Skip to main content

Overview

CodexBar stores all provider configurations in a single JSON file at ~/.codexbar/config.json. This file contains:
  • Provider enable/disable toggles
  • Authentication credentials (API keys, cookies)
  • Source mode preferences (CLI, web, OAuth, API)
  • Provider-specific settings (region, workspace ID)
Security: The config file contains sensitive credentials. CodexBar sets file permissions to 0600 (owner read/write only) automatically.

File Location

  • Path: ~/.codexbar/config.json
  • Permissions: 0600 (enforced on macOS and Linux)
  • Auto-created: If missing, CodexBar creates it with default settings

Schema

Root Structure

{
  "version": 1,
  "providers": [
    // Array of ProviderConfig objects
  ]
}
FieldTypeRequiredDescription
versionnumberYesConfig schema version (currently 1)
providersarrayYesList of provider configurations

Provider Configuration

{
  "id": "codex",
  "enabled": true,
  "source": "auto",
  "cookieSource": "auto",
  "cookieHeader": null,
  "apiKey": null,
  "region": null,
  "workspaceID": null,
  "tokenAccounts": null
}
FieldTypeRequiredDescription
idstringYesProvider identifier (see Provider IDs)
enabledbooleanNoEnable/disable provider (defaults to provider default)
sourcestringNoPreferred source mode: auto, web, cli, oauth, api
cookieSourcestringNoCookie policy: auto (browser import), manual, off
cookieHeaderstringNoRaw cookie header for manual cookie mode
apiKeystringNoAPI token for providers with API support
regionstringNoProvider-specific region (e.g., zai, minimax)
workspaceIDstringNoWorkspace identifier (e.g., opencode)
tokenAccountsobjectNoMulti-account token data (see Token Accounts)

Provider IDs

Valid provider identifiers: 
codex, claude, cursor, opencode, factory, gemini, antigravity, 
copilot, zai, minimax, kimi, kilo, kiro, vertexai, augment, 
jetbrains, kimik2, amp, ollama, synthetic, warp, openrouter
Provider order in the providers array controls display order in the app and CLI. Reorder the array to change menu bar icon sequence.

Source Modes

ModeDescriptionAvailability
autoUses provider-specific fallback orderAll providers
webForce browser cookie authenticationWeb-capable providers
cliForce CLI tool invocationCLI-capable providers
oauthForce OAuth flowClaude, Gemini, Copilot
apiForce API key authenticationProviders with API support
Each provider has a default fallback order when auto is selected. See individual provider docs for details.
SourceDescriptionUse Case
autoImport cookies from browsers automaticallyDefault for most users
manualUse cookieHeader fieldBrowser import fails or unsupported browser
offDisable cookie-based authenticationUse CLI or OAuth instead
When using cookieSource: "manual", provide the raw cookie header: 
{
  "id": "claude",
  "cookieSource": "manual",
  "cookieHeader": "sessionKey=abc123...; __cf_bm=xyz789...; intercom-session=..."
}
Cookie headers contain sensitive session tokens. Never commit config.json to version control or share it publicly.

Token Accounts

Some providers support multiple accounts with separate tokens (e.g., OpenRouter, Synthetic).

Schema

{
  "version": 1,
  "activeIndex": 0,
  "accounts": [
    {
      "id": "00000000-0000-0000-0000-000000000000",
      "label": "[email protected]",
      "token": "sk-or-v1-...",
      "addedAt": 1735123456,
      "lastUsed": 1735220000
    }
  ]
}
FieldTypeRequiredDescription
versionnumberYesToken accounts schema version (currently 1)
activeIndexnumberYesIndex of the active account in the accounts array
accountsarrayYesList of account objects

Account Object

FieldTypeRequiredDescription
idstringYesUnique UUID for the account
labelstringYesDisplay name (typically email)
tokenstringYesAPI token or bearer token
addedAtnumberYesUnix timestamp when account was added
lastUsednumberNoUnix timestamp of last use

Examples

Minimal Configuration

Default providers with no customization: 
{
  "version": 1,
  "providers": [
    { "id": "codex" },
    { "id": "claude" },
    { "id": "cursor" },
    { "id": "opencode" },
    { "id": "gemini" }
  ]
}

{
  "version": 1,
  "providers": [
    {
      "id": "codex",
      "enabled": true,
      "source": "auto",
      "cookieSource": "manual",
      "cookieHeader": "__Secure-next-auth.session-token=eyJhbGc...; __cf_bm=abc..."
    }
  ]
}

Claude with OAuth and CLI Fallback

{
  "version": 1,
  "providers": [
    {
      "id": "claude",
      "enabled": true,
      "source": "oauth"
    }
  ]
}
OAuth credentials are stored in Keychain, not in config.json. The source field only controls the preferred authentication method.

z.ai with API Token and Region

{
  "version": 1,
  "providers": [
    {
      "id": "zai",
      "enabled": true,
      "apiKey": "zai_1234567890abcdef",
      "region": "us-west"
    }
  ]
}

OpenCode with Workspace ID

{
  "version": 1,
  "providers": [
    {
      "id": "opencode",
      "enabled": true,
      "workspaceID": "my-workspace-id"
    }
  ]
}

Multiple Providers with Custom Order

{
  "version": 1,
  "providers": [
    {
      "id": "claude",
      "enabled": true,
      "source": "oauth"
    },
    {
      "id": "codex",
      "enabled": true,
      "source": "cli",
      "cookieSource": "off"
    },
    {
      "id": "cursor",
      "enabled": true,
      "cookieSource": "auto"
    },
    {
      "id": "gemini",
      "enabled": false
    }
  ]
}

OpenRouter with Multi-Account Tokens

{
  "version": 1,
  "providers": [
    {
      "id": "openrouter",
      "enabled": true,
      "tokenAccounts": {
        "version": 1,
        "activeIndex": 0,
        "accounts": [
          {
            "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
            "label": "[email protected]",
            "token": "sk-or-v1-abc123...",
            "addedAt": 1735123456,
            "lastUsed": 1735220000
          },
          {
            "id": "f7e8d9c0-b1a2-3456-7890-abcdef123456",
            "label": "[email protected]",
            "token": "sk-or-v1-xyz789...",
            "addedAt": 1735130000,
            "lastUsed": null
          }
        ]
      }
    }
  ]
}

Editing the Config File

Via Settings UI

Most settings can be changed through Settings → Providers:
  • Enable/disable toggles
  • Source mode selection
  • Cookie source selection
  • API key entry
  • Region and workspace ID fields
Changes are automatically saved to config.json.

Manual Editing

  1. Quit CodexBar
  2. Open ~/.codexbar/config.json in a text editor
  3. Make changes (see examples above)
  4. Validate JSON syntax
  5. Relaunch CodexBar
Manual edits bypass validation. Invalid JSON or unsupported values may cause CodexBar to fail to launch.

Validating the Config

Use the CLI to validate your config: 
codexbar config validate
For JSON output: 
codexbar config validate --format json
Example output: 
{
  "valid": true,
  "errors": [],
  "warnings": [
    "Provider 'gemini' is disabled but has API key configured"
  ]
}

Config Normalization

CodexBar normalizes the config on load:
  1. Adds missing providers: Any provider not in the providers array is appended with defaults
  2. Removes duplicates: If a provider appears multiple times, only the first occurrence is kept
  3. Applies defaults: Omitted fields use provider-specific defaults
  4. Cleans sensitive fields: Trims whitespace and removes surrounding quotes from apiKey and cookieHeader

Migration from Legacy Storage

CodexBar previously stored credentials in Keychain and UserDefaults. Starting with v2.0, all credentials are migrated to config.json. What gets migrated:
  • Keychain-stored API tokens (z.ai, Copilot, OpenRouter, Synthetic, etc.)
  • Keychain-stored cookie headers (Codex, Claude, Cursor, Factory, etc.)
  • UserDefaults provider toggles and source modes
What stays in Keychain:
  • OAuth tokens (Claude OAuth, Gemini OAuth)
  • Browser safe storage keys (for automatic cookie decryption)
Migration happens automatically on first launch. Legacy storage is not deleted to allow rollback.

Backup and Restore

Backing Up

cp ~/.codexbar/config.json ~/.codexbar/config.json.backup

Restoring

cp ~/.codexbar/config.json.backup ~/.codexbar/config.json
Relaunch CodexBar after restoring.

Resetting to Defaults

rm ~/.codexbar/config.json
CodexBar recreates the file with default settings on next launch.
This deletes all provider configurations, API keys, and custom settings. Use “Export Settings” from the UI if you want to preserve a copy.

Troubleshooting

Symptom: CodexBar shows no providers or “Failed to load config”Solution:
  1. Check that ~/.codexbar/ directory exists
  2. Check file permissions: ls -la ~/.codexbar/config.json
  3. Recreate with: codexbar config validate (generates default config if missing)
Symptom: Manual edits to config.json are lost after relaunching CodexBarSolution:
  1. Ensure CodexBar is fully quit (check Activity Monitor)
  2. Verify JSON syntax with: python3 -m json.tool ~/.codexbar/config.json
  3. Check that file isn’t read-only: ls -la ~/.codexbar/config.json
  4. If permissions are wrong: chmod 600 ~/.codexbar/config.json
Symptom: Menu bar icons appear in wrong order despite correct providers array orderSolution:
  1. Verify the order in config.json
  2. Restart CodexBar (Quit → Relaunch, not just closing the menu)
  3. Check Settings → Providers for the order
  4. If still wrong, delete config.json and reconfigure

CLI Configuration Commands

View Current Config

codexbar config show

Validate Config

codexbar config validate

Reset Config

codexbar config reset
See the CLI Reference for more commands.

Build docs developers (and LLMs) love

Get started for freeTalk to us