cc-plugin-codex 0.1.4__tar.gz → 0.2.0__tar.gz

{cc_plugin_codex-0.1.4 → cc_plugin_codex-0.2.0}/.agents/plugins/marketplace.json

@@ -8,7 +8,7 @@
       "name": "cc-plugin-codex",
       "source": {
         "source": "local",
-        "path": "./"
+        "path": "./plugins/cc-plugin-codex"
       },
       "policy": {
         "installation": "AVAILABLE",

cc_plugin_codex-0.2.0/.codex-plugin/plugin.json

@@ -0,0 +1,24 @@
+{
+  "name": "cc-plugin-codex",
+  "version": "0.2.0",
+  "description": "Call Claude Code from Codex for bounded, independent code review and second opinions",
+  "author": { "name": "Brian Connelly", "url": "https://github.com/briandconnelly" },
+  "repository": "https://github.com/briandconnelly/cc-plugin-codex",
+  "license": "MIT",
+  "keywords": ["claude", "code-review", "collaboration", "mcp"],
+  "skills": "./skills/",
+  "mcpServers": "./.mcp.json",
+  "interface": {
+    "displayName": "Claude Code (for Codex)",
+    "shortDescription": "Ask Claude Code to review and critique your work.",
+    "longDescription": "cc-plugin-codex lets Codex call the Claude Code CLI for bounded, independent critique — code review, adversarial review, and second opinions — with read-only safety and structured findings.",
+    "developerName": "Brian Connelly",
+    "category": "Developer Tools",
+    "capabilities": ["MCP", "Skills"],
+    "defaultPrompt": [
+      "Ask Claude to review my current diff.",
+      "Have Claude attack this plan for weaknesses.",
+      "Get an independent second opinion from Claude."
+    ]
+  }
+}

cc_plugin_codex-0.2.0/.github/dependabot.yml

@@ -0,0 +1,11 @@
+version: 2
+
+updates:
+  - package-ecosystem: "uv"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"

cc_plugin_codex-0.2.0/.github/workflows/ci.yml

@@ -0,0 +1,120 @@
+name: CI
+
+on:
+  pull_request:
+  push:
+    branches: ["main"]
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ci-${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  test:
+    uses: ./.github/workflows/test.yml
+
+  release-lockstep:
+    name: Release lockstep
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v6
+
+      - name: Validate release metadata consistency
+        run: |
+          set -euo pipefail
+
+          version="$(sed -n 's/^version = "\(.*\)"/\1/p' pyproject.toml)"
+          tag="v${version}"
+
+          if [[ ! "$version" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+            echo "pyproject.toml version must be X.Y.Z; got ${version}" >&2
+            exit 1
+          fi
+
+          grep -Fq "\"version\": \"${version}\"" .codex-plugin/plugin.json
+          grep -Fq "@${tag}" .mcp.json
+          grep -Fq "cc-plugin-codex==${version}" README.md
+          grep -Fq "## ${version} -" CHANGELOG.md
+
+  package:
+    name: Package checks
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v6
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v8.2.0
+        with:
+          enable-cache: true
+          cache-dependency-glob: uv.lock
+
+      - name: Set up Python
+        uses: actions/setup-python@v6
+        with:
+          python-version: "3.12"
+
+      - name: Sync dependencies
+        run: uv sync --locked --python 3.12 --group dev
+
+      - name: Build distributions
+        run: uv build --no-sources
+
+      - name: Check distributions
+        run: uvx twine check dist/*
+
+      - name: Smoke test installed wheel
+        run: |
+          set -euo pipefail
+
+          python -m venv .smoke
+          .smoke/bin/python -m pip install --upgrade pip
+          .smoke/bin/python -m pip install dist/cc_plugin_codex-*.whl
+          .smoke/bin/python - <<'PY'
+          from importlib.metadata import distribution
+
+          import cc_plugin_codex
+
+          dist = distribution("cc-plugin-codex")
+          scripts = [
+              ep
+              for ep in dist.entry_points
+              if ep.group == "console_scripts" and ep.name == "cc-plugin-codex-mcp"
+          ]
+
+          assert cc_plugin_codex.__version__ == dist.version
+          assert scripts, "cc-plugin-codex-mcp console script is missing"
+          scripts[0].load()
+          PY
+
+  live-integration:
+    name: Live Claude integration
+    if: github.event_name == 'workflow_dispatch'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v6
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v8.2.0
+        with:
+          enable-cache: true
+          cache-dependency-glob: uv.lock
+
+      - name: Set up Python
+        uses: actions/setup-python@v6
+        with:
+          python-version: "3.12"
+
+      - name: Sync dependencies
+        run: uv sync --locked --group dev
+
+      - name: Run integration tests
+        env:
+          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
+        run: uv run pytest -m integration --no-cov

cc_plugin_codex-0.2.0/.github/workflows/publish.yml

@@ -0,0 +1,177 @@
+name: Publish
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: Version to release, with or without leading v
+        required: true
+        type: string
+  push:
+    tags: ["v*.*.*"]
+
+permissions:
+  contents: read
+
+concurrency:
+  group: publish-${{ github.ref_name }}-${{ inputs.version }}
+  cancel-in-progress: false
+
+jobs:
+  release-metadata:
+    name: Validate release metadata
+    runs-on: ubuntu-latest
+    outputs:
+      tag: ${{ steps.metadata.outputs.tag }}
+      version: ${{ steps.metadata.outputs.version }}
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+
+      - name: Validate version references
+        id: metadata
+        env:
+          EVENT_NAME: ${{ github.event_name }}
+          INPUT_VERSION: ${{ inputs.version }}
+          REF_NAME: ${{ github.ref_name }}
+          GITHUB_REF: ${{ github.ref }}
+        run: |
+          set -euo pipefail
+
+          if [[ "$EVENT_NAME" == "workflow_dispatch" ]]; then
+            if [[ "$GITHUB_REF" != "refs/heads/main" ]]; then
+              echo "Manual releases must run from main; got $GITHUB_REF" >&2
+              exit 1
+            fi
+            version="${INPUT_VERSION#v}"
+            tag="v${version}"
+            if git ls-remote --exit-code --tags origin "refs/tags/${tag}" >/dev/null 2>&1; then
+              echo "Tag ${tag} already exists" >&2
+              exit 1
+            fi
+          else
+            tag="$REF_NAME"
+            version="${tag#v}"
+          fi
+
+          if [[ ! "$version" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+            echo "Version must be X.Y.Z; got ${version}" >&2
+            exit 1
+          fi
+
+          grep -Fq "version = \"${version}\"" pyproject.toml
+          grep -Fq "\"version\": \"${version}\"" .codex-plugin/plugin.json
+          grep -Fq "@${tag}" .mcp.json
+          grep -Fq "cc-plugin-codex==${version}" README.md
+          grep -Fq "## ${version} -" CHANGELOG.md
+
+          {
+            echo "tag=${tag}"
+            echo "version=${version}"
+          } >> "$GITHUB_OUTPUT"
+
+  test:
+    needs: release-metadata
+    uses: ./.github/workflows/test.yml
+
+  build:
+    name: Build distributions
+    needs: test
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v6
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v8.2.0
+        with:
+          enable-cache: true
+          cache-dependency-glob: uv.lock
+
+      - name: Set up Python
+        uses: actions/setup-python@v6
+        with:
+          python-version: "3.12"
+
+      - name: Build distributions
+        run: uv build --no-sources
+
+      - name: Check distributions
+        run: uvx twine check dist/*
+
+      - name: Upload distributions
+        uses: actions/upload-artifact@v7
+        with:
+          name: python-package-distributions
+          path: dist/*
+          if-no-files-found: error
+
+  publish:
+    name: Publish to PyPI
+    needs: build
+    runs-on: ubuntu-latest
+    environment: pypi
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - name: Download distributions
+        uses: actions/download-artifact@v8
+        with:
+          name: python-package-distributions
+          path: dist/
+
+      - name: Publish distributions
+        uses: pypa/gh-action-pypi-publish@release/v1
+
+  github-release:
+    name: Create GitHub Release
+    needs: [release-metadata, publish]
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+
+      - name: Download distributions
+        uses: actions/download-artifact@v8
+        with:
+          name: python-package-distributions
+          path: dist/
+
+      - name: Create tag if needed
+        env:
+          TAG: ${{ needs.release-metadata.outputs.tag }}
+        run: |
+          set -euo pipefail
+
+          if git ls-remote --exit-code --tags origin "refs/tags/${TAG}" >/dev/null 2>&1; then
+            echo "Tag ${TAG} already exists."
+            exit 0
+          fi
+
+          git config user.name "github-actions[bot]"
+          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git tag -a "$TAG" -m "cc-plugin-codex ${TAG}" "$GITHUB_SHA"
+          git push origin "$TAG"
+
+      - name: Create release
+        env:
+          GH_TOKEN: ${{ github.token }}
+          TAG: ${{ needs.release-metadata.outputs.tag }}
+        run: |
+          set -euo pipefail
+
+          if gh release view "$TAG" >/dev/null 2>&1; then
+            echo "GitHub Release ${TAG} already exists."
+            exit 0
+          fi
+
+          gh release create "$TAG" dist/* \
+            --title "cc-plugin-codex ${TAG}" \
+            --notes "See CHANGELOG.md for release notes."

cc_plugin_codex-0.1.4/.github/workflows/ci.yml → cc_plugin_codex-0.2.0/.github/workflows/test.yml

@@ -1,10 +1,7 @@
-name: CI
+name: Test
 
 on:
-  pull_request:
-  push:
-    branches: ["main"]
-  workflow_dispatch:
+  workflow_call:
 
 permissions:
   contents: read
@@ -16,7 +13,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        python: ["3.11", "3.12", "3.13"]
+        python: ["3.11", "3.12", "3.13", "3.14"]
     steps:
       - name: Check out repository
         uses: actions/checkout@v6
@@ -47,29 +44,3 @@ jobs:
       - name: Test
         run: uv run pytest -q
 
-  live-integration:
-    name: Live Claude integration
-    if: github.event_name == 'workflow_dispatch'
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check out repository
-        uses: actions/checkout@v6
-
-      - name: Install uv
-        uses: astral-sh/setup-uv@v8.2.0
-        with:
-          enable-cache: true
-          cache-dependency-glob: uv.lock
-
-      - name: Set up Python
-        uses: actions/setup-python@v6
-        with:
-          python-version: "3.12"
-
-      - name: Sync dependencies
-        run: uv sync --locked --group dev
-
-      - name: Run integration tests
-        env:
-          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
-        run: uv run pytest -m integration --no-cov

cc_plugin_codex-0.2.0/.mcp.json

@@ -0,0 +1,21 @@
+{
+  "mcpServers": {
+    "cc-plugin-codex": {
+      "command": "uvx",
+      "args": [
+        "--from",
+        "git+https://github.com/briandconnelly/cc-plugin-codex.git@v0.2.0",
+        "cc-plugin-codex-mcp"
+      ],
+      "env_vars": [
+        "ANTHROPIC_API_KEY",
+        "CC_PLUGIN_CODEX_ACCESS",
+        "CC_PLUGIN_CODEX_CLAUDE_CONFIG",
+        "CC_PLUGIN_CODEX_EFFORT",
+        "CC_PLUGIN_CODEX_MAX_BUDGET_USD",
+        "CC_PLUGIN_CODEX_MODEL",
+        "CC_PLUGIN_CODEX_TIMEOUT_SECONDS"
+      ]
+    }
+  }
+}

{cc_plugin_codex-0.1.4 → cc_plugin_codex-0.2.0}/CHANGELOG.md

@@ -5,6 +5,19 @@ All notable changes to `cc-plugin-codex` will be documented in this file.
 This project uses pre-1.0 semantic versioning. Minor versions may change the
 agent-visible MCP surface; patch versions are reserved for compatible fixes.
 
+## 0.2.0 - 2026-06-06
+
+- Added prompt-injection guardrails that tell Claude to treat reviewed diffs,
+  evidence, context, and project files as untrusted data.
+- Promoted `--no-session-persistence` to a fail-closed Claude CLI contract flag
+  so sensitive review sessions are not silently persisted.
+- Added advisory detection for workspace Claude Code hook settings and surfaced
+  hook posture in status, dry-run, paid result metadata, and background jobs.
+- Clarified security documentation: the plugin withholds Bash/write tools, but
+  Claude Code hooks can run outside the tool allowlist unless `config_mode=bare`
+  is used.
+- Bumped the agent-visible schema fingerprint to `cc-plugin-codex/0.1/schema-13`.
+
 ## 0.1.4 - 2026-06-06
 
 - Added PyPI-facing package metadata, long description, project links, and

{cc_plugin_codex-0.1.4 → cc_plugin_codex-0.2.0}/COMPATIBILITY.md

@@ -37,13 +37,14 @@ guarantee:
 | Binary on PATH | `CLAUDE_BIN` | `claude_status.claude_found = false` | install Claude Code |
 | `-p --output-format json` (core) | `CORE_INVOCATION` | every call errors → `cli_contract_changed`; golden-envelope test | update `CORE_INVOCATION` + `normalize.py` |
 | `--no-chrome` (no interactive picker) ⚠️ | `ALWAYS_SEND_FLAGS` | `cli_contract_changed` at run time | update the constant |
+| `--no-session-persistence` (avoid storing review sessions on disk) ⚠️ | `ALWAYS_SEND_FLAGS` | `cli_contract_changed` | update the constant |
 | `--append-system-prompt` (critic guardrails) ⚠️ | `ALWAYS_SEND_FLAGS` | `cli_contract_changed` | update the constant; the prompt is `config.INDEPENDENT_CRITIC_PROMPT` |
 | `--max-budget-usd` (spend cap) ⚠️ | `ALWAYS_SEND_FLAGS` | `cli_contract_changed` | update the constant |
 | `--tools` (read-only / no-tool guarantee) ⚠️ | `ALWAYS_SEND_FLAGS` | `cli_contract_changed` | update the constant in `config.access_flags` |
 | `--strict-mcp-config` / `--mcp-config` (drop user MCP fleet) ⚠️ | `ALWAYS_SEND_FLAGS` | `cli_contract_changed` | update `config.config_mode_flags` |
 | `--setting-sources` / `--bare` (mode isolation) ⚠️ | `ALWAYS_SEND_FLAGS` | `cli_contract_changed` | update `config.config_mode_flags` |
 | `--effort` + accepted levels | `HELP_GATED_FLAGS`, `VALID_EFFORTS` | dropped with `compat_warnings`; a removed *level* → `cli_contract_changed` | update `VALID_EFFORTS` |
-| `--model`, `--disallowed-tools`, `--no-session-persistence` | `HELP_GATED_FLAGS` | dropped with `compat_warnings` | update the constant |
+| `--model`, `--disallowed-tools` | `HELP_GATED_FLAGS` | dropped with `compat_warnings` | update the constant |
 | JSON envelope keys (`is_error`, `subtype`, `result`, `total_cost_usd`, `usage.*`, `session_id`, `modelUsage`, `permission_denials`) | `ENVELOPE_KEYS`, `USAGE_KEYS`, `SUCCESS_SUBTYPES` | golden-envelope test (`tests/test_golden_envelope.py`); cost silently null if renamed | update `normalize.py` + the golden sample |
 | `claude --version` format (`MAJOR.MINOR.PATCH`) | `VERSION_ARGS`, `SUPPORTED_MAJORS` | `claude_status.version_supported = null` | adjust the regex in `config.version_supported` |
 | `claude auth status --text` exit code | `AUTH_STATUS_ARGS` | `claude_status.claude_authenticated = null` | update `claude.auth_status` |
@@ -81,7 +82,14 @@ When cutting a release, bump these **together**:
    agent-visible surface changed (tool names, input/output schemas, the
    `ErrorCode` set, the value enums, or the capability summary)
 4. the `@vX.Y.Z` ref in `.mcp.json`
-5. create and push the matching `vX.Y.Z` git tag
+
+After the release commit is on `main`, run the `Publish` GitHub Actions workflow
+manually with version `X.Y.Z`. The workflow validates the lockstep references,
+runs the test matrix, builds and checks the distributions, publishes to PyPI,
+then creates the matching `vX.Y.Z` git tag and GitHub Release.
+
+Pushing a matching `vX.Y.Z` tag manually is still supported as an escape hatch;
+it runs the same validation and publishing workflow.
 
 The `.mcp.json` ref and the git tag must match, or a bundled install fails to
 resolve.

{cc_plugin_codex-0.1.4 → cc_plugin_codex-0.2.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cc-plugin-codex
-Version: 0.1.4
+Version: 0.2.0
 Summary: Call Claude Code from Codex for bounded, independent code review and second opinions
 Project-URL: Homepage, https://github.com/briandconnelly/cc-plugin-codex
 Project-URL: Repository, https://github.com/briandconnelly/cc-plugin-codex
@@ -29,6 +29,10 @@ Description-Content-Type: text/markdown
 
 # cc-plugin-codex
 
+[![CI](https://github.com/briandconnelly/cc-plugin-codex/actions/workflows/ci.yml/badge.svg)](https://github.com/briandconnelly/cc-plugin-codex/actions/workflows/ci.yml)
+[![Python 3.11+](https://img.shields.io/badge/python-3.11%2B-blue.svg)](./pyproject.toml)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](./LICENSE)
+
 Ask Claude Code for an independent code review or second opinion, straight from Codex.
 
 `cc-plugin-codex` is review-only: Claude reviews, critiques, and advises. It does not edit
@@ -36,12 +40,20 @@ your code, run shell commands, or get write tools. It is the mirror image of
 [`openai/codex-plugin-cc`](https://github.com/openai/codex-plugin-cc), which lets Claude call
 Codex.
 
+## What it does
+
+- Lets Codex call the Claude Code CLI through MCP.
+- Sends Claude bounded context for reviews, critiques, and second opinions.
+- Returns structured findings Codex can summarize or act on.
+- Keeps Codex as the actor and Claude as a read-only reviewer.
+
 ## Quickstart
 
 You need:
 
 - Codex
 - the `claude` CLI, installed and authenticated
+- Python 3.11 or newer
 - `uvx`
 - `git`
 
@@ -68,18 +80,6 @@ Restart Codex after installing. Then ask Codex:
 `claude_status` is free. It checks whether the `claude` CLI is installed, authenticated, and
 compatible, and shows the defaults a paid call would use.
 
-## Distribution
-
-The Codex plugin install path is the primary user-facing path. The bundled MCP config pins the
-server to a versioned Git tag so installed users update deliberately.
-
-The Python package publishes the MCP server entry point for direct use and release provenance.
-After a PyPI release, the server can also be launched with:
-
-```sh
-uvx --from cc-plugin-codex==0.1.4 cc-plugin-codex-mcp
-```
-
 ## Use it
 
 Once `claude_status` reports `ready: true`, ask Codex in plain language:
@@ -96,6 +96,9 @@ Other useful prompts:
 - "Get an independent second opinion from Claude on this design."
 - "Start a background Claude review of this branch against main."
 
+Use this when you want a second model to look for bugs, regressions, missing tests, security
+issues, or weak assumptions before you merge or commit to a design.
+
 Codex uses the plugin skill to choose the right tool and arguments. Direct MCP calls are also
 available:
 
@@ -110,11 +113,13 @@ available:
 
 Diff review scopes are `working_tree`, `staged`, and `branch`.
 
+Review staged changes with a test-coverage focus:
+
 ```json
 claude_review_changes({
   "workspace_root": "/absolute/path/to/your/repo",
   "scope": "staged",
-  "focus": "security"
+  "focus": "tests"
 })
 ```
 
@@ -135,7 +140,9 @@ Poll with `claude_job_status`, then fetch the result with `claude_job_result`.
 - Paid tools run Claude and send code or prompts to Anthropic, billed through your existing
   `claude` login or `ANTHROPIC_API_KEY`.
 - Free tools only inspect local state, preflight a request, or manage background jobs.
-- Claude never receives write or Bash tools from this plugin.
+- Claude never receives write or Bash tools from this plugin. Claude Code hooks are not
+  tools and may run in `config_mode=inherit`/`scoped`; use `config_mode=bare` for
+  untrusted workspaces.
 - `access=toolless` is the default: Claude receives gathered context as text and cannot read
   more files. `access=readonly` lets Claude use `Read`, `Grep`, and `Glob` for extra context.
 - Secret redaction is best-effort defense in depth. Use `access=toolless` when a workspace may
@@ -148,6 +155,14 @@ Poll with `claude_job_status`, then fetch the result with `claude_job_result`.
 If a requested diff scope has no changes, the review tools return a passing result without
 invoking Claude.
 
+## Mental model
+
+Codex remains responsible for deciding what to do with Claude's feedback. Claude receives only
+the context the plugin provides, or read-only file access when you explicitly allow
+`access=readonly`. The plugin does not give Claude write tools, Bash tools, or permission to
+modify your workspace. In `inherit` and `scoped`, Claude Code may still load workspace hooks
+from `.claude/settings*.json`; those hooks execute outside the tool allowlist.
+
 ## Common knobs
 
 Every setting is optional. These are the knobs most users are likely to change:
@@ -166,8 +181,8 @@ Set these in the environment you launch Codex from. The bundled MCP config forwa
 cost, safety, model, timeout, and API-key variables to the server.
 
 `config_mode=inherit` uses your normal Claude environment without persisting a session.
-`scoped` drops user-global settings and user MCP servers but keeps `CLAUDE.md`. `bare` strips
-`CLAUDE.md`, memory, and hooks, and requires `ANTHROPIC_API_KEY`.
+`scoped` drops user-global settings and user MCP servers but keeps `CLAUDE.md` and workspace
+hooks. `bare` strips `CLAUDE.md`, memory, and hooks, and requires `ANTHROPIC_API_KEY`.
 
 ## Troubleshooting
 
@@ -184,6 +199,18 @@ Then:
 - If `config_mode=bare` fails, confirm `ANTHROPIC_API_KEY` is set in the environment that
   launches Codex.
 
+## Distribution
+
+The Codex plugin install path is the primary user-facing path. The bundled MCP config pins the
+server to a versioned Git tag so installed users update deliberately.
+
+The Python package publishes the MCP server entry point for direct use and release provenance.
+After a PyPI release, the server can also be launched with:
+
+```sh
+uvx --from cc-plugin-codex==0.2.0 cc-plugin-codex-mcp
+```
+
 ## Advanced reference
 
 Every tool returns a structured `ok`/`error` envelope. Paid results include usage metadata and