Integrate Unleash with OpenAI Codex
The Unleash MCP server connects OpenAI Codex to your Unleash instance, enabling AI-assisted feature flag management. You can evaluate code changes, create flags, generate wrapping code, manage rollouts, and clean up flags from within Codex.
Codex supports MCP across two local interfaces that share the same configuration file:
- Codex CLI — The open-source terminal agent, installed with npm or Homebrew
- Codex IDE extension — The editor integration for VS Code and compatible editors
Codex governs the agent while it writes code, through an operating-system sandbox and an approval prompt that appears before each action, including every MCP tool call. Feature flags govern the code after it ships, through progressive rollout and instant rollback. The two work together: Codex keeps a human in the loop at authoring time, and Unleash keeps the release under control at runtime.
This guide covers the local Unleash MCP server, a stdio process that runs in the Codex CLI and IDE extension. It is the simplest setup and the focus of this page.
Unleash also offers a remote MCP server (Streamable HTTP, available on Enterprise plans), which matters for Codex cloud agents that run in a network-isolated sandbox that cannot run a local stdio server. Codex can connect to a remote HTTP MCP server. Remember to enable internet access for the environment and add your Unleash host to the allowlist for both read and write methods (GET, POST, PATCH, DELETE) so flag changes work too.
If you are not using cloud tasks, create and wrap flags locally with the setup below, then let cloud-delegated pull requests ship behind those flags.
Prerequisites
Before you begin, make sure you have the following:
- Node.js 18 or later: The MCP server is distributed as an npm package
- Codex: The CLI or the IDE extension, installed
- A signed-in Codex session: Run
codex loginand sign in with your ChatGPT account, or configure an API key - An Unleash instance: Cloud or self-hosted, with API access enabled
- A personal access token (PAT): With permissions to create and manage feature flags
You must sign in before the agent can call MCP tools. You can add the server and run codex mcp list before signing in, but the first tool call in an unauthenticated session fails with a 401 error. Run codex login first.
Install the MCP server
Codex stores its configuration in ~/.codex/config.toml. The CLI and the IDE extension read the same file, so you configure the server once.
Create a credentials file
Store your Unleash credentials in a centralized file and source it from your shell profile:
Add to your ~/.zshrc or ~/.bashrc:
Restart your terminal or run source ~/.zshrc to load the variables.
Add the server with the CLI
Run codex mcp add from your project root. This writes the server configuration to ~/.codex/config.toml:
Alternatively, edit ~/.codex/config.toml directly:
Codex uses TOML with a [mcp_servers.unleash] table (note the underscore in mcp_servers). The command is a string and args is an array. The env table holds literal values and does not perform ${VAR} expansion. To forward a variable from your shell instead, use the env_vars key (an array of names) rather than env.
You can also write env as a subtable, which is easier to read for several variables:
Verify the installation
Confirm the server is registered:
Then start a session and ask: “What Unleash MCP tools are available?” The agent lists every available tool. Codex prefixes MCP tool names with the server name, so the Unleash tools appear as unleash/evaluate_change, unleash/list_flags, and so on.
Approval and sandbox model
Codex enforces an authoring-time boundary through two independent controls. Understanding them explains how MCP tool calls behave.
The approval prompt
By default, Codex asks before it runs a tool. When the agent calls an Unleash tool, it shows you the tool name and its arguments, then waits:
For a write like create_flag or toggle_flag_environment, you see the flag name and target environment before anything happens. This is a genuine control, so keep the prompt on for writes and reserve “Always allow” for read-only tools.
The sandbox
Codex runs commands inside an operating-system sandbox: read-only, workspace-write (the default for interactive work, with network off), or danger-full-access. These map to the UI presets Read Only, Auto, and Full Access. The Unleash MCP server reaches your instance normally under the default workspace-write sandbox, so you do not need to weaken the sandbox to manage flags.
In non-interactive codex exec, the approval prompt cannot be shown, so MCP tool calls are auto-cancelled with the message user cancelled MCP tool call. There is currently no configuration that pre-approves an MCP server while keeping the sandbox (this is a known open issue).
For automation, run codex exec with --dangerously-bypass-approvals-and-sandbox inside an isolated runner with a tightly scoped PAT. For day-to-day flag work, use an interactive session and approve the prompts.
Tool reference
The Unleash MCP server exposes the following tools.
| Tool | Description | When to use |
|---|---|---|
evaluate_change | Analyzes a code change and determines whether it should be behind a feature flag. | Before implementing risky changes |
detect_flag | Searches for existing flags that match a description to prevent duplicates. | Before creating new flags |
create_flag | Creates a new feature flag with proper naming, typing, and metadata. | When no suitable flag exists |
wrap_change | Generates framework-specific code to guard a feature behind a flag. | After creating a flag |
list_projects | Lists Unleash projects available to the configured token, with optional pagination. | Discovering available projects |
list_flags | Lists feature flags in a project (active by default; set archived=true for archived flags). | Auditing flag inventory; discovering existing flags before creating new ones |
get_flag_state | Returns the current state, strategies, and metadata for a flag. | Debugging, status checks |
set_flag_rollout | Configures rollout percentages and activation strategies. | Gradual releases |
toggle_flag_environment | Enables or disables a flag in a specific environment. | Testing, staged rollouts |
remove_flag_strategy | Deletes a rollout strategy from a flag. | Simplifying flag configuration |
cleanup_flag | Returns file locations and instructions for removing a flag after rollout. | After full rollout |
Workflows
The Unleash MCP server supports these core workflows: evaluate and wrap code in feature flags, discover and audit flags, manage rollouts across environments, and clean up after rollout.
Evaluate and wrap code in feature flags
Use this workflow when implementing a change that might affect production stability, such as a payment integration, authentication flow, or external API call.
Evaluate the change
Tell the agent what you are working on:
The agent calls evaluate_change and returns a recommendation with a suggested flag name.
Check for duplicates
The agent automatically calls detect_flag to search for existing flags.
If a suitable flag exists, the agent suggests reusing it instead of creating a duplicate.
Discover and audit flags
Use this workflow to take inventory of existing flags before creating new ones, or to run a periodic audit for cleanup candidates.
List available projects (optional)
If you don’t already know the target project, the agent calls list_projects to enumerate projects the configured token can access. Skip this step if UNLEASH_DEFAULT_PROJECT is set.
List active flags
The agent calls list_flags with the target projectId. The default response returns active (non-archived) flags only. Results are paginated with offset, limit, and order; the agent fetches additional pages automatically when a project has many flags.
List archived flags
For a full audit, the agent calls list_flags a second time with archived=true. Active and archived flags are disjoint result sets in Unleash; both calls are needed for complete inventory.
Cross-reference with the codebase
The agent compares the returned flags against references in your code. Flags present in Unleash but unused in code (especially archived ones) are cleanup candidates — chain into the Clean up after rollout workflow to remove them safely.
Manage rollouts across environments
Use this workflow to enable a flag in staging for testing while keeping it disabled in production.
Check flag state
Enable in staging
The agent calls get_flag_state and returns the flag metadata, enabled environments, and active strategies.
AI assistants can make mistakes and toggle the wrong flag. Enable change requests on production environments to require human approval before changes take effect. See the MCP server documentation for details.
Clean up after rollout
Use this workflow when a feature has been fully rolled out and the flag is no longer needed.
The agent calls cleanup_flag and returns:
- All files and line numbers where the flag is used
- Which code path to preserve (the “enabled” branch)
- Suggestions for tests to run after removal
Review the list, remove the conditional branches, and delete the flag from Unleash.
Feature flags should be temporary. Regularly clean up flags after successful rollouts to prevent technical debt.
AGENTS.md templates
Codex reads AGENTS.md files for project instructions. Store your FeatureOps policies in AGENTS.md so the agent considers feature flags automatically in every session.
Codex merges AGENTS.md files from a global ~/.codex/AGENTS.md down through your repository, with files closer to the working directory taking precedence. Put universal conventions at the repository root and stricter policies in subdirectories.
Repository root: universal conventions
Subdirectory: domain-specific policy
Place this file in a high-risk directory (for example payments/AGENTS.md). Because it is closer to the working directory, it overrides the root policy when the agent works in that subtree.
Enterprise governance
On Business and Enterprise plans, Codex supports admin-enforced managed configuration through a requirements.toml file that Codex fetches from the Codex service and applies across the CLI, IDE, and cloud. Use it to keep the authoring-time boundary in place for every developer.
- Require a safe sandbox — Restrict the allowed sandbox modes so developers cannot run in full-access mode for routine work.
- Keep approvals on — Restrict the allowed approval policies so tool calls are not silently auto-approved.
- Allowlist the Unleash server — Define which MCP servers are permitted, so the Unleash server is available and unvetted servers are not.
- Control network access — Define network policy centrally for the sandbox.
This pairs with Unleash’s own governance. The MCP server inherits the PAT’s permissions and cannot exceed them, so scope the token tightly. Enable change requests on production environments so that enabling a flag requires human approval regardless of what any agent requests. Codex governs how the agent runs; Unleash governs how the release ships.
Prompt patterns
The following prompt patterns help you use the MCP tools effectively.
Evaluate and create a flag
Intent: Determine if a change requires a feature flag, then create and wrap it.
Prompt:
Expected behavior: The agent calls evaluate_change, then detect_flag, create_flag, and wrap_change as needed. It prompts for approval before each write.
Detect and reuse existing flags
Intent: Avoid duplicate flags when similar functionality exists.
Prompt:
Expected behavior: The agent calls detect_flag and presents matches with confidence levels.
Toggle or check flag state
Intent: Enable, disable, or query a flag in a specific environment.
Prompts:
Expected behavior: The agent calls toggle_flag_environment or get_flag_state. Writes go through the approval prompt.
Clean up a flag
Intent: Safely remove flagged code and delete unused flags.
Prompts:
Expected behavior: The agent calls cleanup_flag and provides removal instructions.
Discover and audit flags
Intent: Take inventory of existing flags and identify cleanup candidates.
Prompts:
Expected behavior: The agent calls list_projects (if no project is specified), then list_flags for active and archived flags. It cross-references results against code and reports cleanup candidates.
Policy-driven evaluation with AGENTS.md
Intent: Automatically evaluate code changes based on encoded policies.
Trigger: An AGENTS.md file instructs the agent to evaluate risk for high-risk domains.
Expected behavior: When you describe a change in a covered domain (for example authentication), the agent calls evaluate_change on its own and proposes a flag that follows the documented naming convention, without being asked each time.
Troubleshooting
401 errors on every tool call
The agent is not signed in. Run codex login and sign in with your ChatGPT account, or configure an API key. codex mcp list can show the server as registered before you sign in, but tool calls fail with a 401 until you authenticate.
'user cancelled MCP tool call' in codex exec
Non-interactive codex exec cannot show the approval prompt, so approval-required calls are auto-cancelled. Run an interactive session and approve the prompt, or use --dangerously-bypass-approvals-and-sandbox for automation inside an isolated runner. This is a known open limitation; a per-server auto-approve setting is proposed but not yet available.
MCP server not appearing in Codex
- Verify
~/.codex/config.tomlfor TOML syntax errors - Confirm the table is
[mcp_servers.unleash]with an underscore inmcp_servers - Confirm
commandis a string andargsis an array - Run
codex mcp listto check the server status - Restart Codex after making changes
Authentication or API errors
- Confirm your Unleash PAT is valid and has not expired
- Check that the PAT has permissions to create and manage feature flags
- Verify that
UNLEASH_BASE_URLdoes not include/apiat the end (the server appends it, and a trailing/apiproduces doubled/api/api/paths) - Test directly:
curl -H "Authorization: $UNLEASH_PAT" "$UNLEASH_BASE_URL/api/admin/projects"
Environment variables not applied
- The
envtable inconfig.tomlholds literal values and does not expand${VAR}references - To forward a shell variable, use
env_vars = ["VAR_NAME"](an array) instead ofenv - If you used
codex mcp addwith--env, the values are written literally intoconfig.toml
Node.js not found
Local servers using npx require Node.js 18+. Verify with node --version. If Node.js is installed but not found by Codex, check that Codex inherits your shell PATH.
Codex cloud agent cannot reach Unleash
Cloud sandboxes are network-isolated by default, and they cannot run a local stdio MCP server. You have two options:
- Run flag operations in the CLI or IDE extension (recommended for most teams), then let cloud tasks open pull requests that ship behind the flags you created.
- Use the remote Unleash MCP server (Enterprise), which Codex connects to by
url. Enable internet access for the cloud environment, add your Unleash host to the allowlist, and allow write methods (POST, PATCH, DELETE) so flag changes work. Verify the remote server’s authentication flow works in a headless environment before relying on it.
Best practices
Follow these guidelines for effective feature flag management with Codex.
Leave Codex’s approval prompt on for write operations like create_flag and toggle_flag_environment. The prompt shows the arguments, so you review the exact flag and environment before the call runs.
The MCP server reaches your Unleash instance under the default workspace-write sandbox. There is no need to switch to full-access mode to manage flags.
Establish organization-wide standards for flag names (e.g., domain-feature-variant) and types. Encode these in AGENTS.md so the agent applies them automatically.
Always use detect_flag before creating new flags. This keeps naming consistent and reduces fragmentation across services.
Feature flags should be removed after successful rollouts. Use cleanup_flag regularly to prevent technical debt.
Use requirements.toml to require a safe sandbox, keep approvals on, and allowlist the Unleash server across the CLI, IDE, and cloud.