Add OpenAI Codex MCP support to Sync-McpConfig.ps1

[rjmurillo-bot]

PRD: Codex CLI TOML Configuration Support

Problem Statement

The Sync-McpConfig.ps1 script currently supports synchronizing MCP server configurations from Claude Code's .mcp.json to VS Code (.vscode/mcp.json) and Factory (.factory/mcp.json) formats. Both targets use JSON format.

Critical Blocker: Codex CLI requires TOML format configuration (.codex/config.toml) to function. Without TOML support in Sync-McpConfig.ps1, Codex CLI cannot be used in this project, which blocks users who want to use Codex as their AI coding assistant.

Secondary Issue: AGENTS.md requires Serena initialization at session start, which Codex CLI cannot perform without proper MCP configuration.

Current State

Sync-McpConfig.ps1 Capabilities

• Source: .mcp.json (Claude Code format with mcpServers root key)
• Targets: VS Code (JSON), Factory (JSON)
• Format: JSON only
• Server transformations: Serena (context/port changes for VS Code compatibility)

Gap

• No TOML format generation capability
• Codex CLI target not supported
• Users cannot sync MCP configurations to Codex

Goals

1. Enable Sync-McpConfig.ps1 to generate TOML format configuration for Codex CLI
2. Add 'codex' as a target option (alongside 'vscode' and 'factory')
3. Support both repo-local (.codex/config.toml) and user home (~/.codex/config.toml) paths
4. Implement platform-specific transformations for Codex if needed (similar to Serena transformations)
5. Maintain backward compatibility with existing JSON targets

Non-Goals

• Building MCP servers for Codex
• Modifying authentication mechanisms for AI services
• Supporting other AI CLI tools beyond Codex
• Installing or managing Codex CLI itself

Codex TOML Format Requirements

File Locations

• Repo-local: .codex/config.toml (recommended for project-specific configs)
• User home: ~/.codex/config.toml (global configs)

TOML Structure

From OpenAI Codex documentation:

[mcp_servers.server_name]
command = "executable"
args = ["arg1", "arg2"]
startup_timeout_sec = 30
tool_timeout_sec = 120
enabled = true

[mcp_servers.server_name.env]
ENV_VAR = "value"

Key Differences from JSON

Aspect	JSON (.mcp.json)	TOML (config.toml)
Root structure	{"mcpServers": {...}}	[mcp_servers.name] tables
Arrays	["item1", "item2"]	["item1", "item2"] (same)
Environment	Nested in server object	Separate [mcp_servers.name.env] table
Booleans	true/false	true/false (same)
Numbers	123	123 (same)

Example Transformation

Source (.mcp.json):

{
  "mcpServers": {
    "serena": {
      "type": "stdio",
      "command": "uvx",
      "args": ["--from", "git+https://github.com/oraios/serena", "serena", "start-mcp-server"],
      "env": {
        "SOME_VAR": "value"
      }
    }
  }
}

Target (.codex/config.toml):

[mcp_servers.serena]
command = "uvx"
args = ["--from", "git+https://github.com/oraios/serena", "serena", "start-mcp-server"]

[mcp_servers.serena.env]
SOME_VAR = "value"

Acceptance Criteria

AC1: Codex Target Support

Given Sync-McpConfig.ps1 is invoked with -Target codex
When a valid .mcp.json exists
Then the script generates .codex/config.toml in valid TOML format without errors

AC2: TOML Format Correctness

Given an .mcp.json with multiple MCP servers (serena, deepwiki, forgetful)
When syncing to Codex target
Then the generated TOML file:

• Uses [mcp_servers.name] table syntax for each server
• Preserves all server properties (command, args, type, etc.)
• Creates separate [mcp_servers.name.env] tables for environment variables
• Uses proper TOML data types (strings quoted, arrays bracketed, booleans unquoted)

AC3: SyncAll Support

Given Sync-McpConfig.ps1 is invoked with -SyncAll
When the script runs
Then it generates configurations for all three targets:

• .vscode/mcp.json (JSON)
• .factory/mcp.json (JSON)
• .codex/config.toml (TOML)

AC4: Custom Destination Path

Given Sync-McpConfig.ps1 is invoked with -Target codex -DestinationPath ~/.codex/config.toml
When the script runs
Then it writes to user home directory instead of repo-local path

AC5: Server-Specific Transformations (Future)

Given Codex requires platform-specific transformations (TBD - research needed)
When syncing to Codex target
Then the script applies necessary transformations (similar to Serena's context/port changes)

Note: Initial implementation may use pass-through (no transformations) until Codex-specific needs are identified.

AC6: Documentation

Given new Codex target support
When users review script help
Then documentation includes:

• Codex target option in SYNOPSIS and PARAMETER sections
• Example showing Codex sync: .\Sync-McpConfig.ps1 -Target codex
• TOML format explanation in DESCRIPTION
• Link to Codex MCP documentation

AC7: Test Coverage

Given new TOML generation functionality
When Pester tests run
Then tests cover:

• Basic TOML generation from JSON input
• Array formatting in TOML
• Environment variable table generation
• All three targets (vscode, factory, codex)
• SyncAll with Codex included
• Edge cases (empty servers, missing properties)

AC8: Security

Given MCP configurations may contain sensitive data
When configuration is synced
Then the script:

• Validates TOML destination is not a symlink (like JSON validation)
• Does not log or expose environment variable values
• Preserves security patterns from JSON targets

Implementation Plan

Phase 1: TOML Generation Function

1. Create ConvertTo-Toml helper function
2. Support hashtable to TOML conversion
3. Handle nested objects (env vars as separate tables)
4. Handle arrays, strings, numbers, booleans
5. Generate properly formatted TOML with correct escaping

Phase 2: Target Integration

1. Add 'codex' to ValidateSet for -Target parameter
2. Add default path resolution for Codex (.codex/config.toml)
3. Implement Codex transform logic (initially pass-through)
4. Update SyncAll to include Codex target

Phase 3: Testing

1. Create Pester tests for ConvertTo-Toml function
2. Add integration tests for Codex target
3. Test SyncAll with all three targets
4. Verify TOML output with TOML parsers

Phase 4: Documentation

1. Update script help text
2. Add Codex examples
3. Document TOML format differences
4. Add link to Codex MCP documentation

Technical Design

ConvertTo-Toml Function Signature

function ConvertTo-Toml {
    [CmdletBinding()]
    param(
        [Parameter(Mandatory)]
        [hashtable]$Data,

        [string]$TablePrefix = 'mcp_servers'
    )

    # Generate TOML string
}

Script Changes

# Add codex to ValidateSet
[ValidateSet('factory', 'vscode', 'codex')]
[string]$Target = 'vscode',

# Add default path for codex
if ($Target -eq 'codex') {
    $codexPath = Join-Path $repoRoot '.codex'
    $DestinationPath = Join-Path $codexPath 'config.toml'
}

# Add codex transform
if ($Target -eq 'codex') {
    # Generate TOML format
    $destContent = ConvertTo-Toml -Data $sourceJson['mcpServers']
} else {
    # Existing JSON logic
}

Open Questions

1. Does Codex require specific transformations like Serena? → Research during implementation
2. Should we support HTTP-type servers in TOML? (deepwiki uses "type": "http") → Yes, TOML supports all types
3. Should default target remain 'vscode' or change to detect available CLI? → Keep 'vscode' for backward compatibility
4. Should SyncAll default behavior change to include Codex? → Yes, SyncAll should sync to all three targets

Dependencies

• PowerShell 7.4+ (existing requirement)
• .mcp.json source file (existing)
• TOML validator for testing (optional, e.g., tomli Python package)

Success Metrics

• Zero errors when syncing to Codex target
• All Pester tests passing (including new TOML tests)
• Documentation complete and accurate
• Users can successfully use Codex CLI with synced MCP servers

References

• Codex MCP documentation: https://developers.openai.com/codex/mcp
• Current Sync-McpConfig.ps1: scripts/Sync-McpConfig.ps1
• Existing tests: scripts/tests/Sync-McpConfig.Tests.ps1
• TOML specification: https://toml.io/en/v1.0.0
• Issue Add OpenAI Codex MCP support to Sync-McpConfig.ps1 #804 comment with TOML format: Add OpenAI Codex MCP support to Sync-McpConfig.ps1 #804 (comment)

[traycerai]

Plan

Observations

The file:scripts/Sync-McpConfig.ps1 script already has a robust architecture for handling MCP server configurations with platform-specific transformations. The Serena server implementation (lines 182-199) serves as a template, transforming --context claude-code to --context ide and --port 24282 to --port 24283 for VS Code compatibility. Research indicates that OpenAI Codex MCP servers (primarily @cexll/codex-mcp-server, @trishchuk/codex-mcp-tool, or community variants) use standard npx execution with no documented platform-specific parameter requirements, unlike Serena's context/port transformations.

Approach

The implementation follows the existing Serena transformation pattern but adapts it for OpenAI Codex MCP servers. Since research reveals no platform-specific transformations are required for Codex (the configuration remains consistent across Claude Code, VS Code, and Factory), the focus shifts to: (1) adding detection logic for Codex server entries, (2) implementing a pass-through transformation structure for future extensibility, (3) comprehensive test coverage mirroring the Serena test patterns, and (4) documentation updates with configuration examples and security guidance for API key handling.

Implementation Steps

1. Research and Validation Phase

Verify OpenAI Codex MCP Server Configuration

• Confirm the canonical npm package name(s) for OpenAI Codex MCP servers (@cexll/codex-mcp-server, @trishchuk/codex-mcp-tool, or tuannvm/codex-mcp-server)
• Document the standard configuration structure in file:.mcp.json format
• Verify whether any platform-specific transformations are needed for VS Code or Factory (current research suggests none are required)
• Test actual Codex MCP server behavior in Claude Code, VS Code, and Factory environments if possible

Expected Configuration Format:

{
  "mcpServers": {
    "openai-codex": {
      "type": "stdio",
      "command": "npx",
      "args": ["-y", "@cexll/codex-mcp-server"],
      "env": {
        "OPENAI_API_KEY": "${OPENAI_API_KEY}"
      }
    }
  }
}

2. Code Implementation in Sync-McpConfig.ps1

Add Codex Detection and Transformation Logic

Locate the VS Code transformation section (after line 199 in file:scripts/Sync-McpConfig.ps1) and add Codex-specific handling:

• Implement server name detection for common Codex MCP server names: openai-codex, codex-cli, codex_cli, codex-mcp, etc.
• Create deep clone logic similar to Serena implementation (lines 184-191)
• Add transformation logic structure (even if pass-through initially) for future extensibility
• Ensure the transformation only applies when -Target vscode is specified
• Preserve original configuration for Factory target (no transformation needed)

Key Implementation Points:

• Use the same deep cloning pattern as Serena to avoid modifying source data
• Check for both ContainsKey on server name and args property existence
• Apply transformations only to the args array if modifications are needed
• Document any discovered platform-specific requirements in inline comments

Pseudo-structure (following Serena pattern at lines 182-199):

# After Serena transformation block
if ($servers.ContainsKey('openai-codex') -and $servers['openai-codex'].ContainsKey('args')) {
    # Deep clone the codex config
    $codexConfig = @{}
    foreach ($key in $servers['openai-codex'].Keys) {
        if ($key -eq 'args') {
            $codexConfig[$key] = @($servers['openai-codex']['args'])
        } else {
            $codexConfig[$key] = $servers['openai-codex'][$key]
        }
    }
    
    # Apply VS Code specific transforms (if any discovered)
    # Currently: pass-through (no transformations needed based on research)
    # Future: Add transformations here if platform differences are identified
    
    $servers['openai-codex'] = $codexConfig
}

3. Test Coverage Implementation

Extend Pester Tests in file:scripts/tests/Sync-McpConfig.Tests.ps1

Add comprehensive test coverage following the Serena test pattern (lines 309-486):

Test Categories to Implement:

1. Basic Codex Configuration Tests

   • Verify Codex server entry is preserved in VS Code output
   • Verify Codex server entry is preserved in Factory output
   • Confirm servers key transformation for VS Code
   • Confirm mcpServers key preservation for Factory

2. Transformation Tests (even if pass-through)

   • Test that Codex args array is preserved correctly
   • Test that Codex env variables are preserved
   • Test that Codex command property is unchanged
   • Verify no unintended modifications to Codex configuration

3. Multi-Server Tests

   • Test configuration with both Serena and Codex servers
   • Verify Serena transformations still work when Codex is present
   • Test with Codex, Serena, deepwiki, and forgetful all present

4. Edge Cases

   • Test Codex server without args property
   • Test Codex server with empty args array
   • Test Codex server with various naming conventions (openai-codex, codex-cli, codex_cli)
   • Test malformed Codex configuration handling

5. Security Tests

   • Verify API keys in env are not logged or exposed
   • Test symlink rejection for Codex configurations
   • Validate environment variable expansion syntax (${OPENAI_API_KEY})

Test Structure Example (following Serena pattern):

Describe 'OpenAI Codex Transformations' {
    Context 'VS Code Target' {
        It 'Preserves Codex configuration in VS Code format' { }
        It 'Applies any VS Code-specific transformations' { }
        It 'Does not modify other Codex properties' { }
    }
    
    Context 'Factory Target' {
        It 'Passes through Codex configuration unchanged' { }
    }
    
    Context 'Security' {
        It 'Does not expose API keys in output' { }
        It 'Validates environment variable syntax' { }
    }
}

4. Documentation Updates

Update Script Help Text in file:scripts/Sync-McpConfig.ps1

Modify the .DESCRIPTION section (lines 5-21):

• Add OpenAI Codex to the list of servers with specific transformations
• Document that Codex configuration is preserved across platforms (if no transformations needed)
• Note any discovered platform-specific requirements

Add Example Section:

.EXAMPLE
    # Configuration with OpenAI Codex MCP server
    # .mcp.json:
    # {
    #   "mcpServers": {
    #     "openai-codex": {
    #       "type": "stdio",
    #       "command": "npx",
    #       "args": ["-y", "@cexll/codex-mcp-server"],
    #       "env": { "OPENAI_API_KEY": "${OPENAI_API_KEY}" }
    #     }
    #   }
    # }

Update .LINK Section (line 65-68):

• Add link to OpenAI Codex MCP documentation
• Add link to @cexll/codex-mcp-server npm package
• Reference MCP server registry if applicable

Update file:scripts/README.md

Add OpenAI Codex example to the Sync-McpConfig.ps1 section (around line 268):

• Document Codex server configuration format
• Explain security best practices for API key handling
• Note that environment variable expansion is supported (${OPENAI_API_KEY})
• Warn against committing API keys directly in configuration files

5. Security Considerations

API Key Handling Documentation

Create inline comments and documentation covering:

• Use environment variable expansion: "OPENAI_API_KEY": "${OPENAI_API_KEY}"
• Never hardcode API keys in .mcp.json files
• Consider using .gitignore patterns for local configuration overrides
• Document that the script does not log or expose env values

Symlink Security

Verify existing symlink rejection logic (lines 150-156, 234-239) applies to Codex configurations:

• Source file symlink rejection
• Destination file symlink rejection
• Error messages reference security policy

6. Integration Testing

Manual Testing Checklist

Test the following scenarios:

1. Basic Functionality

   • Add Codex server to file:.mcp.json
   • Run .\scripts\Sync-McpConfig.ps1 -Target vscode
   • Verify file:.vscode/mcp.json contains Codex with servers key
   • Run .\scripts\Sync-McpConfig.ps1 -Target factory
   • Verify file:.factory/mcp.json contains Codex with mcpServers key

2. SyncAll Functionality

   • Run .\scripts\Sync-McpConfig.ps1 -SyncAll
   • Verify both Factory and VS Code configs are generated correctly
   • Confirm Serena transformations still work in VS Code output
   • Confirm Codex configuration is correct in both outputs

3. Multi-Server Configuration

   • Test with Serena, Codex, deepwiki, and forgetful all present
   • Verify each server is handled correctly
   • Confirm no cross-contamination of transformations

4. Security Validation

   • Test with OPENAI_API_KEY environment variable set
   • Verify variable expansion works in generated configs
   • Confirm no API keys are logged to console output

7. Test Execution and Validation

Run Pester Tests

.\build\scripts\Invoke-PesterTests.ps1 -TestPath "scripts/tests/Sync-McpConfig.Tests.ps1"

Expected Outcome:

• All existing tests continue to pass (58/58 baseline)
• New Codex-specific tests pass (estimate +15-20 new tests)
• Total test count: ~73-78 tests passing

PSScriptAnalyzer Validation

Invoke-ScriptAnalyzer -Path .\scripts\Sync-McpConfig.ps1

• Verify no new warnings or errors introduced
• Confirm code follows PowerShell best practices

Architecture Diagram

sequenceDiagram
    participant User
    participant SyncScript as Sync-McpConfig.ps1
    participant SourceFile as .mcp.json
    participant VSCodeFile as .vscode/mcp.json
    participant FactoryFile as .factory/mcp.json

    User->>SyncScript: Execute with -Target or -SyncAll
    SyncScript->>SourceFile: Read configuration
    SourceFile-->>SyncScript: Return mcpServers (Serena, Codex, etc.)
    
    alt Target: vscode
        SyncScript->>SyncScript: Transform mcpServers → servers
        SyncScript->>SyncScript: Apply Serena transformations<br/>(context: claude-code → ide, port: 24282 → 24283)
        SyncScript->>SyncScript: Apply Codex transformations<br/>(pass-through, no changes needed)
        SyncScript->>VSCodeFile: Write transformed config
        VSCodeFile-->>User: .vscode/mcp.json created
    else Target: factory
        SyncScript->>SyncScript: Preserve mcpServers key
        SyncScript->>SyncScript: No transformations (pass-through)
        SyncScript->>FactoryFile: Write config
        FactoryFile-->>User: .factory/mcp.json created
    else SyncAll
        SyncScript->>SyncScript: Recursive call with -Target vscode
        SyncScript->>VSCodeFile: Write VS Code config
        SyncScript->>SyncScript: Recursive call with -Target factory
        SyncScript->>FactoryFile: Write Factory config
        VSCodeFile-->>User: Both configs created
        FactoryFile-->>User: Both configs created
    end

Loading

Configuration Format Comparison

Platform	File Location	Root Key	Codex Transformations
Claude Code	file:.mcp.json	mcpServers	None (source of truth)
VS Code	file:.vscode/mcp.json	servers	None (pass-through)
Factory	file:.factory/mcp.json	mcpServers	None (pass-through)
Serena (VS Code)	file:.vscode/mcp.json	servers	Context & Port changes

Open Questions Resolution

Based on research conducted, here are answers to the ticket's open questions:

1. What are the actual OpenAI Codex MCP server configuration parameters?

   • Standard MCP stdio configuration: command, args, env, type
   • Common packages: @cexll/codex-mcp-server, @trishchuk/codex-mcp-tool
   • Requires OPENAI_API_KEY environment variable

2. Are there VS Code-specific requirements for Codex?

   • No platform-specific transformations discovered (unlike Serena)
   • Configuration remains consistent across platforms
   • Only root key transformation needed (mcpServers → servers)

3. Does Factory require different Codex configuration than Claude Code?

   • No, Factory uses identical format to Claude Code (mcpServers key)
   • Pass-through configuration (no transformations)

4. How should API keys be handled?

   • Use environment variable expansion: ${OPENAI_API_KEY}
   • Never commit hardcoded API keys
   • Document security best practices in script help and README

5. What is the official package name for OpenAI Codex MCP server?

   • Multiple community implementations exist
   • Most common: @cexll/codex-mcp-server
   • Alternative: @trishchuk/codex-mcp-tool, tuannvm/codex-mcp-server
   • Document all variants in help text

Success Criteria Validation

All acceptance criteria from the ticket will be met:

• AC1: Script processes Codex entries without errors ✓
• AC2: VS Code transformations applied (pass-through if no changes needed) ✓
• AC3: Factory compatibility maintained (pass-through) ✓
• AC4: Documentation includes examples, transformations, and links ✓
• AC5: Test coverage for all scenarios ✓
• AC6: Security validation for API keys and symlinks ✓

Import In IDE

🤖 Prompt for AI Agents

## Observations

The `file:scripts/Sync-McpConfig.ps1` script already has a robust architecture for handling MCP server configurations with platform-specific transformations. The Serena server implementation (lines 182-199) serves as a template, transforming `--context claude-code` to `--context ide` and `--port 24282` to `--port 24283` for VS Code compatibility. Research indicates that OpenAI Codex MCP servers (primarily `@cexll/codex-mcp-server`, `@trishchuk/codex-mcp-tool`, or community variants) use standard `npx` execution with no documented platform-specific parameter requirements, unlike Serena's context/port transformations.

## Approach

The implementation follows the existing Serena transformation pattern but adapts it for OpenAI Codex MCP servers. Since research reveals no platform-specific transformations are required for Codex (the configuration remains consistent across Claude Code, VS Code, and Factory), the focus shifts to: (1) adding detection logic for Codex server entries, (2) implementing a pass-through transformation structure for future extensibility, (3) comprehensive test coverage mirroring the Serena test patterns, and (4) documentation updates with configuration examples and security guidance for API key handling.

## Implementation Steps

### 1. Research and Validation Phase

**Verify OpenAI Codex MCP Server Configuration**
- Confirm the canonical npm package name(s) for OpenAI Codex MCP servers (`@cexll/codex-mcp-server`, `@trishchuk/codex-mcp-tool`, or `tuannvm/codex-mcp-server`)
- Document the standard configuration structure in `file:.mcp.json` format
- Verify whether any platform-specific transformations are needed for VS Code or Factory (current research suggests none are required)
- Test actual Codex MCP server behavior in Claude Code, VS Code, and Factory environments if possible

**Expected Configuration Format**:
```json
{
  "mcpServers": {
    "openai-codex": {
      "type": "stdio",
      "command": "npx",
      "args": ["-y", "@cexll/codex-mcp-server"],
      "env": {
        "OPENAI_API_KEY": "${OPENAI_API_KEY}"
      }
    }
  }
}
```

### 2. Code Implementation in Sync-McpConfig.ps1

**Add Codex Detection and Transformation Logic**

Locate the VS Code transformation section (after line 199 in `file:scripts/Sync-McpConfig.ps1`) and add Codex-specific handling:

- Implement server name detection for common Codex MCP server names: `openai-codex`, `codex-cli`, `codex_cli`, `codex-mcp`, etc.
- Create deep clone logic similar to Serena implementation (lines 184-191)
- Add transformation logic structure (even if pass-through initially) for future extensibility
- Ensure the transformation only applies when `-Target vscode` is specified
- Preserve original configuration for Factory target (no transformation needed)

**Key Implementation Points**:
- Use the same deep cloning pattern as Serena to avoid modifying source data
- Check for both `ContainsKey` on server name and `args` property existence
- Apply transformations only to the `args` array if modifications are needed
- Document any discovered platform-specific requirements in inline comments

**Pseudo-structure** (following Serena pattern at lines 182-199):
```powershell
# After Serena transformation block
if ($servers.ContainsKey('openai-codex') -and $servers['openai-codex'].ContainsKey('args')) {
    # Deep clone the codex config
    $codexConfig = @{}
    foreach ($key in $servers['openai-codex'].Keys) {
        if ($key -eq 'args') {
            $codexConfig[$key] = @($servers['openai-codex']['args'])
        } else {
            $codexConfig[$key] = $servers['openai-codex'][$key]
        }
    }
    
    # Apply VS Code specific transforms (if any discovered)
    # Currently: pass-through (no transformations needed based on research)
    # Future: Add transformations here if platform differences are identified
    
    $servers['openai-codex'] = $codexConfig
}
```

### 3. Test Coverage Implementation

**Extend Pester Tests in file:scripts/tests/Sync-McpConfig.Tests.ps1**

Add comprehensive test coverage following the Serena test pattern (lines 309-486):

**Test Categories to Implement**:

1. **Basic Codex Configuration Tests**
   - Verify Codex server entry is preserved in VS Code output
   - Verify Codex server entry is preserved in Factory output
   - Confirm `servers` key transformation for VS Code
   - Confirm `mcpServers` key preservation for Factory

2. **Transformation Tests** (even if pass-through)
   - Test that Codex `args` array is preserved correctly
   - Test that Codex `env` variables are preserved
   - Test that Codex `command` property is unchanged
   - Verify no unintended modifications to Codex configuration

3. **Multi-Server Tests**
   - Test configuration with both Serena and Codex servers
   - Verify Serena transformations still work when Codex is present
   - Test with Codex, Serena, deepwiki, and forgetful all present

4. **Edge Cases**
   - Test Codex server without `args` property
   - Test Codex server with empty `args` array
   - Test Codex server with various naming conventions (`openai-codex`, `codex-cli`, `codex_cli`)
   - Test malformed Codex configuration handling

5. **Security Tests**
   - Verify API keys in `env` are not logged or exposed
   - Test symlink rejection for Codex configurations
   - Validate environment variable expansion syntax (`${OPENAI_API_KEY}`)

**Test Structure Example** (following Serena pattern):
```powershell
Describe 'OpenAI Codex Transformations' {
    Context 'VS Code Target' {
        It 'Preserves Codex configuration in VS Code format' { }
        It 'Applies any VS Code-specific transformations' { }
        It 'Does not modify other Codex properties' { }
    }
    
    Context 'Factory Target' {
        It 'Passes through Codex configuration unchanged' { }
    }
    
    Context 'Security' {
        It 'Does not expose API keys in output' { }
        It 'Validates environment variable syntax' { }
    }
}
```

### 4. Documentation Updates

**Update Script Help Text in file:scripts/Sync-McpConfig.ps1**

Modify the `.DESCRIPTION` section (lines 5-21):
- Add OpenAI Codex to the list of servers with specific transformations
- Document that Codex configuration is preserved across platforms (if no transformations needed)
- Note any discovered platform-specific requirements

**Add Example Section**:
```powershell
.EXAMPLE
    # Configuration with OpenAI Codex MCP server
    # .mcp.json:
    # {
    #   "mcpServers": {
    #     "openai-codex": {
    #       "type": "stdio",
    #       "command": "npx",
    #       "args": ["-y", "@cexll/codex-mcp-server"],
    #       "env": { "OPENAI_API_KEY": "${OPENAI_API_KEY}" }
    #     }
    #   }
    # }
```

**Update .LINK Section** (line 65-68):
- Add link to OpenAI Codex MCP documentation
- Add link to `@cexll/codex-mcp-server` npm package
- Reference MCP server registry if applicable

**Update file:scripts/README.md**

Add OpenAI Codex example to the `Sync-McpConfig.ps1` section (around line 268):
- Document Codex server configuration format
- Explain security best practices for API key handling
- Note that environment variable expansion is supported (`${OPENAI_API_KEY}`)
- Warn against committing API keys directly in configuration files

### 5. Security Considerations

**API Key Handling Documentation**

Create inline comments and documentation covering:
- Use environment variable expansion: `"OPENAI_API_KEY": "${OPENAI_API_KEY}"`
- Never hardcode API keys in `.mcp.json` files
- Consider using `.gitignore` patterns for local configuration overrides
- Document that the script does not log or expose `env` values

**Symlink Security**

Verify existing symlink rejection logic (lines 150-156, 234-239) applies to Codex configurations:
- Source file symlink rejection
- Destination file symlink rejection
- Error messages reference security policy

### 6. Integration Testing

**Manual Testing Checklist**

Test the following scenarios:

1. **Basic Functionality**
   - Add Codex server to `file:.mcp.json`
   - Run `.\scripts\Sync-McpConfig.ps1 -Target vscode`
   - Verify `file:.vscode/mcp.json` contains Codex with `servers` key
   - Run `.\scripts\Sync-McpConfig.ps1 -Target factory`
   - Verify `file:.factory/mcp.json` contains Codex with `mcpServers` key

2. **SyncAll Functionality**
   - Run `.\scripts\Sync-McpConfig.ps1 -SyncAll`
   - Verify both Factory and VS Code configs are generated correctly
   - Confirm Serena transformations still work in VS Code output
   - Confirm Codex configuration is correct in both outputs

3. **Multi-Server Configuration**
   - Test with Serena, Codex, deepwiki, and forgetful all present
   - Verify each server is handled correctly
   - Confirm no cross-contamination of transformations

4. **Security Validation**
   - Test with `OPENAI_API_KEY` environment variable set
   - Verify variable expansion works in generated configs
   - Confirm no API keys are logged to console output

### 7. Test Execution and Validation

**Run Pester Tests**
```powershell
.\build\scripts\Invoke-PesterTests.ps1 -TestPath "scripts/tests/Sync-McpConfig.Tests.ps1"
```

**Expected Outcome**:
- All existing tests continue to pass (58/58 baseline)
- New Codex-specific tests pass (estimate +15-20 new tests)
- Total test count: ~73-78 tests passing

**PSScriptAnalyzer Validation**
```powershell
Invoke-ScriptAnalyzer -Path .\scripts\Sync-McpConfig.ps1
```
- Verify no new warnings or errors introduced
- Confirm code follows PowerShell best practices

## Architecture Diagram

```mermaid
sequenceDiagram
    participant User
    participant SyncScript as Sync-McpConfig.ps1
    participant SourceFile as .mcp.json
    participant VSCodeFile as .vscode/mcp.json
    participant FactoryFile as .factory/mcp.json

    User->>SyncScript: Execute with -Target or -SyncAll
    SyncScript->>SourceFile: Read configuration
    SourceFile-->>SyncScript: Return mcpServers (Serena, Codex, etc.)
    
    alt Target: vscode
        SyncScript->>SyncScript: Transform mcpServers → servers
        SyncScript->>SyncScript: Apply Serena transformations<br/>(context: claude-code → ide, port: 24282 → 24283)
        SyncScript->>SyncScript: Apply Codex transformations<br/>(pass-through, no changes needed)
        SyncScript->>VSCodeFile: Write transformed config
        VSCodeFile-->>User: .vscode/mcp.json created
    else Target: factory
        SyncScript->>SyncScript: Preserve mcpServers key
        SyncScript->>SyncScript: No transformations (pass-through)
        SyncScript->>FactoryFile: Write config
        FactoryFile-->>User: .factory/mcp.json created
    else SyncAll
        SyncScript->>SyncScript: Recursive call with -Target vscode
        SyncScript->>VSCodeFile: Write VS Code config
        SyncScript->>SyncScript: Recursive call with -Target factory
        SyncScript->>FactoryFile: Write Factory config
        VSCodeFile-->>User: Both configs created
        FactoryFile-->>User: Both configs created
    end
```

## Configuration Format Comparison

| Platform | File Location | Root Key | Codex Transformations |
|----------|--------------|----------|----------------------|
| Claude Code | `file:.mcp.json` | `mcpServers` | None (source of truth) |
| VS Code | `file:.vscode/mcp.json` | `servers` | None (pass-through) |
| Factory | `file:.factory/mcp.json` | `mcpServers` | None (pass-through) |
| Serena (VS Code) | `file:.vscode/mcp.json` | `servers` | Context & Port changes |

## Open Questions Resolution

Based on research conducted, here are answers to the ticket's open questions:

1. **What are the actual OpenAI Codex MCP server configuration parameters?**
   - Standard MCP stdio configuration: `command`, `args`, `env`, `type`
   - Common packages: `@cexll/codex-mcp-server`, `@trishchuk/codex-mcp-tool`
   - Requires `OPENAI_API_KEY` environment variable

2. **Are there VS Code-specific requirements for Codex?**
   - No platform-specific transformations discovered (unlike Serena)
   - Configuration remains consistent across platforms
   - Only root key transformation needed (`mcpServers` → `servers`)

3. **Does Factory require different Codex configuration than Claude Code?**
   - No, Factory uses identical format to Claude Code (`mcpServers` key)
   - Pass-through configuration (no transformations)

4. **How should API keys be handled?**
   - Use environment variable expansion: `${OPENAI_API_KEY}`
   - Never commit hardcoded API keys
   - Document security best practices in script help and README

5. **What is the official package name for OpenAI Codex MCP server?**
   - Multiple community implementations exist
   - Most common: `@cexll/codex-mcp-server`
   - Alternative: `@trishchuk/codex-mcp-tool`, `tuannvm/codex-mcp-server`
   - Document all variants in help text

## Success Criteria Validation

All acceptance criteria from the ticket will be met:

- **AC1**: Script processes Codex entries without errors ✓
- **AC2**: VS Code transformations applied (pass-through if no changes needed) ✓
- **AC3**: Factory compatibility maintained (pass-through) ✓
- **AC4**: Documentation includes examples, transformations, and links ✓
- **AC5**: Test coverage for all scenarios ✓
- **AC6**: Security validation for API keys and symlinks ✓

---

Execution Information

Branch: main
Commit: e0978d3

---

💡 Tips

Supported Commands (Inside Comments)

• Use @traycerai generate to iterate on the previous version of the implementation plan.

Supported Commands (Inside Description)

• Add @traycerai ignore anywhere in the ticket description to prevent this ticket from being processed.
• Add @traycerai branch:<branch-name> anywhere in the ticket description to specify the target branch for the implementation plan.

Community

• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

Warning

Something went wrong while processing your request.

Reference ID: 96c7e004-f2d9-47fa-8b22-cb522cd0c7ad

Please try again or contact support if the issue persists, referencing this ID.

[rjmurillo-bot]

Additional Context: OpenAI Codex MCP Configuration

Based on the OpenAI Codex documentation, here are the key configuration details:

Configuration Format

OpenAI Codex uses ~/.codex/config.toml with [mcp_servers.<server-name>] tables, which differs from Claude Code's .mcp.json format. This suggests we need to determine:

1. Is this about integrating OpenAI as an MCP server for Claude Code? (Similar to deepwiki and forgetful in our current .mcp.json)
2. Or is this about syncing configs between Claude Code and OpenAI Codex? (Different product/tool)

STDIO Server Parameters (from OpenAI Codex docs)

• command (required) - startup instruction
• args (optional) - command arguments
• env (optional) - environment variables
• cwd (optional) - working directory

HTTP Server Parameters

• url (required) - server address
• bearer_token_env_var (optional) - authorization token variable
• http_headers (optional) - static header values

Optional Settings

• startup_timeout_sec
• tool_timeout_sec
• enabled
• enabled_tools
• disabled_tools

Platform Support

OpenAI Codex supports MCP servers in both CLI and IDE extension with shared configuration.

Example (from docs)

[mcp_servers.context7]
command = "npx"
args = ["-y", "@upstash/context7-mcp"]

[mcp_servers.context7.env]
# environment variables here

Next Steps

Need clarification on:

1. Are we adding an OpenAI-powered MCP server to Claude Code's .mcp.json?
2. What transformations are needed for VS Code vs Factory?
3. What is the actual npm package or command for the OpenAI MCP server?

References

• https://developers.openai.com/codex/mcp
• https://github.com/openai/codex/blob/main/docs/config.md#mcp_servers

[coderabbitai]

📝 CodeRabbit Plan Mode

Generate an implementation plan and prompts that you can use with your favorite coding agent.

• Create Plan

Examples

• Example 1
• Example 2

---

🔗 Related PRs

#43 - feat: add shared template system for multi-platform agent generation [merged]
#60 - feat: AI-powered GitHub Actions workflows with security-hardened PowerShell implementation [merged]
#365 - fix(memory): ADR-017 compliance - rename skill- files and implement P0 validations [merged]
#753 - feat(memory): claude-mem export enhancements with security fixes [merged]
#795 - feat(a01): add Factory Droid MCP config generation support [merged]

👤 Suggested Assignees

• rjmurillo-bot
• rjmurillo

---

🧪 Issue enrichment is currently in open beta.

You can configure auto-planning by selecting labels in the issue_enrichment configuration.

To disable automatic issue enrichment, add the following to your .coderabbit.yaml:

issue_enrichment:
  auto_enrich:
    enabled: false

💬 Have feedback or questions? Drop into our discord!

[rjmurillo]

@claude Implement this to unblock Codex CLI

[claude]

Claude encountered an error —— View job

---

I'll analyze this and get back to you.

[github-actions]

Product Requirements Document

Important

This PRD was automatically generated based on issue triage escalation.
Complexity Score: 9/12 (Detailed)
Escalation Criteria: feature_request,research_required,external_dependency,multi_phase_work

About this PRD

This PRD was generated by the Explainer Agent after the issue was flagged
for detailed analysis. The document is designed to be self-contained - it can
be passed to a separate AI agent instance for implementation without additional
context.

PRD Depth Levels:

• Standard (4-6): Brief analysis, clear requirements
• Detailed (7-9): Research section, blocking questions
• Comprehensive (10-12): Phased implementation, risk analysis

---

Now I need to research OpenAI Codex CLI MCP support. Let me check for existing tests and research the OpenAI Codex CLI documentation.

I notice a discrepancy: the VS Code mcp.json shows forgetful as type: http but the source .mcp.json shows it as type: stdio. This is important context. Now let me create the comprehensive PRD based on my research.

The file creation was blocked. Let me output the PRD content directly since I cannot save it to the file system.

---

PRD: OpenAI Codex MCP Support for Sync-McpConfig.ps1

Executive Summary

The Sync-McpConfig.ps1 script synchronizes MCP server configurations from Claude Code's .mcp.json to VS Code and Factory formats. Users need support for OpenAI Codex CLI as an MCP server with platform-specific transformations similar to existing Serena support.

Scope	Status	Blocker
Codex MCP configuration parsing	🟡 PARTIAL	OpenAI Codex CLI MCP server package name and configuration format unconfirmed
VS Code transformations	🟡 PARTIAL	Platform-specific requirements for Codex unknown
Factory pass-through	🟢 READY	No transformation needed (same format as Claude)
Test coverage	🟢 READY	Follows established Pester patterns
Documentation	🟢 READY	Template exists in script help

Verdict: REQUIRES_DISCOVERY - OpenAI Codex MCP server configuration format needs confirmation before implementation.

Problem Statement

Current State

Component	Status	Notes
Sync-McpConfig.ps1	Working	322 lines, handles Serena transforms
Serena transforms	Implemented	Lines 182-199, changes context/port for VS Code
Factory support	Implemented	Pass-through, same format as Claude
VS Code support	Implemented	Transforms mcpServers to servers key
OpenAI Codex support	Not present	No recognition or transformation logic

Gap Analysis

1. No Codex recognition: Script does not identify OpenAI Codex entries
2. No platform transforms: Unknown if Codex requires VS Code-specific parameters
3. No documentation: Script help lacks Codex configuration examples
4. No test coverage: Pester tests do not exist for Sync-McpConfig.ps1

User Impact

Developers using OpenAI Codex CLI as an MCP server cannot use Sync-McpConfig.ps1 to manage configurations across Claude Code, VS Code, and Factory. Manual configuration is error-prone and time-consuming.

Research Findings

Primary Sources

OpenAI Codex CLI Documentation

• Source: OpenAI official documentation
• Confidence: UNCERTAIN - No official MCP server package identified
• Finding: OpenAI Codex CLI is a terminal-based coding assistant. It does not appear to publish an official MCP server package like @openai/codex-mcp-server.

Model Context Protocol Specification

• Source: https://modelcontextprotocol.io/
• Confidence: CONFIRMED
• Finding: MCP servers use stdio or HTTP transport. Configuration requires command, args, or url depending on transport type.

Existing Pattern: Serena Transformation

• Source: scripts/Sync-McpConfig.ps1 lines 182-199
• Confidence: CONFIRMED
• Finding: Serena requires context change (claude-code to ide) and port change (24282 to 24283) for VS Code.

Empirical Data

Current .mcp.json Structure

{
  "mcpServers": {
    "serena": { "type": "stdio", "command": "uvx", "args": [...] },
    "deepwiki": { "type": "http", "url": "https://mcp.deepwiki.com/mcp" },
    "forgetful": { "type": "stdio", "command": "uvx", "args": ["forgetful-ai"] }
  }
}

Proposed Solution

Phase 0: Discovery (Status: BLOCKED)

Estimated Effort: S
Blockers: OpenAI Codex MCP package not identified

Task	Description
0.1	Confirm OpenAI Codex CLI publishes MCP server or identify community package
0.2	Document Codex MCP server configuration format
0.3	Identify platform-specific requirements (VS Code vs Claude Code)

Phase 1: Core Implementation (Status: DEPENDS on Phase 0)

Estimated Effort: M
Blockers: Requires Phase 0 completion

Task	Description
1.1	Add Codex detection logic in transformation section
1.2	Implement VS Code transformations (if needed)
1.3	Add Codex configuration example to script help
1.4	Update LINK section with Codex documentation

Phase 2: Test Coverage (Status: READY)

Estimated Effort: M
Blockers: None (can create test structure now)

Task	Description
2.1	Create tests/Sync-McpConfig.Tests.ps1
2.2	Add Codex parsing tests
2.3	Add VS Code transformation tests
2.4	Add Factory pass-through tests
2.5	Add edge case tests

Phase 3: Security Validation (Status: READY)

Estimated Effort: S
Blockers: None

Task	Description
3.1	Verify API key handling follows env var pattern
3.2	Validate symlink security checks apply to Codex entries
3.3	Document secure credential patterns in help text

Functional Requirements

FR-1: Configuration Recognition

Priority: P0

ID	Requirement	Acceptance Criteria
FR-1.1	Script recognizes openai-codex server entries in .mcp.json	Config with openai-codex key parses without error
FR-1.2	Script recognizes alternative naming patterns	Handles codex, openai, codex-cli variants

FR-2: VS Code Transformations

Priority: P1

ID	Requirement	Acceptance Criteria
FR-2.1	Apply platform-specific transforms for Codex	VS Code output contains transformed values
FR-2.2	Preserve non-transformed properties	All other config properties unchanged
FR-2.3	Deep clone Codex config before transform	Source .mcp.json not mutated

FR-3: Factory Pass-Through

Priority: P1

ID	Requirement	Acceptance Criteria
FR-3.1	Codex config passes through unchanged to Factory	.factory/mcp.json matches source for Codex entries

Technical Design

Sync-McpConfig.ps1 Changes

Location: After Serena transformation (line 199)

# Transform openai-codex configuration for VS Code compatibility
if ($servers.ContainsKey('openai-codex') -and $servers['openai-codex'].ContainsKey('args')) {
    # Deep clone the codex config to avoid modifying source
    $codexConfig = @{}
    foreach ($key in $servers['openai-codex'].Keys) {
        if ($key -eq 'args') {
            $codexConfig[$key] = @($servers['openai-codex']['args'])
        } else {
            $codexConfig[$key] = $servers['openai-codex'][$key]
        }
    }

    # Apply VS Code specific transforms
    # TODO: Define transforms based on Phase 0 discovery

    $servers['openai-codex'] = $codexConfig
}

Implementation Plan

Decision Tree

Is OpenAI Codex MCP package known?
├── YES → Does it require VS Code transforms?
│         ├── YES → Implement transforms (Phase 1.2)
│         └── NO → Pass-through only (simpler implementation)
└── NO → Execute Discovery Phase (Phase 0)
         └── Return to decision tree

Risks and Mitigations

Risk	Likelihood	Impact	Mitigation
No official Codex MCP package exists	High	High	Document community alternatives or mark as BLOCKED
Codex requires incompatible configuration	Medium	Medium	Implement flexible detection pattern
API key exposure in logs	Low	High	Reuse existing output suppression patterns

Success Metrics

Metric	Target
Zero errors syncing configs with Codex entries	100% success rate
Pester test coverage	80% minimum
Documentation completeness	All sections updated
Security validation	No credential exposure

Blocking Questions

Question 1: Codex MCP Package (CRITICAL)

Question: What is the official package name for OpenAI Codex MCP server?

Context: The issue references @openai/codex-mcp-server but this package does not appear to exist in npm registry or OpenAI documentation.

Proposed Ask: "Please provide the exact npm package name or repository URL for the OpenAI Codex MCP server you want to configure."

Impact if unanswered: Cannot implement configuration parsing or transformation logic. PRD moves to BLOCKED status.

Question 2: VS Code Requirements (CRITICAL)

Question: Does OpenAI Codex require VS Code-specific configuration changes?

Context: Serena requires context (claude-code to ide) and port (24282 to 24283) changes. Does Codex have similar requirements?

Proposed Ask: "Are there VS Code-specific parameters for the Codex MCP server that differ from Claude Code configuration?"

Impact if unanswered: May implement pass-through only, missing required transforms.

Appendices

Appendix A: Research Sources

Source	URL	Confidence
MCP Specification	https://modelcontextprotocol.io/	CONFIRMED
Claude MCP Docs	https://docs.anthropic.com/claude-code/docs/mcp	CONFIRMED
VS Code MCP Docs	https://code.visualstudio.com/docs/copilot/customization/mcp-servers	CONFIRMED
Factory MCP Docs	https://docs.factory.ai/cli/configuration/mcp	CONFIRMED
OpenAI Codex CLI	https://github.com/openai/codex	UNCERTAIN

Appendix B: File References

File	Purpose
scripts/Sync-McpConfig.ps1	Target script for modifications
.mcp.json	Source configuration (Claude Code)
.vscode/mcp.json	VS Code output configuration
.factory/mcp.json	Factory output configuration
tests/Sync-McpConfig.Tests.ps1	Test file (to be created)

Appendix C: Serena Transformation Pattern

Reference implementation at lines 182-199 of Sync-McpConfig.ps1 shows the deep clone and transformation approach to follow.

_{Generated by AI PRD Generation | View Workflow}

[github-actions]

AI Triage Summary

Note

This issue has been automatically triaged by AI agents

What is AI Triage?

This issue was analyzed by AI agents:

• Analyst Agent: Categorizes the issue and suggests appropriate labels
• Roadmap Agent: Aligns the issue with project milestones and priorities
• Explainer Agent (if escalated): Generates comprehensive PRD

Triage Results

Property	Value
Category	enhancement
Labels	["enhancement","area-infrastructure"]
Priority	P1
Milestone	v1.1
PRD Escalation	Generated (see below)

Categorization Analysis

```json
{
  "labels": ["enhancement", "area-infrastructure"],
  "category": "enhancement",
  "confidence": 0.95,
  "reasoning": "Issue is a PRD requesting new OpenAI Codex MCP server support in Sync-McpConfig.ps1, which is infrastructure tooling for configuration synchronization"
}

</details>

<details>
<summary>Roadmap Alignment</summary>

```json
```json
{
  "milestone": "v1.1",
  "priority": "P1",
  "epic_alignment": "",
  "confidence": 0.70,
  "reasoning": "Feature request for MCP config tooling aligns with v1.1 maintainability focus and existing Sync-McpConfig.ps1 pattern (Serena support); requires research on OpenAI Codex MCP specs.",
  "escalate_to_prd": true,
  "escalation_criteria": ["feature_request", "research_required", "external_dependency", "multi_phase_work"],
  "complexity_score": 9
}

</details>

---

<sub>Powered by [AI Issue Triage](https://github.com/rjmurillo/ai-agents) workflow</sub>