This is the deeper environment catalog for Codex Manager operators.
Use it when setup-and-run.md is not enough and you need exact variable behavior, defaults, and tuning guidance for API supervision, queue runtime, and extension governance.
This reference covers variables read by the API process (apps/api) and its supervised runtime behavior.
For web env variables, see apps/web/.env.example and keep browser-exposed values limited to VITE_* keys.
From apps/api/.env.example:
HOST(default127.0.0.1)PORT(default3001)LOG_LEVEL(defaultinfo)DATA_DIR(default.data)
Operational guidance:
- Keep
HOSTloopback by default for local-first posture. - Keep runtime artifacts under
.data/(or another ignored runtime path).
CODEX_BIN- Binary path/name for launching app-server (default uses
codexonPATH).
- Binary path/name for launching app-server (default uses
CODEX_HOME- Codex home directory used by supervised runtime.
- Repo-local value (for example
.data/codex-home) keeps local dev deterministic.
OPENAI_API_KEY- API-key auth path when Codex auth state is not already present in
CODEX_HOME/auth.json.
- API-key auth path when Codex auth state is not already present in
Credential source behavior:
- On API startup, if
CODEX_HOMEis set andCODEX_HOME/auth.jsonis missing, codex-manager attempts a one-time bootstrap copy from~/.codex/auth.json. - If
CODEX_HOME/auth.jsonalready exists, no bootstrap copy is performed. - If
CODEX_HOMEis unset, bootstrap copy is skipped.
Health/auth signal:
GET /api/healthexposesauth.hasOpenAiApiKey,auth.codexHomeAuthFile, andauth.likelyUnauthenticated.likelyUnauthenticatedis a heuristic: it istrueonly when bothOPENAI_API_KEYis absent andCODEX_HOME/auth.jsonis not present.- For deterministic local behavior, prefer setting
CODEX_HOMEexplicitly (for example.data/codex-home) and keeping auth state there.
Baseline session defaults applied on thread lifecycle calls:
DEFAULT_APPROVAL_POLICYuntrusted | on-failure | on-request | never
DEFAULT_SANDBOX_MODEread-only | workspace-write | danger-full-access
DEFAULT_NETWORK_ACCESSrestricted | enabled
SESSION_DEFAULTS_LOCKEDtrue|false- when
true, default scope is harness-controlled and read-only from UI default-edit flows.
Queue enablement and capacity:
ORCHESTRATOR_QUEUE_ENABLEDORCHESTRATOR_QUEUE_GLOBAL_CONCURRENCYORCHESTRATOR_QUEUE_MAX_PER_PROJECTORCHESTRATOR_QUEUE_MAX_GLOBAL
Retry/timeout controls:
ORCHESTRATOR_QUEUE_MAX_ATTEMPTSORCHESTRATOR_QUEUE_DEFAULT_TIMEOUT_MSORCHESTRATOR_QUEUE_BACKGROUND_AGING_MSORCHESTRATOR_QUEUE_MAX_INTERACTIVE_BURST
Suggest-request controls:
ORCHESTRATOR_SUGGEST_REQUEST_ENABLEDORCHESTRATOR_SUGGEST_REQUEST_WAIT_MS
Worker turn settlement controls:
ORCHESTRATOR_AGENT_TURN_TIMEOUT_MSORCHESTRATOR_AGENT_POLL_INTERVAL_MSORCHESTRATOR_AGENT_INCLUDE_TURNS_GRACE_MSORCHESTRATOR_AGENT_UNTRUSTED_TERMINAL_GRACE_MSORCHESTRATOR_AGENT_EMPTY_TURN_GRACE_MS
Practical guidance:
- Increase capacity only after validating memory/latency headroom.
- Keep timeout/grace values balanced to avoid both premature failures and multi-minute phantom stalls.
- Validate changes with
pnpm smoke:runtimeplus queue-focused scenarios.
RBAC mode and credentials:
AGENT_EXTENSION_RBAC_MODE=disabled|header|jwtAGENT_EXTENSION_RBAC_HEADER_SECRETAGENT_EXTENSION_ALLOW_INSECURE_HEADER_MODE=true|falseAGENT_EXTENSION_RBAC_JWT_SECRETAGENT_EXTENSION_RBAC_JWT_ISSUERAGENT_EXTENSION_RBAC_JWT_AUDIENCEAGENT_EXTENSION_RBAC_JWT_ROLE_CLAIMAGENT_EXTENSION_RBAC_JWT_ACTOR_CLAIM
Trust mode:
AGENT_EXTENSION_TRUST_MODE=disabled|warn|enforced
Extension roots:
AGENT_EXTENSION_PACKAGE_ROOTSAGENT_EXTENSION_CONFIGURED_ROOTS
Guidance:
- For local dev,
disabledRBAC + loopback host is acceptable. - For shared operator environments, use
jwtor securedheadermode. - Use
enforcedtrust mode only when capability declarations are complete.
Local guarded profile (recommended default):
- approval:
untrusted - sandbox:
read-only - network:
restricted - queue enabled, moderate concurrency.
Automation-heavy local profile:
- approval:
neverfor dedicated automation sessions only. - sandbox/network relaxed for trusted runs.
- explicit extension trust/RBAC controls enabled.
When changing env-driven behavior:
- Update the relevant operations doc in the same commit.
- Re-run type/test/smoke/conformance commands.
- Verify
GET /api/healthand queue/extension endpoints reflect expected state.
- Setup and first run:
setup-and-run.md - Queue runtime deep dive:
agent-queue-runtime-semantics.md - Queue event/payload contracts:
agent-queue-event-and-job-contracts.md - Extension lifecycle governance:
agent-extension-lifecycle-and-conformance.md - Troubleshooting:
troubleshooting.md