Team Config groups the files teams use to standardize Codex for their organization. Use it to share defaults, rules, and skills without duplicating setup in every local configuration.
What Team Config includes
| Type | Path | Use it to |
|---|---|---|
| Config basics | config.toml | Set defaults for sandbox mode, approvals, model, reasoning effort, and more. |
| Rules | rules/ | Control which commands Codex can run outside the sandbox. |
| Skills | skills/ | Make shared skills available to your team. |
Where Team Config lives
Codex loads Team Config from these locations in order of precedence (highest to lowest):
$CWD/.codex/(current working directory)$CWD/../.codex/(parent folders above CWD when inside a repo)$REPO_ROOT/.codex/(repo root when inside a repo)$CODEX_HOME(defaults to~/.codex/)/etc/codex/
Each location can include config.toml, rules/, and skills/.
Requirements enforce constraints
Use requirements.toml to constrain defaults like sandbox_mode and approval_policy. Requirements override all defaults, regardless of location, and the UI prevents selecting conflicting values.
Supported clients
Team Config works in:
- CLI
- IDE extensions (VS Code, Cursor, and the Codex app)
FAQ
Difference between requirements and admin defaults
Admin defaults are a baseline for new machines or automation. Higher-precedence layers or in-session UI changes can override them.
Requirements are constraints that enforce allowed values for a limited set of properties like sandbox mode and approval policy. Users can’t run Codex with conflicting values.