Skip to content

Improve Codex/Claude setup flow and installer reporting#82

Merged
KjellKod merged 10 commits intomainfrom
fix/codex-mcp-permission
Mar 30, 2026
Merged

Improve Codex/Claude setup flow and installer reporting#82
KjellKod merged 10 commits intomainfrom
fix/codex-mcp-permission

Conversation

@KjellKod
Copy link
Copy Markdown
Owner

@KjellKod KjellKod commented Mar 22, 2026
edited
Loading

Summary

  • fix Codex MCP permission matching so Claude Code stops prompting on every Codex tool call
  • improve Codex-led Claude bridge preflight so Quest surfaces auth and probe diagnostics instead of a generic false negative
  • add installer update summary output that lists the exact .quest_updated files requiring manual merge
  • keep the already-in-branch PR helper guidance and roadmap notes visible in one branch-level review

Changes

  • installer auto-adds mcp__codex-cli__* to ~/.claude/settings.json after Codex MCP registration and on reruns where MCP is already configured
  • setup docs clarify why Codex tools are named codex-cli and add Claude bridge guidance for claude auth login, claude auth status, and rerunning preflight outside a restricted sandbox when auth visibility looks stale
  • scripts/quest_preflight.sh records visible Claude auth state, exposes probe diagnostics, and emits better remediation text for Codex-led Claude bridge failures
  • .skills/quest/SKILL.md pauses on second-model preflight failure and gives the user explicit choices: fix it now, continue single-model, or cancel
  • scripts/quest_installer.sh now prints the exact .quest_updated files created during an update instead of a generic reminder
  • existing branch improvements to PR helper skills and roadmap notes remain included

Test plan

  • Run installer with Codex MCP already registered and verify permission is added
  • Run installer fresh and verify MCP registration plus permission addition
  • Run a quest with Codex delegation and verify no Codex MCP permission prompts
  • Run ./scripts/quest_preflight.sh --orchestrator codex after Claude browser login and verify available: true
  • Verify the preflight remediation text now points users to claude auth login, claude auth status, and restricted-sandbox troubleshooting when Claude bridge setup still looks unavailable
  • Review the installer diff and verify the update summary now enumerates created .quest_updated files

🤖 Generated with Claude Code

@KjellKod KjellKod marked this pull request as ready for review March 23, 2026 06:02
@KjellKod KjellKod temporarily deployed to codex-ci-review March 23, 2026 06:02 — with GitHub Actions Inactive
github-actions[bot]
github-actions bot reviewed Mar 23, 2026
View reviewed changes
github-actions[bot]
github-actions bot reviewed Mar 23, 2026
View reviewed changes
github-actions[bot]
github-actions bot reviewed Mar 23, 2026
View reviewed changes
@KjellKod KjellKod temporarily deployed to codex-ci-review March 24, 2026 18:05 — with GitHub Actions Inactive
@KjellKod KjellKod temporarily deployed to codex-ci-review March 29, 2026 20:52 — with GitHub Actions Inactive
github-actions[bot]
github-actions bot reviewed Mar 29, 2026
View reviewed changes
@KjellKod KjellKod changed the title Fix Codex MCP permission prompt on every tool call Improve Codex/Claude setup flow and installer reporting Mar 29, 2026
KjellKod and others added 9 commits March 29, 2026 16:33
@KjellKod
Add multi-model fail-closed policy and runtime selection roadmap
5cd52bd 
Extend dual-model planning with explicit fail-closed requirement
when operator policy mandates multi-model execution. Add runtime
selection truth gate to canonicalization roadmap (item 4.5).

Quest/Co-Authored by Claude Opus 4.6, Codex in Collaboration with KjellKod
@KjellKod
Fix Codex MCP permission prompt by adding mcp__codex-cli__* to allow …
a78a1ec 
…list

The MCP server self-identifies as codex-cli, so tool names are
mcp__codex-cli__codex, not mcp__codex__codex. Without the correct
permission entry, Claude Code prompts for approval on every call.

Installer now auto-adds the permission after MCP registration.
Setup docs updated with manual instructions and explanation.

Quest/Co-Authored by Claude Opus 4.6, Codex in Collaboration with KjellKod
@KjellKod
Add shell command hygiene rule to AGENTS.md
d77c532 
Permission prefixes like ["gh","api"] only match direct invocations.
Wrapping gh commands in bash -lc defeats prefix matching and causes
repeated permission prompts during quest orchestration.

Quest/Co-Authored by Claude Opus 4.6, Codex in Collaboration with KjellKod
@KjellKod
Revert "Add shell command hygiene rule to AGENTS.md"
c067a98 
This reverts commit 6847346.
@KjellKod
Add direct gh invocation guidance to pr-shepherd and pr-assistant skills
131f94c 
Permission prefixes like ["gh","pr"] only match when gh is the
top-level command. Wrapping in bash -lc defeats prefix matching
and causes repeated permission prompts during orchestration.

Quest/Co-Authored by Claude Opus 4.6, Codex in Collaboration with KjellKod
@KjellKod
Improve Claude bridge preflight remediation
a02e2c4
@KjellKod
adding ideas
a486a27
@KjellKod @claude
Add preflight cache for Codex-led Claude bridge probes
5167df8 
Cache successful host Claude bridge probes so later quest starts in
sandboxed Codex sessions can reuse them without repeating browser-login
auth. Cache fallback is guarded: only auth-related failures (logged out,
"Not logged in", timeout) trigger cache use — real bridge breakage
stays visible. Also refines co-author trailer format to use standard
Co-Authored-By lines, one per model that actually participated.

Quest/Co-Authored by
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
in collaboration with KjellKod <kjell.hedstrom@gmail.com>
@KjellKod @codex
List created .quest_updated files in installer summary
41f61d1 
Quest/Co-Authored by
Co-Authored-By: Codex <noreply@openai.com>
in collaboration with KjellKod <kjell.hedstrom@gmail.com>
@KjellKod KjellKod force-pushed the fix/codex-mcp-permission branch from 0dd06f2 to 41f61d1 Compare March 29, 2026 22:36
@KjellKod KjellKod temporarily deployed to codex-ci-review March 29, 2026 22:36 — with GitHub Actions Inactive
github-actions[bot]
github-actions bot reviewed Mar 29, 2026
View reviewed changes
@KjellKod @claude
Sanitize preflight cache TTL against non-numeric env input
f8e2b26 
QUEST_PREFLIGHT_CACHE_TTL_SECONDS is a user override. If set to a
non-numeric value (e.g. CI/env typo), the numeric comparison in
write_success_cache would error under set -e, causing a hard preflight
failure. Fall back to the default 43200 on invalid input.

Quest/Co-Authored by
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
in collaboration with KjellKod <kjell.hedstrom@gmail.com>
@KjellKod KjellKod deployed to codex-ci-review March 30, 2026 02:36 — with GitHub Actions Active
@KjellKod KjellKod merged commit 7c82c58 into main Mar 30, 2026
6 checks passed
@KjellKod KjellKod deleted the fix/codex-mcp-permission branch March 30, 2026 02:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@KjellKod