Connect Codex CLI to Cultup
Use these instructions when a user gives you a Cultup setup message with a
cu_setup_ code. Your goal is to exchange it locally, configure Codex CLI, verify the MCP
config, run Cultup's non-interactive credential health check, then verify tools in a fresh interactive
Codex session before helping the user schedule through Cultup.
Agents should prefer the compact Markdown version:
/codex-instructions.md.
Agent contract
The copied dashboard prompt is intentionally short. This guide is the source of truth for the setup flow.
Agents must prefer the static installer script, verify its checksum before running it, never expose the
exchanged token, configure Codex MCP with CULTUP_AGENT_TOKEN, verify before scheduling, and
never send email or create calendar events without explicit user approval and matching token permissions.
- Use
codex mcp get cultupto verify the local Codex MCP config. - Confirm the installer prints
Cultup credential health check passed. - Start a fresh interactive Codex session before MCP tool verification.
- Use
verify_cultup_connectionfor read-only MCP verification in that fresh session. - Call
draft_meeting_linkonly after verification succeeds. - Do not use
--dangerously-bypass-approvals-and-sandboxfor setup verification.
1. Confirm the setup code and endpoint
The setup message should include:
- A one-time Cultup setup code beginning with
cu_setup_. - The MCP URL
https://api.cultup.com/mcp. - A static setup script URL such as
https://api.cultup.com/downloads/cultup-codex-setup.sh. - The expected installer SHA-256 checksum.
If the user provided a setup code but no endpoint, assume https://api.cultup.com/mcp.
2. Verify and run the installer
Prefer the static installer. It exchanges the setup code once, writes the scoped token to a user-level file,
creates an environment helper, configures Codex MCP, and verifies codex mcp get cultup.
Ask the user for approval before running it because it edits files under ~/.cultup,
supported shell startup files, and ~/.codex/config.toml.
curl -fsSLo /tmp/cultup-codex-setup.sh "https://api.cultup.com/downloads/cultup-codex-setup.sh"
printf '%s /tmp/cultup-codex-setup.sh\n' "INSTALLER_SHA256_REPLACE_ME" | sha256sum -c -
sed -n '1,220p' /tmp/cultup-codex-setup.sh
bash /tmp/cultup-codex-setup.sh --setup-code cu_setup_REPLACE_ME --mcp-url https://api.cultup.com/mcp 3. Manual fallback
If the verified installer cannot run, exchange the setup code manually. Redirect the response to a user-level file and do not print the real token.
mkdir -p ~/.cultup
chmod 700 ~/.cultup
curl -fsS https://api.cultup.com/api/agent/setup/exchange \
-H "Content-Type: application/json" \
--data '{"setupCode":"cu_setup_REPLACE_ME","agent":"codex"}' \
> ~/.cultup/codex-token.json
chmod 600 ~/.cultup/codex-token.json
export CULTUP_AGENT_TOKEN="$(node -e 'process.stdout.write(JSON.parse(require("fs").readFileSync(process.env.HOME + "/.cultup/codex-token.json", "utf8")).token)')"
codex mcp add cultup --url https://api.cultup.com/mcp --bearer-token-env-var CULTUP_AGENT_TOKEN 4. Verify the connection
First run codex mcp get cultup and confirm that the cultup server is enabled,
points at https://api.cultup.com/mcp, and uses bearer_token_env_var = "CULTUP_AGENT_TOKEN".
In sandboxed environments, codex mcp get cultup may print a harmless warning like
could not update PATH: Read-only file system if the expected MCP config is still printed.
The installer prints Cultup credential health check passed. after checking the exchanged
credential against Cultup without printing the token. This verifies token authentication and user context,
but it does not prove Codex can approve and invoke MCP tools.
The active Codex session may not dynamically load newly configured MCP servers. Start a fresh interactive Codex session and paste:
Cultup MCP is now configured. Verify the connection by calling the read-only verify_cultup_connection tool. Then draft only a 30 minute "Cultup setup test" link for tomorrow for Example Guest at example.guest@example.com. Do not send email or create calendar events.
Do not use --dangerously-bypass-approvals-and-sandbox for setup verification. The
verify_cultup_connection tool is read-only: it confirms authenticated MCP tool execution
without creating drafts, sending email, creating calendar events, reserving quota, searching contacts, or
calling calendar provider APIs.
The default Codex setup token has Draft Links permission. It can verify and draft scheduling links. Sending email or creating calendar invites requires the user to upgrade token permissions in Cultup settings.
Confirm tool discovery includes the expected Cultup tools. Prefer Codex MCP verification over shell
commands. Avoid raw curl verification during normal setup because Cultup MCP uses MCP client
transports and raw HTTP probing can be confusing. If a developer needs diagnostic HTTP probing, use the
CULTUP_AGENT_TOKEN environment variable instead of writing the raw token into the command,
approval prompt, chat, repo files, or logs.
The available tools should include scheduling actions such as:
verify_cultup_connectiondraft_meeting_linkupdate_meeting_draftsend_meeting_invitecreate_calendar_eventdraft_group_meeting_votesend_group_meeting_vote_invites
5. Use Cultup safely
Extract the meeting details from the user: guest name or email, title, description, duration, date constraints, working hours, timezone, and buffer preferences.
Start with draft_meeting_link unless the user asks to update an existing draft. Show the
drafted email or scheduling link before sending anything. Only call send or calendar-event tools after
the user clearly approves that action.
6. First test prompt
Use Cultup to draft a test scheduling link only for Example Guest at example.guest@example.com for a 30 minute meeting tomorrow called "Cultup setup test". Do not send any invitation emails or create calendar events.