rldyour-codex is the rldyour AI CLI configuration for Codex: plugin marketplace, system install, MCP servers, hooks, managed agents, runtime validation, and Serena memory.
rldyour-codex is a rldyour AI CLI configuration package for Codex: plugin marketplace, system install, MCP servers, hooks, managed agents, runtime validation, and Serena memory. It is authored by Danil Silantyev (github:rldyourmnd), CEO NDDev and owns rldyour plugins, MCP server runtime definitions, skills, Codex lifecycle hooks, managed subagent role configs, execpolicy rules, validation scripts, installer/rollback tooling, CI checks, and Serena project knowledge.
It is not a generic preset, not an automatic configuration takeover, and not a bundle of unrelated third-party opinions. It is a controlled catalog where nothing is treated as enabled or correct unless explicitly decided by the maintainer.
| Field | Value |
|---|---|
| Adapter version | 1.3.4 |
| Runtime baseline | Codex CLI 0.139.0 (@openai/codex) |
| GitHub release tag | 1.3.4 |
| Pinned commit | 9b889c770936f34d922cfd4ed681d009f6aec317 |
The runtime baseline reference is references/codex-baseline.json, verified 2026-06-10. The npm package is @openai/codex; the upstream release artifact is at https://github.com/openai/codex/releases/tag/rust-v0.139.0.
rldyour-codex is a configuration package for the Codex CLI - it is not a fork of the upstream Codex runtime and does not modify Codex internals. It owns the plugin marketplace definition, system installer and rollback tooling, managed subagent role configs, execpolicy rules, MCP server runtime definitions, lifecycle hooks, skills, runtime validation lanes, CI workflows, and Serena project memory for the Codex adapter. The active catalog currently includes 10 plugins and 44 skills. Slash commands are intentionally absent; Codex uses skills and managed subagents as the public invocation surface.
Codex reads configuration from TOML files rooted at $CODEX_HOME (default ~/.codex):
~/.codex/config.toml: main config - model defaults,[tui]status line, global permissions posture, and[mcp_servers.*]runtime MCP server entries.~/.codex/rldyour-yolo.config.toml:--profile rldyour-yolooverlay -approval_policy = "never",sandbox_mode = "danger-full-access", owner-standard full-auto defaults.~/.codex/rldyour-safe.config.toml:--profile rldyour-safeoverlay -approval_policy = "on-request",sandbox_mode = "workspace-write".~/.codex/agents/*.toml: managed subagent role configs, installed fromsystem/agents/*.toml.~/.codex/rules/: managed execpolicy rules, installed fromsystem/rules/*.rules.
The repository's plugins/rldyour-mcps/.mcp.json is the portable source of truth for MCP server definitions. The installer resolves portable commands (uvx, bunx, dart) to local executable paths and writes the resolved entries to [mcp_servers.*] in ~/.codex/config.toml; .mcp.json is plugin metadata, not a Codex-native runtime format. The Codex plugin format is plugins/<plugin>/.codex-plugin/plugin.json with manifest-linked skills, hooks, and assets. The marketplace catalog is .agents/plugins/marketplace.json.
MCP launcher packages are pinned in .mcp.json and mirrored in config/mcp-runtime-versions.env; marketplace validation fails if these sources drift. Host runtime pins for Node major, Bun, Dart SDK, and GitHub MCP also live in config/mcp-runtime-versions.env so local setup, GitHub Actions, and the devcontainer share one source of truth.
Runtime install or update - on machines that need a Codex CLI install or update:
curl -fsSL https://chatgpt.com/codex/install.sh | CODEX_NON_INTERACTIVE=1 sh
npm install -g @openai/codex@0.139.0
codex --version
codex doctorSystem config install - dry-run first, then apply:
scripts/install_system_codex.sh --dry-run
scripts/install_system_codex.sh --apply
scripts/doctor_system_codex.shApply the owner-standard full-access profile explicitly:
scripts/install_system_codex.sh --apply --owner-modeConservative override (safe mode):
scripts/install_system_codex.sh --apply --safe-mode
scripts/doctor_system_codex.sh --safe-modeStrict runtime mode (fully reproducible environment):
scripts/install_system_codex.sh --apply --strict-runtime
scripts/doctor_system_codex.sh --strict-runtime
python3 scripts/validate_runtime_prereqs.py --strict --require-codexFull bootstrap smoke on a new or resynced machine:
scripts/bootstrap_check.sh --applyry-repair convergence - plan and apply installed-runtime diagnostics:
scripts/ry_repair_sync.py --plan --apply-system --latest-from-github --jsonReports NOT PROVEN when codex is not available locally.
Plugin marketplace local install:
codex plugin marketplace add .
codex plugin list --jsonThe installer writes ~/.codex/AGENTS.md, managed subagent role configs, execpolicy rules, registered marketplace, enabled plugins, approved MCP servers, Codex lifecycle hooks, the official Codex config schema hint, owner-standard full-auto permission defaults (unless --safe-mode), both profile layers, maintainer-selected model defaults, approved MCP tool overrides, the owner [tui] status line, and the versioned local plugin cache at ~/.codex/plugins/cache/rldyour-codex/<plugin>/<version>. Existing managed files are backed up before write operations. Credentials and OAuth tokens are never written.
The active marketplace contains 10 plugins and 44 skills:
Plugins:
rldyour-mcps: the maintainer's approved MCP server set for Codex.rldyour-explore: research skills for technical MCP research and authoritative web research.rldyour-serena-mcp: Serena-first semantic code workflow, fact-only.serenamemory sync, plans, research archive, and lifecycle hooks.rldyour-security: non-blocking OWASP Top 10 2025 secure-implementation guidance andry-sec-reviewsecurity review skill.rldyour-browser: provider-routed browser workflows for Webwright, Playwright CLI, and Chrome DevTools MCP.rldyour-design: Figma → code, centralized i18n, dynamic/static content classification, token-based design system, reusable UI kit, strict FSD frontend architecture, shadcn/ui, ReactBits, and browser validation workflows.rldyour-lsps: language-server routing, health checks, brew-first setup profiles, and Serena LSP integration guidance.rldyour-flow: autonomous SDLC workflows forry-init,ry-start,ry-newp,ry-review,ry-repair,ry-deploy, scoped context packs, context sufficiency gates, instruction docs sync, fast offline SessionStart worktree bootstrap/context dispatcher hooks, cwd-safe PreToolUse guardrails, advisory commit hooks, reviewer tracks, and post-task synchronization.rldyour-rules: quality-first engineering rules, architecture boundaries, implementation discipline, dependency compatibility, verification gates, Codex and Claude Code project instructions, ADR policy, andry-rules-review.rldyour-orchestrator: cmux orchestrator and worker skills for macOS multi-pane orchestration.
MCP servers (11): chrome-devtools, context7, dart-flutter, deepwiki, figma, grep, github, openaiDeveloperDocs, sequential-thinking, serena, shadcn.
Managed subagents (8 roles): research-explorer, architecture-reviewer, browser-tester, consistency-reviewer, quality-reviewer, security-audit, test-reviewer, serena-sync.
Hooks (9 lifecycles): UserPromptSubmit sync-required check, SessionStart context dispatcher, Stop memory-sync and lifecycle dispatcher, PostToolUse commit advice and sync marker, PreToolUse cwd guard and git policy.
Execpolicy rules (system/rules/*.rules): hard rails for root deletion, direct forced Git pushes, secret-key disclosure, and release/deploy side effects.
The Codex adapter contract lives in config/rldyour-contract.json and is documented in docs/contract-matrix.md. Validate it with python3 scripts/validate_contract.py.
Architecture decisions:
- No separate
rldyour-hooksplugin - hooks live inside the plugin that owns the lifecycle behavior. - No separate
rldyour-memoriesplugin - project memory behavior belongs torldyour-serena-mcp. - No
rldyour-secalias plugin - security behavior belongs torldyour-security.
Browser automation uses three active providers, routed by task type per config/browser-automation-policy.json:
- Webwright (
rldyour-browser): task-harness provider for full autonomous browser workflows. Adapter-owned CLI wrapper; upstream-native availability is NOT_PROVEN in this adapter. - Playwright CLI (
rldyour-browser): CLI provider for Playwright test execution and browser-driven validation. - Chrome DevTools MCP (
plugins/rldyour-mcps): MCP provider for DevTools protocol access - screenshots, network inspection, console, performance traces, and heap snapshots - via thechrome-devtoolsMCP server.
The rldyour-design plugin provides Figma → code workflows, FSD frontend architecture, token-based design system implementation, shadcn/ui integration, ReactBits, and browser validation workflows layered on top of these browser providers.
Managed subagents (browser-tester) handle browser-tester review tracks. Specialist MCP servers (figma, chrome-devtools, dart-flutter, shadcn) are disabled inside managed subagents and remain parent-session tools for explicit design, browser, Flutter, or shadcn work.
Normal main branch carries product history: plugins, scripts, config, CI, docs, and generated skill bridges. Agent-only files (AGENTS.md, .serena/) are excluded from normal branch history via .git/info/exclude.
fullrepo branch is the portable complete-state branch for agent-only files. It is built from current HEAD plus local agent-only files and pushed with --force-with-lease.
scripts/worktree_add.sh <branch> [path]
scripts/sync_fullrepo_branch.sh --restore
scripts/sync_fullrepo_branch.sh --migrate-main
scripts/sync_fullrepo_branch.sh --publish
scripts/sync_fullrepo_branch.sh --status--restore initializes local agent context from origin/fullrepo. --migrate-main removes tracked agent-only files from the current branch index while keeping them locally. --publish builds and pushes the snapshot.
Serena memory is managed by rldyour-serena-mcp. Memory is fact-only: verified code, git diffs, and test results - no speculation, plans, chat history, or secrets. The serena-sync managed subagent handles memory synchronization on the Stop hook advisory.
Local pre-push guard:
scripts/install_local_git_hooks.sh --dry-run
scripts/install_local_git_hooks.sh --applyThe guard is branch-aware: product branches enforce strict protection against agent-only paths and AI-marker additions; the fullrepo branch allows durable AI context while blocking credentials, runtime markers, browser artifacts, and local env files.
In external or colleague-owned repositories, .rldyour/project-policy.json is the executable source of truth and may disable fullrepo, allow instruction docs on normal branches, and disable branch-cleanup blockers.
The owner full-auto standard posture is the rldyour-yolo profile:
approval_policy = "never"sandbox_mode = "danger-full-access"(legacy sandbox dialect)- No active
default_permissionspermission-profile field whilesandbox_modeis present
Launch with the owner-standard full-auto profile:
codex --profile rldyour-yolo --dangerously-bypass-approvals-and-sandboxThis posture grants unrestricted shell access on the owner workstation. It is not a sandbox. Permissions are not a security boundary in this mode - they are an ergonomic preference. The conservative override is --safe-mode (approval_policy = "on-request", sandbox_mode = "workspace-write").
Execpolicy rules (system/rules/*.rules) add hard behavioral rails independent of the permission model: they block root deletion, direct forced Git pushes, secret-key disclosure, and release/deploy side effects. Validate with codex execpolicy check.
Secrets policy: credentials, OAuth tokens, cookies, and private keys are never stored in this repository. MCP server credentials are environment-variable-injected at runtime. GitHub Actions workflows pin external actions to full commit SHAs with the human-readable tag as an inline comment; pin enforcement is checked by scripts/validate_action_pins.py and gated in CI.
MCP trust boundary: only the servers listed in plugins/rldyour-mcps/.mcp.json are approved. Local MCP launcher packages are pinned in .mcp.json and config/mcp-runtime-versions.env; validation fails on drift. OAuth-gated MCP endpoints are skipped in capability smoke unless --include-auth is explicitly passed.
See SECURITY.md for private disclosure procedure and supported surface. Report vulnerabilities through GitHub Security Advisories.
Fast / static:
scripts/validate_fast.sh
python3 scripts/validate_contract.py
python3 scripts/validate_action_pins.py
python3 scripts/validate_runtime_prereqs.py
plugins/rldyour-flow/scripts/instruction_docs_state.py --json | python3 -m json.tool
python3 scripts/validate_instruction_docs.py --require-agent-docsAdapter-deep:
scripts/validate_release.sh
scripts/validate_execpolicy_rules.sh
python3 scripts/validate_agent_tools.pyInstalled-runtime:
scripts/validate_runtime.sh --strict-runtime
scripts/doctor_system_codex.sh
scripts/doctor_system_codex.sh --quick --strict-runtime
scripts/smoke_hooks.sh
scripts/smoke_local_git_guard.sh
scripts/smoke_flow_branch_cleanup.sh
scripts/smoke_clean_bootstrap.sh
scripts/smoke_fullrepo_sync.sh
scripts/smoke_serena_memory_freshness.sh
scripts/smoke_serena_memory_taxonomy.shLive-network / MCP:
scripts/smoke_mcp_runtime.sh
scripts/smoke_mcp_capabilities.shscripts/smoke_mcp_runtime.sh validates remote MCP endpoints with a Streamable HTTP initialize POST preflight. OAuth-gated endpoints may pass with 401/403; 405 is not accepted as a POST initialize result. scripts/smoke_mcp_capabilities.sh runs initialize, list_tools, and safe call_tool probes, retrying each server five times to absorb transient failures. Figma is skipped by default; pass --include-auth only after authorizing that runtime.
NOT_PROVEN policy: any smoke lane that requires a live runtime (codex, installed MCP, network endpoints) reports NOT PROVEN when the dependency is unavailable locally; it does not fail the static gate.
Adapter version is stored in VERSION. Plugin behavior versions stay in plugins/<plugin>/.codex-plugin/plugin.json. Release notes live in CHANGELOG.md. A numeric GitHub Release is required for every public adapter product version; a VERSION file alone is not sufficient.
The release.yml GitHub Actions workflow triggers on a SemVer tag matching X.Y.Z[-pre]. It validates VERSION and CHANGELOG.md, builds a deterministic bundle, generates a release manifest and SPDX 2.3 SBOM, exports the GitHub dependency-graph SBOM when available, attaches artifact attestations, and publishes the GitHub Release. workflow_dispatch is available as a fallback.
Operational commands:
python3 scripts/release_manifest.py
python3 scripts/check_mcp_runtime_versions.py
scripts/rollback_system_codex.sh --list
scripts/collect_diagnostics.shReference docs:
- docs/release-process.md: versioning, changelog, release evidence, and tag flow.
- docs/rollback-restore.md: safe restore from installer backups or older Git tags.
- docs/dependency-updates.md: pinned MCP runtime update policy.
- docs/observability.md: diagnostics, CI artifacts, and failure triage.
- docs/github-branch-protection.md: desired branch protection state.
License: AGPL-3.0-or-later. See LICENSE for the full text. The AGPL-3.0 Remote Network Interaction clause (Section 13) applies: if you run a modified version and make it available to others over a network, you must offer the corresponding source under the same license. Operating the unmodified upstream release does not trigger additional obligations.
Author: Danil Silantyev (github:rldyourmnd), CEO NDDev.
Security contact: report vulnerabilities privately through GitHub Security Advisories at https://github.com/NDDev-it-com/rldyour-codex/security/advisories. See SECURITY.md for the supported surface and private disclosure procedure.
Contributing: see CONTRIBUTING.md for local setup, validation, change rules, and pull request expectations. Participants are expected to follow CODE_OF_CONDUCT.md.
Copyright (C) 2026 Danil Silantyev (github:rldyourmnd), CEO NDDev. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.