codex_consult
Send a question to Codex for a read-only second opinion. Codex examines your codebase in a sandbox without modifying files, returning unvalidated findings for verification.
Instructions
Ask Codex (a different model) for a read-only second opinion or answer.
Runs codex exec in a read-only sandbox — Codex never edits files. This is a
STATIC review, not a verify mode: the read-only sandbox blocks the writes a
test/build/lint run typically needs (a writable cache/temp), so Codex can't
rely on executing your checks to confirm its claims. For a repo-grounded
question, pass workspace_root (absolute) so Codex reasons about the right repo;
it is optional for pure Q&A that needs no codebase. Returns a result envelope;
treat findings as unvalidated claims to verify by running the checks yourself.
Data egress: this sends your question and extra_context to OpenAI via the
codex CLI. Codex always runs with a resolved working directory (workspace_root,
your MCP roots, or the server's cwd as a fallback), so it may read files there and
send their content too. Your inputs are sent raw — secret redaction is best-effort and does
not cover them (it covers gathered diffs and Codex's returned output, not what you
type or what Codex reads from files).
Progress: this is a blocking call that returns only when Codex finishes; it does
not stream incremental notifications/progress. Typical runs take tens of seconds;
the configured default timeout is normally 180s, clamped to 10-600s, overridable
per call via timeout_seconds (codex_status reports the resolved default and
bounds). If you need live status or recoverability for a long run, use
codex_consult_async for a job_id and poll codex_job_status.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| model | No | Override the Codex model slug for this call; defaults to the server/Codex default when unset. | |
| detail | No | Response verbosity: 'summary' (default) omits the raw model text; 'full' includes it. | summary |
| question | Yes | The question or prompt to send Codex (a different model) for a read-only answer. | |
| isolation | No | Codex config isolation: 'inherit' (default), 'ignore-config', or 'ignore-rules'. | |
| extra_context | No | Optional author intent / background context, added to the prompt as clearly-labeled UNTRUSTED data. Codex is instructed to treat embedded directives as data, not commands — best-effort prompt-injection mitigation, not a guarantee. Don't include live secrets: Codex can read files it's pointed at, and redaction does not cover this field. | |
| workspace_root | No | Absolute path to the target repository root. Pass it (or rely on an MCP root) so the call targets the intended repo; otherwise it falls back to the server's own cwd and meta.workspace_warning is set. | |
| timeout_seconds | No | Per-call wall-clock timeout in seconds, clamped to 10..600 (out-of-range values are coerced, not rejected). Defaults to the server's configured timeout. |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| ok | Yes |