Codex · Part 9

Codex — Part 9 — Connecting External Tools with MCP

MCP lets Codex read and act on systems outside your local filesystem, shared across the desktop app, CLI, and IDE extension through the same config.toml.

Quick idea: MCP connects Codex to third-party documentation and tools like browsers or issue trackers, and the same configuration is shared across the desktop app, CLI, and IDE extension automatically.
MCP Server

A connector between Codex and one external system: a tracker, a database, an API.

codex mcp add

Registers a stdio server directly from the command line, writing correct TOML for you.

codex mcp list

Shows every configured server and its status.

Introduction

Every post so far in this series has worked with what is already on your machine. MCP is the mechanism that extends Codex past the local filesystem, to a ticket tracker, a browser, a design tool, or an internal API. This is the last post in this series before the daily-ops use cases begin, the same closing point the Claude Code series reached in its own Part 9.

What Is MCP?

Model Context Protocol connects models to tools and context. It is the same open standard covered in the Claude Code series, so a server built for one tool generally works for the other. In Codex specifically, the same MCP configuration is shared seamlessly across the desktop app, the CLI, and the IDE extension, since they all read from the same config.toml.

Adding a Server

A local, process-based server is registered directly from the command line.

# Add a local stdio server
codex mcp add context7 -- npx -y @upstash/context7-mcp

# Add a stdio server with environment variables
codex mcp add my-server --env API_KEY=your-key -- npx -y some-mcp-server
Important: Everything after -- is passed straight through as the server’s own command and arguments. codex mcp add writes syntactically correct TOML for you, which is worth using for the initial add even if you plan to hand-edit the entry afterward.

Remote HTTP servers are configured directly in config.toml instead, since they need a url rather than a local command.

# %USERPROFILE%\.codex\config.toml
[mcp_servers.notion]
url = "https://mcp.notion.com/mcp"
auth = "oauth"

Configuration Structure

Field Applies To Purpose
command, args, env, cwdStdio serversThe local process to run and its environment
url, auth, bearer_token_env_varHTTP serversThe remote endpoint and how to authenticate to it
enabled, requiredBothWhether the server loads at all, and whether Codex should fail if it cannot connect
enabled_tools, disabled_toolsBothNarrows which tools from the server are actually exposed
startup_timeout_sec, tool_timeout_secBothHow long Codex waits before giving up on connection or a tool call

Transport is inferred from which fields are present, a command means stdio, a url means HTTP. There is no separate transport key to set by hand.

Checking Status

# List every configured server
codex mcp list

# Authenticate an OAuth-based remote server
codex mcp login notion

# Inside a session: list configured MCP tools
/mcp
Production note: Verify you trust a server before connecting it, the same rule as the Claude Code series. A server that fetches external content can expose you to prompt injection risk regardless of which agent tool it is connected to.

Final Thoughts

That closes the foundations part of this series, and it lands in almost exactly the same place the Claude Code series did: installed, a real project running, AGENTS.md carrying standing rules, a Skill for repeatable procedures, subagents for noisy parallel work, an approval and sandbox model actually understood rather than guessed at, a troubleshooting reference, and now MCP for reaching outside the local machine.

The two tools differ in plenty of specifics covered across this series, AGENTS.md’s byte limit versus CLAUDE.md’s line guideline, parallel TOML-defined subagents versus a single delegated worker, sandbox and approval as two independent layers versus a tiered allow/ask/deny system. The underlying shape, and the reason either is worth an IT engineer’s time, is identical.

Key takeaway: Reach for MCP the moment you catch yourself copying data into chat by hand. Use codex mcp add for the initial setup of a local server, and verify you trust a server before connecting it, since the prompt injection risk applies here the same as anywhere else.
Next in this series

With the foundations in place, the series moves on to real daily-ops use cases: writing and debugging scripts, triaging logs and event IDs, and building the first hands-on project.