolean", description: "Legacy name for enabling unified exec; prefer `[features].unified_exec`.", }, { key: "profiles.<name>.experimental_use_freeform_apply_patch", type: "boolean", description: "Legacy name for enabling freeform apply_patch; prefer `[features].apply_patch_freeform`.", }, { key: "profiles.<name>.oss_provider", type: "lmstudio | ollama", description: "Profile-scoped OSS provider for `--oss` sessions.", }, { key: "history.persistence", type: "save-all | none", description: "Control whether Codex saves session transcripts to history.jsonl.", }, { key: "tool_output_token_limit", type: "number", description: "Token budget for storing individual tool/function outputs in history.", }, { key: "history.max_bytes", type: "number", description: "If set, caps the history file size in bytes by dropping oldest entries.", }, { key: "file_opener", type: "vscode | vscode-insiders | windsurf | cursor | none", description: "URI scheme used to open citations from Codex output (default: `vscode`).", }, { key: "otel.environment", type: "string", description: "Environment tag applied to emitted OpenTelemetry events (default: `dev`).", }, { key: "otel.exporter", type: "none | otlp-http | otlp-grpc", description: "Select the OpenTelemetry exporter and provide any endpoint metadata.", }, { key: "otel.trace_exporter", type: "none | otlp-http | otlp-grpc", description: "Select the OpenTelemetry trace exporter and provide any endpoint metadata.", }, { key: "otel.log_user_prompt", type: "boolean", description: "Opt in to exporting raw user prompts with OpenTelemetry logs.", }, { key: "otel.exporter.<id>.endpoint", type: "string", description: "Exporter endpoint for OTEL logs.", }, { key: "otel.exporter.<id>.protocol", type: "binary | json", description: "Protocol used by the OTLP/HTTP exporter.", }, { key: "otel.exporter.<id>.headers", type: "map<string,string>", description: "Static headers included with OTEL exporter requests.", }, { key: "otel.trace_exporter.<id>.endpoint", type: "string", description: "Trace exporter endpoint for OTEL logs.", }, { key: "otel.trace_exporter.<id>.protocol", type: "binary | json", description: "Protocol used by the OTLP/HTTP trace exporter.", }, { key: "otel.trace_exporter.<id>.headers", type: "map<string,string>", description: "Static headers included with OTEL trace exporter requests.", }, { key: "otel.exporter.<id>.tls.ca-certificate", type: "string", description: "CA certificate path for OTEL exporter TLS.", }, { key: "otel.exporter.<id>.tls.client-certificate", type: "string", description: "Client certificate path for OTEL exporter TLS.", }, { key: "otel.exporter.<id>.tls.client-private-key", type: "string", description: "Client private key path for OTEL exporter TLS.", }, { key: "otel.trace_exporter.<id>.tls.ca-certificate", type: "string", description: "CA certificate path for OTEL trace exporter TLS.", }, { key: "otel.trace_exporter.<id>.tls.client-certificate", type: "string", description: "Client certificate path for OTEL trace exporter TLS.", }, { key: "otel.trace_exporter.<id>.tls.client-private-key", type: "string", description: "Client private key path for OTEL trace exporter TLS.", }, { key: "tui", type: "table", description: "TUI-specific options such as enabling inline desktop notifications.", }, { key: "tui.notifications", type: "boolean | array<string>", description: "Enable TUI notifications; optionally restrict to specific event types.", }, { key: "tui.notification_method", type: "auto | osc9 | bel", description: "Notification method for unfocused terminal notifications (default: auto).", }, { key: "tui.animations", type: "boolean", description: "Enable terminal animations (welcome screen, shimmer, spinner) (default: true).", }, { key: "tui.alternate_screen", type: "auto | always | never", description: "Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback).", }, { key: "tui.show_tooltips", type: "boolean", description: "Show onboarding tooltips in the TUI welcome screen (default: true).", }, { key: "tui.status_line", type: "array<string> | null", description: "Ordered list of TUI footer status-line item identifiers. `null` disables the status line.", }, { key: "hide_agent_reasoning", type: "boolean", description: "Suppress reasoning events in both the TUI and `codex exec` output.", }, { key: "show_raw_agent_reasoning", type: "boolean", description: "Surface raw reasoning content when the active model emits it.", }, { key: "disable_paste_burst", type: "boolean", description: "Disable burst-paste detection in the TUI.", }, { key: "windows_wsl_setup_acknowledged", type: "boolean", description: "Track Windows onboarding acknowledgement (Windows only).", }, { key: "chatgpt_base_url", type: "string", description: "Override the base URL used during the ChatGPT login flow.", }, { key: "cli_auth_credentials_store", type: "file | keyring | auto", description: "Control where the CLI stores cached credentials (file-based auth.json vs OS keychain).", }, { key: "mcp_oauth_credentials_store", type: "auto | file | keyring", description: "Preferred store for MCP OAuth credentials.", }, { key: "mcp_oauth_callback_port", type: "integer", description: "Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS.", }, { key: "experimental_use_unified_exec_tool", type: "boolean", description: "Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`.", }, { key: "experimental_use_freeform_apply_patch", type: "boolean", description: "Legacy name for enabling freeform apply_patch; prefer `[features].apply_patch_freeform` or `codex --enable apply_patch_freeform`.", }, { key: "include_apply_patch_tool", type: "boolean", description: "Legacy name for enabling freeform apply_patch; prefer `[features].apply_patch_freeform`.", }, { key: "tools.web_search", type: "boolean", description: "Deprecated legacy toggle for web search; prefer the top-level `web_search` setting.", }, { key: "web_search", type: "disabled | cached | live", description: 'Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool.', }, { key: "projects.<path>.trust_level", type: "string", description: 'Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers.', }, { key: "notice.hide_full_access_warning", type: "boolean", description: "Track acknowledgement of the full access warning prompt.", }, { key: "notice.hide_world_writable_warning", type: "boolean", description: "Track acknowledgement of the Windows world-writable directories warning.", }, { key: "notice.hide_rate_limit_model_nudge", type: "boolean", description: "Track opt-out of the rate limit model switch reminder.", }, { key: "notice.hide_gpt5_1_migration_prompt", type: "boolean", description: "Track acknowledgement of the GPT-5.1 migration prompt.", }, { key: "notice.hide_gpt-5.1-codex-max_migration_prompt", type: "boolean", description: "Track acknowledgement of the gpt-5.1-codex-max migration prompt.", }, { key: "notice.model_migrations", type: "map<string,string>", description: "Track acknowledged model migrations as old->new mappings.", }, { key: "forced_login_method", type: "chatgpt | api", description: "Restrict Codex to a specific authentication method.", }, { key: "forced_chatgpt_workspace_id", type: "string (uuid)", description: "Limit ChatGPT logins to a specific workspace identifier.", }, ]} client:load/>config.toml의 최신 JSON 스키마는 여기에서 확인할 수 있습니다.
VS Code나 Cursor에서 config.toml을 편집할 때 자동 완성과 진단을 받으려면 Even Better TOML 확장 기능을 설치하고, config.toml 상단에 다음 줄을 추가하세요:
#:schema https://developers.openai.com/codex/config-schema.json참고: experimental_instructions_file의 이름을 model_instructions_file로 바꾸세요. Codex가 이전 키를 더 이상 사용하지 않으므로 기존 구성도 새 이름으로 업데이트해야 합니다.
requirements.toml
섹션 제목: “requirements.toml”requirements.toml은 사용자가 재정의할 수 없는 보안 민감 설정을 제한하는 관리자 적용형 구성 파일입니다. 자세한 정보, 위치, 예시는 관리자 적용 요구사항을 참고하세요.
ChatGPT Business 및 Enterprise 사용자의 경우 Codex가 클라우드에서 가져온 requirements를 적용할 수도 있습니다. 우선순위 상세는 보안 페이지를 확인하세요.
<ConfigTable options={[ { key: "allowed_approval_policies", type: "array<string>", description: "Allowed values for `approval_policy`.", }, { key: "allowed_sandbox_modes", type: "array<string>", description: "Allowed values for `sandbox_mode`.", }, { key: "allowed_web_search_modes", type: "array<string>", description: "Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`.", }, { key: "mcp_servers", type: "table", description: "Allowlist of MCP servers that may be enabled. Both the server name (`<id>`) and its identity must match for the MCP server to be enabled. Any configured MCP server not in the allowlist (or with a mismatched identity) is disabled.", }, { key: "mcp_servers.<id>.identity", type: "table", description: "Identity rule for a single MCP server. Set either `command` (stdio) or `url` (streamable HTTP).", }, { key: "mcp_servers.<id>.identity.command", type: "string", description: "Allow an MCP stdio server when its `mcp_servers.<id>.command` matches this command.", }, { key: "mcp_servers.<id>.identity.url", type: "string", description: "Allow an MCP streamable HTTP server when its `mcp_servers.<id>.url` matches this URL.", }, { key: "rules", type: "table", description: "Admin-enforced command rules merged with `.rules` files. Requirements rules must be restrictive.", }, { key: "rules.prefix_rules", type: "array<table>", description: "List of enforced prefix rules. Each rule must include `pattern` and `decision`.", }, { key: "rules.prefix_rules[].pattern", type: "array<table>", description: "Command prefix expressed as pattern tokens. Each token sets either `token` or `any_of`.", }, { key: "rules.prefix_rules[].pattern[].token", type: "string", description: "A single literal token at this position.", }, { key: "rules.prefix_rules[].pattern[].any_of", type: "array<string>", description: "A list of allowed alternative tokens at this position.", }, { key: "rules.prefix_rules[].decision", type: "prompt | forbidden", description: "Required. Requirements rules can only prompt or forbid (not allow).", }, { key: "rules.prefix_rules[].justification", type: "string", description: "Optional non-empty rationale surfaced in approval prompts or rejection messages.", }, ]} client:load/>