Hidden CLI Commands and Flags#
The Codex CLI (codex-rs) uses clap for argument parsing. Commands and flags marked #[clap(hide = true)] or hide = true are fully functional but intentionally omitted from --help output and shell completions. They fall into four categories: internal plumbing, deprecated flags, experimental/advanced options, and debug tooling.
All entries below are defined in codex-rs/cli/src/main.rs unless otherwise noted.
Hidden Top-Level Subcommands#
These variants in enum Subcommand are hidden from codex --help:
| Subcommand | Description |
|---|---|
execpolicy check | Validate execpolicy files against a command. Entry point for the ExecPolicyCheckCommand |
responses-api-proxy | Internal: run the Responses API proxy server |
stdio-to-uds <SOCKET_PATH> | Internal: relay stdio bytes to a Unix domain socket |
Note:
app-server,remote-control, andexec-servercarry[experimental]labels in their help text but are not hidden — they appear incodex --help.
Hidden debug Subcommands#
codex debug is visible, but two of its sub-subcommands are hidden :
| Subcommand | Description |
|---|---|
debug trace-reduce <TRACE_BUNDLE> | Replay a rollout trace bundle and write reduced state JSON. Accepts --output / -o for the output path |
debug clear-memories | Internal: wipe local memory state (SQLite DB + memory-root directories) for a fresh start |
Visible debug subcommands (for context): debug models, debug app-server send-message-v2, debug prompt-input.
Hidden app-server Subcommands and Flags#
Within the app-server subcommand tree :
| Item | Description |
|---|---|
app-server generate-internal-json-schema -o <DIR> | Generate internal JSON Schema artifacts for Codex tooling |
app-server daemon pid-update-loop | Internal: run the detached PID-backed standalone updater loop |
app-server --remote-control | Enable remote control for this app-server process (flag, hidden) |
Hidden login Flags#
Defined in LoginCommand:
| Flag | Description |
|---|---|
--api-key | Deprecated. Previously accepted the API key inline; now exits with guidance to use --with-api-key (stdin pipe) instead |
--experimental_issuer <URL> | Override the OAuth issuer base URL — advanced, experimental |
--experimental_client-id <CLIENT_ID> | Override the OAuth client ID — advanced, experimental |
The --experimental_issuer and --experimental_client-id flags are consumed by run_login_with_device_code when --device-auth is set.
Hidden exec Flag#
Defined in codex-rs/exec/src/cli.rs:
| Flag | Description |
|---|---|
--full-auto | Legacy trap. Accepts the removed flag and prints a migration warning: use --sandbox workspace-write instead |
The migration message is surfaced via removed_full_auto_warning(). The flag is global = true, so it's accepted anywhere in the codex exec command tree.
Hidden Linux Sandbox Helper Flags#
The Linux sandbox binary (codex-linux-sandbox) exposes these flags internally; they are set programmatically by the parent Codex process — not by end users. Defined in LandlockCommand:
| Flag | Description |
|---|---|
--command-cwd | Logical working directory for the sandboxed command (may differ from --sandbox-policy-cwd) |
--permission-profile <JSON> | Canonical runtime permissions as serialized JSON |
--use-legacy-landlock | Opt into the legacy Landlock-only sandbox instead of the default bubblewrap pipeline |
--apply-seccomp-then-exec | Two-stage internal flag: apply seccomp + no_new_privs inside the bubblewrap container, then exec |
--allow-network-for-proxy | Switch sandbox networking to proxy-only mode with managed routing bridges |
--proxy-route-spec <SPEC> | Internal route spec for managed proxy routing in bwrap mode |
These flags are assembled by build_inner_seccomp_command when constructing the two-stage bubblewrap + seccomp pipeline.
Commonly Confused: Visible but Dangerous#
These options are not hidden but are easily overlooked:
--dangerously-bypass-approvals-and-sandbox(alias--yolo) — skips all confirmation prompts and sandbox--dangerously-bypass-hook-trust— runs hooks without persisted trust--enable <FEATURE>/--disable <FEATURE>— global feature-flag toggles, equivalent to-c features.<name>=true/false
