You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs-site/src/content/docs/getting-started/configuration.mdx
+2Lines changed: 2 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -109,6 +109,8 @@ After the app boots, manage operational settings from the admin UI instead of ed
109
109
110
110
Secret settings stay write-only in the UI. For example, metrics bearer material is stored as a keyed digest and SMTP credentials are stored encrypted for mail delivery and credential checks.
111
111
112
+
Gateway websocket upgrades use the admin-managed `websocket_idle_timeout_ms` setting for downstream idle close behavior. The default is `1_800_000` ms, and accepted values are `60_000..3_600_000` ms. This setting applies to new websocket upgrades on the backend Codex route and the narrow public `/v1/responses` websocket route; it is separate from upstream receive timeouts.
Copy file name to clipboardExpand all lines: docs-site/src/content/docs/operators/request-logs.mdx
+8Lines changed: 8 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -132,6 +132,14 @@ Common causes to inspect are:
132
132
133
133
The Errors column should stay safe to copy into operator tickets. It should not include raw prompts, responses, uploaded file contents, credentials, or provider payloads.
134
134
135
+
### Websocket Close Triage
136
+
137
+
Websocket request rows are created after gateway admission and reservation. If a websocket closes before a request row exists, inspect application logs for sanitized websocket close metadata instead of looking for prompt or frame content.
138
+
139
+
Safe close metadata can include route family, endpoint, transport, route class, phase, `reason_class`, elapsed milliseconds, safe session id prefixes, owner or proxy instance ids, and downstream epoch. Typical `reason_class` values include `max_frame_size_exceeded` for an oversized inbound websocket frame, `timeout` for downstream websocket idle close, and `closed` for a normal client close.
140
+
141
+
For downstream idle closes on backend Codex websockets and narrow public `/v1/responses` websockets, check the admin-managed `websocket_idle_timeout_ms` setting. Its default is `1_800_000` ms and the accepted range is `60_000..3_600_000` ms. This setting does not change upstream receive timeout classification.
142
+
135
143
## Usage Metadata
136
144
137
145
Usage lines summarize request accounting, including request count context, token totals, cached input tokens, and estimated cost when pricing is available. Treat these as operational attribution and capacity evidence. They are not a replacement for provider billing records.
@@ -185,7 +185,7 @@ Some Codex clients use `/backend-api/codex/v1` as their base URL. Codex Pooler e
185
185
<td>Backend websocket response session</td>
186
186
<td>No</td>
187
187
<td>Supported</td>
188
-
<td>Alias for the backend websocket route. Prompt-cache routing locality is excluded.</td>
188
+
<td>Alias for the backend websocket route. Prompt-cache routing locality is excluded, and the same <code>websocket_idle_timeout_ms</code> downstream idle window applies.</td>
@@ -317,7 +317,7 @@ Supported work is translated into Codex-compatible requests and then routed thro
317
317
<td>Backend Codex websocket response session</td>
318
318
<td>Partial</td>
319
319
<td>Partial</td>
320
-
<td>Narrow Responses websocket compatibility only. It is not OpenAI Realtime SDK support.</td>
320
+
<td>Narrow Responses websocket compatibility only. It is not OpenAI Realtime SDK support. It uses the same downstream idle and frame guardrails as backend Codex websockets.</td>
321
321
</tr>
322
322
<tr>
323
323
<td><code>POST /v1/chat/completions</code></td>
@@ -533,6 +533,12 @@ The root `/mcp` operator endpoint is not a bridge for `/v1/responses` remote MCP
533
533
534
534
Prompt-cache routing locality is a local routing hint. It can apply on `POST /backend-api/codex/responses`, `POST /backend-api/codex/v1/responses`, `POST /backend-api/codex/v1/chat/completions`, `POST /v1/responses`, and `POST /v1/chat/completions`. It is excluded from websocket, compact, file, audio, image, usage, and app-server helper routes.
535
535
536
+
## Websocket Guardrails
537
+
538
+
Backend Codex websocket routes and the narrow public `GET /v1/responses` websocket route use bounded downstream guardrails. `websocket_idle_timeout_ms` controls the downstream websocket idle close window for new upgrades. Its default is `1_800_000` ms, and accepted values are `60_000..3_600_000` ms.
539
+
540
+
Inbound websocket frames are also bounded by the configured gateway request body limit. Operators should treat `reason_class=max_frame_size_exceeded` as an oversized client frame, `reason_class=timeout` as downstream websocket idle close, and upstream receive timeout errors as separate upstream-side failures. These classifications are metadata-only and must not include raw websocket frames or request bodies.
541
+
536
542
## Request compression boundaries
537
543
538
544
Request compression is a per-Pool routing option named `request_compression_enabled`. It is disabled by default. When enabled, Codex Pooler may compress upstream-bound Responses tool-output content before dispatch. This is request-side only: raw outputs and upstream response bodies are not stored, and CCR/retrieval is not implemented.
0 commit comments