workspace.json / Codex
Portable repository history that changes Codex’s plan before an evidenced risky edit lands.
@workspacejson/codex-mcp reads a local workspace.json and exposes it to OpenAI Codex as MCP tools plus a deterministic pre-edit hook — so Codex sees which files are fragile and which files co-change before it proposes an edit, not just when asked.
Three planes
Section titled “Three planes”| Plane | Role | Authority |
|---|---|---|
| Evidence | portable workspace.json history | descriptive |
| Action | MCP context + deterministic hook | mechanical enforcement on supported edits |
| Challenge | read-only GPT-5.6 reviewer | advisory |
The reviewer never controls the hook. A PASS verdict is not a safety certification.
Install
Section titled “Install”-
Run the managed installer from your repository root:
Terminal window npx @workspacejson/codex-mcp install --with-hook -
Restart Codex, then run
/mcpin the TUI to confirmworkspacejsonis connected. -
Ask Codex to edit a file your
workspace.jsonflags as fragile and watch the hook cite the evidence and any omitted co-change partner before the edit lands.
This installs MCP context, the deterministic pre-edit hook, and the read-only GPT-5.6 reviewer. It’s idempotent and scoped to the current repo’s .codex/ directory — it never touches ~/.codex. Remove everything it wrote with npx @workspacejson/codex-mcp uninstall.
Operational guarantees
Section titled “Operational guarantees”Six promises, each checkable against the source rather than taken on faith:
- Missing evidence never becomes a safety approval.
- Malformed evidence never crashes the edit loop.
- Reviewer output never controls deterministic enforcement.
- Installation never overwrites unmanaged configuration.
- Uninstall removes only owned artifacts.
- Every
VERIFIEDclaim maps to a reproducible command.
Reproduce them yourself: clone the repository, run npm ci && npm run verify. Full citations for each guarantee, and how the system behaves under missing, malformed, or unavailable input, are documented in the repository.
Current limitations
Section titled “Current limitations”- Enforcement currently covers Codex
apply_patch. - Other edit mechanisms may receive context without deterministic blocking.
fragile:falsemeans the file has no recorded fragility, not that it is verified safe.- Missing or malformed
workspace.jsonfails open with an explicit unavailable warning. - Stale evidence is not treated as proof of current risk.
- This does not replace tests, review, or repository instructions.