Connect Codex CLI to Cultup

Use these instructions when a user gives you a Cultup setup message with a cu_setup_ code. Your goal is to exchange it locally, configure Codex CLI, verify the MCP config, run Cultup's non-interactive credential health check, then verify tools in a fresh interactive Codex session before helping the user schedule through Cultup.

Agents should prefer the compact Markdown version: /codex-instructions.md.

Agent contract

The copied dashboard prompt is intentionally short. This guide is the source of truth for the setup flow. Agents must prefer the static installer script, verify its checksum before running it, never expose the exchanged token, configure Codex MCP with CULTUP_AGENT_TOKEN, verify before scheduling, and never send email or create calendar events without explicit user approval and matching token permissions.

1. Confirm the setup code and endpoint

The setup message should include:

If the user provided a setup code but no endpoint, assume https://api.cultup.com/mcp.

2. Verify and run the installer

Prefer the static installer. It exchanges the setup code once, writes the scoped token to a user-level file, creates an environment helper, configures Codex MCP, and verifies codex mcp get cultup. Ask the user for approval before running it because it edits files under ~/.cultup, supported shell startup files, and ~/.codex/config.toml.

curl -fsSLo /tmp/cultup-codex-setup.sh "https://api.cultup.com/downloads/cultup-codex-setup.sh"
printf '%s  /tmp/cultup-codex-setup.sh\n' "INSTALLER_SHA256_REPLACE_ME" | sha256sum -c -
sed -n '1,220p' /tmp/cultup-codex-setup.sh
bash /tmp/cultup-codex-setup.sh --setup-code cu_setup_REPLACE_ME --mcp-url https://api.cultup.com/mcp

3. Manual fallback

If the verified installer cannot run, exchange the setup code manually. Redirect the response to a user-level file and do not print the real token.

mkdir -p ~/.cultup
chmod 700 ~/.cultup
curl -fsS https://api.cultup.com/api/agent/setup/exchange \
  -H "Content-Type: application/json" \
  --data '{"setupCode":"cu_setup_REPLACE_ME","agent":"codex"}' \
  > ~/.cultup/codex-token.json
chmod 600 ~/.cultup/codex-token.json
export CULTUP_AGENT_TOKEN="$(node -e 'process.stdout.write(JSON.parse(require("fs").readFileSync(process.env.HOME + "/.cultup/codex-token.json", "utf8")).token)')"
codex mcp add cultup --url https://api.cultup.com/mcp --bearer-token-env-var CULTUP_AGENT_TOKEN

4. Verify the connection

First run codex mcp get cultup and confirm that the cultup server is enabled, points at https://api.cultup.com/mcp, and uses bearer_token_env_var = "CULTUP_AGENT_TOKEN". In sandboxed environments, codex mcp get cultup may print a harmless warning like could not update PATH: Read-only file system if the expected MCP config is still printed.

The installer prints Cultup credential health check passed. after checking the exchanged credential against Cultup without printing the token. This verifies token authentication and user context, but it does not prove Codex can approve and invoke MCP tools.

The active Codex session may not dynamically load newly configured MCP servers. Start a fresh interactive Codex session and paste:

Cultup MCP is now configured. Verify the connection by calling the read-only verify_cultup_connection tool. Then draft only a 30 minute "Cultup setup test" link for tomorrow for Example Guest at example.guest@example.com. Do not send email or create calendar events.

Do not use --dangerously-bypass-approvals-and-sandbox for setup verification. The verify_cultup_connection tool is read-only: it confirms authenticated MCP tool execution without creating drafts, sending email, creating calendar events, reserving quota, searching contacts, or calling calendar provider APIs.

The default Codex setup token has Draft Links permission. It can verify and draft scheduling links. Sending email or creating calendar invites requires the user to upgrade token permissions in Cultup settings.

Confirm tool discovery includes the expected Cultup tools. Prefer Codex MCP verification over shell commands. Avoid raw curl verification during normal setup because Cultup MCP uses MCP client transports and raw HTTP probing can be confusing. If a developer needs diagnostic HTTP probing, use the CULTUP_AGENT_TOKEN environment variable instead of writing the raw token into the command, approval prompt, chat, repo files, or logs.

The available tools should include scheduling actions such as:

5. Use Cultup safely

Extract the meeting details from the user: guest name or email, title, description, duration, date constraints, working hours, timezone, and buffer preferences.

Start with draft_meeting_link unless the user asks to update an existing draft. Show the drafted email or scheduling link before sending anything. Only call send or calendar-event tools after the user clearly approves that action.

6. First test prompt

Use Cultup to draft a test scheduling link only for Example Guest at example.guest@example.com for a 30 minute meeting tomorrow called "Cultup setup test". Do not send any invitation emails or create calendar events.