Ability to disable built-in tools for MCP-only execution #6049
Description
Problem Statement
When running codex exec in headless/automated environments, there is currently no way to restrict the agent to only use MCP (Model Context Protocol) tools. This creates potential security and control concerns when you want to limit the agent's capabilities to a specific set of custom tools.
Proposed Solution
Add a configuration option (CLI flag or config setting) to disable Codex's built-in tools while keeping MCP tools available. This would enable:
- Minimum requirement: Ability to disable shell command execution
- Ideal solution: Ability to disable all built-in tools (shell, file operations, plan, apply_patch) for true MCP-only mode
Use Cases
- Running codex exec in production/headless environments with restricted capabilities
- Enforcing security policies that prevent arbitrary shell execution
- Custom workflows that rely exclusively on carefully designed MCP tools
- Better control over agent behavior in automated systems
Suggested Implementation
A --disable-builtin-tools flag (or similar) that:
- Disables built-in tools (shell, file operations, plan, apply_patch)
- Keeps MCP tools, web_search, and view_image available
- Provides clear feedback when disabled tools are attempted
Related
This request is based on PR #5001 which was closed as community contributions are not currently being accepted. However, the functionality would be valuable for users who need greater control over agent capabilities in production environments.
Thank you for considering this feature request!