Codex reads its MCP config from ~/.codex/config.toml — one file, every project on the machine.
Register AgentValet once and every Codex run on this laptop is governed: scoped credentials, audit log,
no .env exports per repo.
The AgentValet CLI signs you in via your browser, generates an RS256 keypair, registers your
Codex session as an agent, and writes the MCP entry to ~/.codex/config.toml.
Codex's config is global by design - so this single setup applies to every project on this machine.
# Anywhere on your machine npx @agentvalet/register # Browser opens. Sign in. Done. # The CLI writes: # ~/.codex/config.toml - global MCP entry # ./AGENTS.md - project-level governance notes
npx @agentvalet/register.codex normally. AgentValet shows up in the tool list any time the agent needs to call a platform. No keys in your shell - all calls proxied and logged.~/.codex/config.toml, you set this up once on a machine and every Codex session inherits it. No per-repo config to commit, no per-clone setup, no .gitignore dance.
The CLI is the recommended path. If you'd rather edit the TOML yourself, here's the equivalent block. You can also use codex mcp add agentvalet … from the Codex CLI:
[mcp_servers.agentvalet] command = "npx" args = ["-y", "@agentvalet/register", "mcp-server"]
You'll still want to run npx @agentvalet/register once so the CLI can store your agent's private key on this machine - the MCP server reads it at startup.
GITHUB_TOKEN or SLACK_TOKEN in your shell. AgentValet handles credential injection at call time.One command. The browser does the rest. Free to start, no credit card.