bjornmelin/codex-sdk
skills/codex-sdk/SKILL.md
Architect-level guidance, workflows, and scripts for building agentic coding systems with OpenAI Codex. Use for Codex SDK (@openai/codex-sdk) threads + streaming JSONL events; Codex CLI automation (codex exec, output schema, JSONL, resume); MCP server usage (codex mcp-server) and dynamic tool integration; multi-agent orchestration with OpenAI Agents SDK (handoffs, gating, tracing); durable state, caching, and memory using SQLite; safe-by-default sandbox/approval patterns and execpolicy rules.
$ install --global
skillsauthnpx skillsauth add bjornmelin/dev-skills codex-sdkInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 3, 2026, 8:11 PM385.3s28 files scanned
SKILL.md
- name:
- codex-sdk
- description:
- >-
Codex SDK + Codex CLI (master skill)
Build reliable, auditable, multi-step coding workflows that scale from a single run to multi-agent orchestration.
ExecPlans (durable planning)
For multi-hour work, keep intent durable across compaction/restarts using an ExecPlan:
- Contract:
references/execplans.md - Template + rules:
.agent/PLANS.md(usescripts/init_agent_workspace.pyto bootstrap a repo) - ExecPlan skeleton:
assets/templates/execplan.md(or generate a file withscripts/new_execplan.py)
Workflow decision tree
- Need a scriptable one-shot in CI or cron? → use
codex exec(references/codex-cli-exec.md) - Need a server-side app controlling Codex programmatically? → use
@openai/codex-sdk(references/codex-sdk-typescript.md) - Need multi-agent orchestration or dynamic tools? → run
codex mcp-serverand orchestrate via OpenAI Agents SDK (references/mcp-and-agents-sdk.md) - Need durability across runs (memory, caching, resumable state)? → persist run metadata and event logs in SQLite (
references/state-memory-sqlite.md)
Default workflow (safe + production-friendly)
- Inventory inputs (repo root, diffs, failing commands, constraints).
- Choose sandbox + approvals (least privilege; default to read-only).
- Plan in explicit steps (short, verifiable; include stop conditions).
- Use structured outputs (JSON Schema) and validate before acting.
- Record an audit trail (JSONL events → SQLite).
- Verify (re-run tests/lint/format; stop).
Durable state and “memory” (SQLite)
SQLite is the simplest reliable substrate for:
- recording every
codex exec --jsonevent as an immutable audit log - indexing runs by repo, branch, and purpose
- storing
threadIdso runs can resume deterministically - caching expensive analysis artifacts (diff summaries, inventories, dependency graphs)
Use the bundled scripts
- Initialize a DB:
python3 scripts/codex_jsonl_to_sqlite.py --db codex-runs.sqlite --init
- Ingest a JSONL run:
codex exec --json "<prompt>" | python3 scripts/codex_jsonl_to_sqlite.py --db codex-runs.sqlite --run-label "ci-autofix"
- Summarize runs:
python3 scripts/codex_sqlite_report.py --db codex-runs.sqlite --latest
Multi-agent orchestration (recommended shape)
Use:
- a single orchestrator responsible for gating and artifact checks
- multiple scoped worker agents with strict deliverables
- structured outputs at boundaries (handoff payloads, review findings, test results)
- traces/telemetry to debug and tune
Details: references/mcp-and-agents-sdk.md
Safety and policy
Prefer:
- analysis-only:
sandbox: read-only,approval-policy: never - controlled edits:
sandbox: workspace-write,approval-policy: on-request/on-failure - block risky commands with
execpolicyrules (references/safety-and-execpolicy.md)
Resources
references/
references/codex-sdk-typescript.md– SDK patterns (threads, streaming, schemas)references/codex-cli-exec.md– CLI patterns (JSONL, schema files, resume)references/mcp-and-agents-sdk.md– Codex as MCP server + multi-agent orchestrationreferences/agents-sdk-consistent-workflows.md– gated handoffs + traces with Codex MCP + Agents SDKreferences/execplans.md– ExecPlans for long-running work across compactionreferences/state-memory-sqlite.md– SQLite schema + memory/caching patternsreferences/safety-and-execpolicy.md– sandboxing, approvals, prompt-injection defensesreferences/codex-config-knobs.md– config keys and feature flags that matterreferences/orchestration-patterns.md– planner/executor/verifier and orchestrator/worker patternsreferences/rag-and-memory.md– SQLite-first shared memory and RAG guidancereferences/context-personalization.md– state + memory notes personalization patterns (Agents SDK)
scripts/
scripts/codex_jsonl_to_sqlite.py– ingest Codex JSONL into SQLitescripts/codex_sqlite_report.py– summarize runs from SQLitescripts/init_agent_workspace.py– create.agent/AGENTS.md+.agent/PLANS.mdfrom templatesscripts/new_execplan.py– generateexecplans/execplan-*.mdfrom the ExecPlan template
assets/
assets/templates/– copy/paste templates (ExecPlan, prompts, schemas)assets/templates/agents-sdk/– Agents SDK starter snippets (MCP stdio, sessions, personalization)
Related Skills
bjornmelin/kimi-ui-advisor
tools
VerifiedTrustedCommunity
Explicit-only Kimi Code CLI frontend/UI advisor for UI audits, redesigns, components, screenshots, before/after comparison, layout, styling, accessibility, responsive behavior, and visual polish. Use only when the user explicitly invokes `$kimi-ui-advisor` and wants Codex to ask Kimi for structured UI suggestions, then review, apply, and verify them in the repo.
2SKILL.mdUpdated May 28, 2026
bjornmelin/autoreview
development
VerifiedTrustedCommunity
Run a Codex-only structured code review closeout for local, branch, or commit diffs. Use when the user asks for autoreview, Codex review, structured closeout review, final review before commit/ship, or review after non-trivial code edits.
2SKILL.mdUpdated May 28, 2026
bjornmelin/firecrawl
tools
VerifiedTrustedCommunity
Use this skill for Firecrawl CLI web work: web search, URL scraping, site mapping, crawling, structured extraction, page interaction, monitoring changes, offline site download via x download, and parsing local documents such as PDF, DOCX, XLSX, HTML, DOC, ODT, or RTF. Trigger for requests to search the web, look up current info, fetch/read/scrape a URL, extract website data, crawl docs, click/fill/login/paginate a page, monitor page changes, save a site offline, or parse a document. Do not trigger for generic local file reads/edits, git/deploy/code tasks, or Firecrawl app integration work.
2SKILL.mdUpdated May 26, 2026
bjornmelin/sentry-triage-to-pr
tools
VerifiedTrustedCommunity
Triage unresolved Sentry issues into ranked groups, GitHub issue plans, branches, subspawn worktree assignments, PRs, and closeout loops using the sentry CLI, GitHub CLI, and local verification. Use when asked to prioritize Sentry backlogs, group production issues, create GitHub issues or PRs from Sentry evidence, or parallelize Sentry fixes.
2SKILL.mdUpdated May 14, 2026