Agent-Ex

OpenAI Codex

CLIIDE extensionappweb
OpenAI Codex is strongest on nested filesystem scoping and policy-enforced local clients. AGENTS.md walks from global scope down to CWD with override files at each level; requirements.toml provides admin-enforced controls that users cannot override. Skills are the authoring format with six scope tiers; plugins are the installable distribution unit with three marketplace tiers and bundled hooks support.

AGENTS.md Instructions

Instructions
Vendor Terms AGENTS.md, AGENTS.override.md, custom instructions, agents.md standard
Interfaces CLI, IDE extension, app
Scopes
User / HomeProject / Repo RootSubdirectory / Folder
Availability current (explicit)
Trust Model Contextual guidance loaded at run start; more specific files override by concatenation order
Notes Discovery chain walks from global (~/.codex) to CWD checking override then standard per directory; combined size capped at 32 KiB; links to official agents.md cross-vendor standard
Customization ↗AGENTS.md guide ↗

Memories

Instructions
Vendor Terms memories, learned context, Chronicle
Interfaces CLI, IDE extension, app
Scopes
User / Home
Availability current (explicit)
Trust Model Persistent learned context, not user-authored instructions; background processing after threads go idle
Notes Off by default; not available in EEA/UK/Switzerland; Chronicle (research preview, macOS only) augments memories with screen-context captures; secret redaction applied
Memories ↗Chronicle ↗

Skills

Skills
Vendor Terms agent skills, SKILL.md, .agents/skills, $skill-creator
Interfaces CLI, IDE extension, app
Scopes
Subdirectory / FolderProject / Repo RootUser / HomeMachine / Admin
Availability current (explicit)
Trust Model Reusable workflows loaded progressively; skills are the authoring format, plugins are the distribution unit
Notes Six scope tiers from repo to system-bundled; explicit ($-mention) and implicit (description matching) invocation; based on open Agent Skills standard (agentskills.io); can declare MCP dependencies for auto-wiring
Agent Skills ↗Plugins ↗

Custom Prompts (deprecated)

Prompts
Vendor Terms custom prompts, slash commands
Interfaces CLI, IDE extension
Scopes
User / Home
Availability deprecated (explicit)
Trust Model User-local reusable prompt templates with argument placeholders; not shared through repositories
Notes Deprecated in favor of skills; Markdown files in ~/.codex/prompts/ invoked as /prompts:name
Custom Prompts ↗

MCP Servers

MCP & Tools
Vendor Terms MCP servers, OAuth authentication, remote MCP
Interfaces CLI, IDE extension, app
Scopes
User / HomeProject / Repo Root
Availability current (explicit)
Trust Model Destructive tool calls always require approval; enterprise allowlist enforces name + identity matching
Notes STDIO and streamable HTTP transports; remote MCP stdio experimental; OAuth via codex mcp login; per-tool approval modes (auto/prompt/approve) with allow/deny lists; plugin-provided servers supported
MCP ↗Agent approvals and security ↗

Subagents

Agents
Vendor Terms subagents, custom agents, agent threads, spawn_agents_on_csv
Interfaces app, CLI
Scopes
User / HomeProject / Repo RootCloud / Web Session
Availability current (explicit)
Trust Model Isolated workers that inherit parent sandbox policy; approval requests surface from inactive threads
Notes Enabled by default; built-in default/worker/explorer agents; custom agents via TOML files with model and reasoning effort selection; spawn_agents_on_csv (experimental) for batch processing with structured output; max 6 threads
Subagents ↗Subagent concepts ↗

Hooks

Hooks
Vendor Terms hooks, hook events, managed hooks
Interfaces CLI, IDE extension
Scopes
User / HomeProject / Repo Root
Availability current (explicit)
Trust Model Deterministic scripts that run on lifecycle events; non-managed hooks require hash-based trust review; enterprise managed hooks via requirements.toml
Notes 10 lifecycle events including PermissionRequest, SubagentStart/Stop, PreCompact/PostCompact; PreToolUse can deny or rewrite tool calls; managed hooks via requirements.toml; plugin-bundled hooks supported
Hooks ↗Enterprise governance ↗

Plugins

Plugins & Distribution
Vendor Terms plugins, marketplace, plugin manifest, plugin directory
Interfaces app, CLI, IDE extension
Scopes
Project / Repo RootUser / Home
Availability current (explicit)
Trust Model Packaging layer for reuse; existing approval settings apply; marketplace policy fields control install behavior
Notes Bundles skills, app integrations, hooks, and MCP servers; three marketplace tiers (Curated, Shared, Created); plugin directory in App and CLI; built-in $plugin-creator for scaffolding
Plugins ↗Build plugins ↗

Configuration, Rules, and Requirements

Settings & Policy
Vendor Terms config.toml, requirements.toml, managed configuration, rules, Starlark
Interfaces CLI, IDE extension, app, web
Scopes
User / HomeProject / Repo RootSubdirectory / FolderMachine / AdminCloud / Web SessionOrganization / Enterprise
Availability current (explicit)
Trust Model Admin-enforced requirements cannot be overridden; OS-level sandbox (macOS Seatbelt, Linux bwrap+seccomp)
Notes Requirements are admin-enforced and cannot be overridden; Starlark-based rules (experimental) with prefix_rule() and tree-sitter shell parsing; cloud-managed requirements for Business/Enterprise; 4-level feature maturity taxonomy
Config basics ↗Configuration reference ↗Managed configuration ↗
Data last updated 2026-06-01 · Auto-generated from upstream docs and may be inaccurate · Source on GitHub