Skip to main content
Glama

codex_request

Destructive

Run an OpenAI Codex CLI request synchronously, automatically deferring to a pollable job if needed. Accepts a text prompt or a structured prompt with parts for cache-aware execution.

Instructions

Run an OpenAI Codex CLI request synchronously (when async jobs are enabled, auto-defers to a pollable job past the sync deadline; otherwise runs to completion). Requires exactly one of prompt or promptParts.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
ossNoCodex --oss: use the open-source provider. New sessions only.
colorNoCodex --color: output color mode (always|never|auto). New sessions only.
modelNoModel name or alias (e.g. gpt-5.5, gpt-5.4, latest)
addDirNoCodex --add-dir <DIR>: additional writable workspace directories. Emitted once per entry on new sessions only; resume inherits the original session's writable-dir policy. Stdio/local callers may pass local paths directly. Remote HTTP/OAuth callers must use relative paths inside a selected registered workspace. Do not call workspace_* tools to fix stdio/local provider path access.
enableNoCodex --enable <FEATURE> (repeatable): enable a feature for this run (equivalent to -c features.<name>=true). Accepted on resume.
imagesNoCodex -i <path>: image attachments. Each path must exist; missing paths fail fast.
promptNoPrompt text for Codex (mutually exclusive with promptParts)
searchNoDEPRECATED compatibility input: accepted but ignored because current Codex exec no longer accepts --search.
disableNoCodex --disable <FEATURE> (repeatable): disable a feature for this run (equivalent to -c features.<name>=false). Accepted on resume.
profileNoCodex --profile <name>: select a profile from ~/.codex/config.toml.
fullAutoNoDEPRECATED: prefer `sandboxMode`. Expands to `--sandbox workspace-write`; current Codex no longer accepts approval-policy flags.
worktreeNoSlice λ: run this request inside a dedicated git worktree owned by the gateway. `true` creates a fresh worktree at `<repoRoot>/.worktrees/<uuid>` branched from HEAD. `{ name?, ref? }` lets the caller supply a sanitized name and/or a git ref (default: HEAD). When the request carries a sessionId and the session already has a worktree, that worktree is reused. The gateway spawns the child CLI with `cwd: <worktree-path>` — no `-w`/`--worktree` flag is ever emitted to the underlying CLI. On session_delete or TTL eviction the gateway runs `git worktree remove --force`. Successful responses are prefixed with `[gateway] worktree=<absolute-path>\n` so callers can use the path. NOTE: callers should `.gitignore` the `.worktrees/` directory in their repo (the gateway does NOT auto-gitignore — see slice λ spec Q4).
ephemeralNoCodex --ephemeral: do not persist the session to disk.
sessionIdNoCodex session UUID to resume via `codex exec resume <ID>`. Must be a real Codex session ID (from `~/.codex/sessions/` or the `codex resume` picker). Gateway-generated `gw-*` IDs are rejected. For a brand-new session no resumable sessionId is returned; continue with resumeLatest:true or a real Codex UUID.
workspaceNoRegistered workspace alias for remote HTTP/OAuth provider calls. Do not use this field, workspace_list, or workspace_register_existing_repo as a fallback for stdio/local provider path access; pass workingDir/addDir/includeDirs directly instead.
mcpServersNoMCP server names for approval tracking (Codex manages its own MCP config)
workingDirNoCodex -C/--cd <DIR>: working root for this session. Emitted on new sessions only; resume inherits the original session's cwd via CODEX_RESUME_FILTERED_FLAGS. Stdio/local callers may pass local paths directly. Remote HTTP/OAuth callers must use relative paths inside a selected registered workspace. Do not call workspace_* tools to fix stdio/local provider path access.
ignoreRulesNoCodex --ignore-rules: skip project rule files for this run.
promptPartsNoCache-aware structured prompt: { system?, tools?, context?, task }. Mutually exclusive with prompt. Stable parts hash into cache_state for prefix-discipline tracking.
sandboxModeNoCodex --sandbox. Omit = Codex exec built-in default (read-only; cannot write files). Pass workspace-write to let Codex edit files in the working dir, or danger-full-access for unrestricted access.
forceRefreshNoBypass dedup and force a fresh CLI run even if a recent identical request exists
outputFormatNoCodex caller-facing output format. Token/cache usage is recorded in the flight recorder regardless. `text` (default) returns the plain reply; `json` returns the raw `--json` JSONL event stream.text
outputSchemaNoCodex --output-schema. Pass a path (string) or an inline JSON Schema object; object is materialised to a 0o600 temp file under os.tmpdir() and deleted after the run.
resumeLatestNoResume the most recent Codex session via `codex exec resume --last`. Ignored if sessionId is set. A brand-new session returns no resumable sessionId; continue with resumeLatest:true or a real Codex UUID.
strictConfigNoCodex --strict-config: error out when config.toml contains fields not recognized by this Codex version. New sessions only.
correlationIdNoRequest trace ID (auto if omitted)
idleTimeoutMsNoIdle timeout in ms (min 30s, max 1h, omit=CLI default)
localProviderNoCodex --local-provider: local OSS provider (lmstudio|ollama), used with oss. New sessions only.
approvalPolicyNoApproval policy when approvalStrategy is mcp_managed: strict|balanced|permissive (default balanced). Ignored under legacy strategy.
askForApprovalNoDEPRECATED compatibility input: accepted but ignored because current Codex no longer accepts --ask-for-approval.
optimizePromptNoOptimize prompt before execution
configOverridesNoCodex -c key=value overrides. Keys: /^[a-zA-Z0-9._]+$/. Values: no CR/LF.
approvalStrategyNoApproval strategy: legacy (default) lets the provider CLI's own flags decide; mcp_managed routes the run through the gateway approval gate (required for approvalPolicy and approval_list). Under mcp_managed the caller's permissionMode/alwaysApprove may be overridden by the gate.legacy
compressResponseNoCompress the response display text via the native compressor (default: [compression].enabled in config.toml, off unless opted in). Skipped for structured output.
createNewSessionNoForce a fresh session (no resume)
ignoreUserConfigNoCodex --ignore-user-config: ignore ~/.codex/config.toml for this run.
optimizeResponseNoOptimize response output
outputLastMessageNoCodex -o/--output-last-message <FILE>: write the agent's last message to a file. New sessions only.
useLegacyFullAutoFlagNoDEPRECATED compatibility input: accepted but ignored because current Codex no longer accepts --full-auto.
dangerouslyBypassHookTrustNoCodex --dangerously-bypass-hook-trust: run enabled hooks without persisted hook trust for this invocation. DANGEROUS. Explicit opt-in; never defaulted on.
dangerouslyBypassApprovalsAndSandboxNoRun Codex without approvals/sandbox
Behavior3/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Adds deferral behavior and mutual exclusivity constraint beyond annotations. However, given the complex tool with destructive side effects, more details on when destruction occurs would help.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Single efficient sentence with key information. Could benefit from a brief structure for such a complex tool, but avoids verbosity.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Despite high complexity, description is too terse. Lacks overview of workflow, return behavior, parameter categories, or hints for common use cases. Leaves agent with many unanswered questions.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema covers all 41 parameters. The description only adds the mutual exclusivity of prompt/promptParts. Baseline 3 as schema_description_coverage is 100%.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

Clearly states it runs a Codex CLI request synchronously with potential deferral. The 'synchronous' key word distinguishes from codex_request_async sibling.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines3/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Mentions synchronous vs async behavior but does not explicitly guide when to use this vs alternatives like codex_request_async or other provider tools. No exclusions or when-not-to-use.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/verivus-oss/llm-cli-gateway'

If you have feedback or need assistance with the MCP directory API, please join our Discord server