Stable

OpenAI Codex plugin

MCP plus skills for Codex CLI and IDE — same repository as this site.

Who this is for

Codex plugins bundle an MCP server and reusable skills. Use PrivateNote when Codex needs to create encrypted handoff links during agent workflows.

For secrets the agent must not see, use the VS Code extension in the Codex IDE instead of pasting credentials into chat.

Install in Codex

# One-liner
codex mcp add privatenote -- npx -y privatenote-mcp

# Or edit ~/.codex/config.toml:

# or edit the file directly
[mcp_servers.privatenote]
command = "npx"
args = ["-y", "privatenote-mcp"]
enabled = true

Trust model

Codex uses the same encryption boundary as every other integration: local encryption, ciphertext upload, key in the URL fragment.

For cryptographic primitives and the full architecture, see How it works and the end-to-end encryption guide linked below.

Encrypt locally

AES-256-GCM on your device — browser, editor, terminal, or MCP process.

Upload ciphertext

Only encrypted bytes and note metadata (expiry, burn-after-reading) reach the server.

Key in #fragment

The decryption key stays in the URL hash. Browsers do not send fragments in HTTP requests.

privatenote.ai/note/…#key

Full diagram on developer hub
  • Bundled plugin marketplace: .agents/plugins/marketplace.json in the repo.

  • Skills teach Codex when and how to call create_private_note.

  • Prefer the editor extension when the secret must not enter the model context.

Codex configuration

NameDescription
codex mcp addCLI helper to register the MCP server
[mcp_servers.privatenote]TOML block in ~/.codex/config.toml
privatenote-mcpnpm package run via npx
VS Code extensionUse in Codex IDE for secrets the agent never sees

Related integrations

OpenAI Codex plugin

MCP plus skills for Codex CLI and IDE — same repository as this site.