Skip to main content
Glama

codex_request_async

Destructive

Start a durable background Codex CLI job. Submit a prompt, then poll and collect the output later.

Instructions

Start an OpenAI Codex CLI request as a durable background job. Poll with llm_job_status, collect with llm_job_result.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
ossNoCodex --oss: use the open-source provider. New sessions only.
colorNoCodex --color: output color mode (always|never|auto). New sessions only.
modelNoModel name or alias (e.g. gpt-5.5, gpt-5.4, latest)
addDirNoCodex --add-dir <DIR>: additional writable workspace directories (repeat per entry). New sessions only. Stdio/local callers may pass local paths directly. Remote HTTP/OAuth callers must use relative paths inside a selected registered workspace. Do not call workspace_* tools to fix stdio/local provider path access.
enableNoCodex --enable <FEATURE> (repeatable): enable a feature for this run (equivalent to -c features.<name>=true). Accepted on resume.
imagesNoCodex -i <path>: image attachments.
promptNoPrompt text for Codex (mutually exclusive with promptParts)
searchNoDEPRECATED compatibility input: accepted but ignored because current Codex exec no longer accepts --search.
disableNoCodex --disable <FEATURE> (repeatable): disable a feature for this run (equivalent to -c features.<name>=false). Accepted on resume.
profileNoCodex --profile <name>.
fullAutoNoDEPRECATED: prefer `sandboxMode`. Expands to `--sandbox workspace-write`; current Codex no longer accepts approval-policy flags.
worktreeNoSlice λ: run this request inside a dedicated git worktree owned by the gateway. `true` creates a fresh worktree at `<repoRoot>/.worktrees/<uuid>` branched from HEAD. `{ name?, ref? }` lets the caller supply a sanitized name and/or a git ref (default: HEAD). When the request carries a sessionId and the session already has a worktree, that worktree is reused. The gateway spawns the child CLI with `cwd: <worktree-path>` — no `-w`/`--worktree` flag is ever emitted to the underlying CLI. On session_delete or TTL eviction the gateway runs `git worktree remove --force`. Successful responses are prefixed with `[gateway] worktree=<absolute-path>\n` so callers can use the path. NOTE: callers should `.gitignore` the `.worktrees/` directory in their repo (the gateway does NOT auto-gitignore — see slice λ spec Q4).
ephemeralNoCodex --ephemeral.
sessionIdNoCodex session UUID to resume via `codex exec resume <ID>`. Must be a real Codex session ID (from `~/.codex/sessions/` or the `codex resume` picker). Gateway-generated `gw-*` IDs are rejected. For a brand-new session no resumable sessionId is returned; continue with resumeLatest:true or a real Codex UUID.
workspaceNoRegistered workspace alias for remote HTTP/OAuth provider calls. Do not use this field, workspace_list, or workspace_register_existing_repo as a fallback for stdio/local provider path access; pass workingDir/addDir/includeDirs directly instead.
mcpServersNoMCP server names for approval tracking (Codex manages its own MCP config)
workingDirNoCodex -C/--cd <DIR>: working root for this session. New sessions only; resume inherits the original session's cwd. Stdio/local callers may pass local paths directly. Remote HTTP/OAuth callers must use relative paths inside a selected registered workspace. Do not call workspace_* tools to fix stdio/local provider path access.
ignoreRulesNoCodex --ignore-rules.
promptPartsNoCache-aware structured prompt: { system?, tools?, context?, task }. Mutually exclusive with prompt. Stable parts hash into cache_state for prefix-discipline tracking.
sandboxModeNoCodex --sandbox. Omit = Codex exec built-in default (read-only; cannot write files). Pass workspace-write to let Codex edit files in the working dir, or danger-full-access for unrestricted access.
forceRefreshNoBypass dedup and force a fresh CLI run even if a recent identical request exists
outputFormatNoCodex caller-facing output format. Token/cache usage is recorded in the flight recorder regardless. `text` (default) returns the plain reply; `json` returns the raw `--json` JSONL event stream.text
outputSchemaNoCodex --output-schema. Pass a path (string) or an inline JSON Schema object.
resumeLatestNoResume the most recent Codex session via `codex exec resume --last`. Ignored if sessionId is set. A brand-new session returns no resumable sessionId; continue with resumeLatest:true or a real Codex UUID.
strictConfigNoCodex --strict-config: error out when config.toml contains fields not recognized by this Codex version. New sessions only.
correlationIdNoRequest trace ID (auto if omitted)
idleTimeoutMsNoIdle timeout in ms (min 30s, max 1h, omit=CLI default)
localProviderNoCodex --local-provider: local OSS provider (lmstudio|ollama), used with oss. New sessions only.
approvalPolicyNoApproval policy when approvalStrategy is mcp_managed: strict|balanced|permissive (default balanced). Ignored under legacy strategy.
askForApprovalNoDEPRECATED compatibility input: accepted but ignored because current Codex no longer accepts --ask-for-approval.
optimizePromptNoOptimize prompt before execution
configOverridesNoCodex -c key=value overrides. Keys: /^[a-zA-Z0-9._]+$/. Values: no CR/LF.
approvalStrategyNoApproval strategy: legacy (default) lets the provider CLI's own flags decide; mcp_managed routes the run through the gateway approval gate (required for approvalPolicy and approval_list). Under mcp_managed the caller's permissionMode/alwaysApprove may be overridden by the gate.legacy
compressResponseNoCompress the response display text when collected via llm_job_result (native compressor; default: [compression].enabled).
createNewSessionNoForce a fresh session (no resume)
ignoreUserConfigNoCodex --ignore-user-config.
outputLastMessageNoCodex -o/--output-last-message <FILE>: write the agent's last message to a file. New sessions only.
useLegacyFullAutoFlagNoDEPRECATED compatibility input: accepted but ignored because current Codex no longer accepts --full-auto.
dangerouslyBypassHookTrustNoCodex --dangerously-bypass-hook-trust: run enabled hooks without persisted hook trust for this invocation. DANGEROUS. Explicit opt-in; never defaulted on.
dangerouslyBypassApprovalsAndSandboxNoRun Codex without approvals/sandbox
Behavior3/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Annotations already indicate destructiveHint=true and readOnlyHint=false, so the agent knows this can modify state. The description adds that the job is 'durable' and runs in the background, but does not elaborate on specific side effects, permissions, or rate limits beyond what annotations convey. It minimally extends the behavioral context.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is extremely concise: two sentences that front-load the purpose and immediately guide the agent on next steps. Every word earns its place with no redundancy or fluff.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the high complexity (40 parameters, no output schema), the description is minimal and does not explain return values, error handling, or parameter interactions. It is adequate for the high-level goal but leaves gaps that the agent must infer from the schema or other tools.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, so the schema fully documents each parameter. The description adds no additional meaning for individual parameters; it only provides overall usage context. Baseline is 3 as per rubric.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool starts an OpenAI Codex CLI request as a durable background job, using a specific verb ('Start') and resource. It distinguishes itself from sibling tools like codex_request (synchronous) and other model-specific async tools by explicitly mentioning the async pattern and referencing llm_job_status and llm_job_result for polling and collection.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides clear guidelines on how to use the tool: start the job, then poll with llm_job_status and collect with llm_job_result. This effectively tells the agent when to use this tool versus alternatives for asynchronous operations. It does not explicitly state when not to use it, but the context is sufficient.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/verivus-oss/llm-cli-gateway'

If you have feedback or need assistance with the MCP directory API, please join our Discord server