OpenAI Codex CLI.

Codex CLI is OpenAI's agentic developer tool — a terminal-native agent that edits code, runs commands, and plugs into external tools via Model Context Protocol (MCP). Connect Agent Cert as an MCP server and Codex can certify its own decisions, verify receipts, and pull credit balances without leaving the terminal.

Add Agent Cert as an MCP server

Use the codex mcp add command:

codex mcp add agent-cert \
  --transport streamable-http \
  --url https://api.agentcert.net/mcp/sse \
  --header "X-API-Key=ak_live_..."

Codex writes the entry into ~/.codex/config.toml and will start the server automatically the next time you launch a session. To verify it's connected, run /mcp in the Codex TUI — you should see agent-cert listed alongside any other MCP servers you have configured.

Alternative — edit config.toml directly

Open ~/.codex/config.toml and add a server block:

[[mcp_servers]]
name = "agent-cert"
transport = "streamable-http"
url = "https://api.agentcert.net/mcp/sse"

[mcp_servers.headers]
"X-API-Key" = "ak_live_..."

Codex supports both stdio and streamable HTTP server transports. Agent Cert is a remote HTTP service, so use streamable-http.

Keep your key out of source control

Don't commit your API key. Use environment-variable expansion (Codex supports the same ${ENV_VAR} syntax as Claude Code):

[mcp_servers.headers]
"X-API-Key" = "${AGENT_CERT_API_KEY}"

Export the variable in your shell profile (~/.zshrc, ~/.bashrc, etc.) and Codex resolves it at connection time.

Verify the connection

In Codex's TUI:

/mcp

You should see agent-cert in the active-servers list. Then ask Codex: "What's my Agent Cert credit balance?" If you get a number back, the integration is live.

What you can do once connected

• Certify a PR / commit summary. When Codex completes a meaningful task — a bugfix, a refactor, a security patch — have it call certify_decision with the change summary as the agent_output. The resulting receipt is a portable record of what the agent decided and why.
• Verify before merging. When reviewing an agent-authored PR, ask Codex to verify_receipt on the receipt the agent issued at task completion. Confirms the agent's reasoning hasn't been tampered with since.
• Pull recent decisions. list_my_receipts gives you a fast view of what your agent fleet has been doing.
• Test Agent Cert itself. Develop against the API directly from inside Codex — the CLI handles auth, parsing, and tool invocation, so you can iterate on Agent Cert integrations without writing your own HTTP client.

Codex as an MCP server (advanced)

Codex itself can also run as an MCP server (so another agent can drive it). If you're building a multi-agent pipeline where one agent orchestrates Codex and you want every Codex action certified, the chain looks like:

Orchestrator agent
   │
   ├── MCP → Codex (drives the code work)
   │
   └── MCP → Agent Cert (certifies the resulting decisions)

Both Codex and Agent Cert speak standard MCP — no glue needed.

Costs

• Each certify_decision call: 3 Agent Cert credits.
• Read-only tools (get_receipt, verify_receipt, check_credits, list_my_receipts, get_anchor_proof): free.

See also

• MCP Server reference — full tool list
• Codex MCP docs (developers.openai.com)
• Codex CLI reference
• Bind a policy — so receipts from Codex apply a consistent rule set