接线 · MCP 把上下文接进来Wire In · MCP Brings Your Context In.
你的上下文大半不在仓库里 —— 在 Figma 的稿、Sentry 的报错、Linear 的工单、文档站的页面里。MCP 让 Codex 直接读它们、调它们:codex mcp add 一条命令接上,CLI、IDE、桌面应用共用同一份配置。Codex 给了比「接不接」更细的闸门:每个服务器能开白名单、关掉危险工具、按工具定审批档 —— 标了破坏性的调用永远要问你。这一章还算一笔多数教程不算的账:每接一个服务器,它的工具清单就常驻你的上下文 —— 官方省额度建议里专门有一条「少接 MCP」。Most of your context isn't in the repo — it's in a Figma file, a Sentry error, a Linear ticket, a docs page. MCP lets Codex read and call them directly: one codex mcp add wires it in, and the CLI, IDE, and desktop app share the same configuration. Codex offers finer gates than connect-or-not: per-server tool allowlists, disabled tools, per-tool approval modes — and calls marked destructive always ask you. This chapter also counts a bill most tutorials skip: every server you add parks its tool list in your context — the official quota-saving tips include, verbatim, use fewer MCP servers.
9 分钟 · 初稿 2026.079 Min · Drafted 2026.07
你的上下文大半不在仓库里 —— 需求在 Linear 的工单,报错在 Sentry,设计稿在 Figma,文档在别的站点。于是你的日常变成搬运:开网页、复制、粘进对话、再解释一遍这是什么。MCP 把搬运换成接线:让 Codex 直接读它们、调它们。这一章讲怎么接、闸门怎么收紧,以及一条比「能不能接」更要紧的线 —— 每接一个,它的读写半径和你的额度都大一圈。Most of your context isn't in the repo — requirements in a Linear ticket, errors in Sentry, designs in Figma, docs on another site. So your day becomes haulage: open the page, copy, paste into chat, explain what it is. MCP replaces hauling with wiring: Codex reads and calls them directly. This chapter covers how to connect, how to tighten the gates, and a line that matters more than 'can it connect' — every hookup widens both its read-write radius and your quota bill.
— I
接线:一条命令,两种形态Wiring In: One Command, Two Shapes.
MCP(Model Context Protocol)是把模型接到工具与上下文的开放协议 —— 第三方文档、浏览器、Figma 都能接进来。1注 1Note 1OpenAI Codex 文档 · Model Context Protocol —— MCP 把模型接到工具与上下文,让 ChatGPT 或 Codex 用上第三方文档、浏览器、Figma 等。Codex 把 MCP 配置存在 config.toml([mcp_servers.名字]),CLI / IDE / 桌面应用共用同一份。加服务器:codex mcp add …(STDIO 本地进程,或 Streamable HTTP 远程地址,支持 Bearer / OAuth);codex mcp list 看已配、codex mcp login 走 OAuth;TUI 里 /mcp 看在连的服务器。每服务器可配 enabled_tools 白名单、disabled_tools 黑名单、default_tools_approval_mode(auto / prompt / writes / approve)与按工具的 approval_mode。文档举的常用服务器:OpenAI Docs、Context7、Figma、Playwright、Sentry、GitHub。截至 2026-07-17。OpenAI Codex Docs · Model Context Protocol — MCP connects models to tools and context, giving ChatGPT or Codex third-party docs, a browser, Figma, and more. Codex stores MCP config in config.toml ([mcp_servers.name]), shared by the CLI / IDE / desktop app. Add a server: codex mcp add … (STDIO local process, or Streamable HTTP remote address, with Bearer / OAuth); codex mcp list shows configured servers, codex mcp login runs OAuth; /mcp in the TUI shows connected servers. Per server you can set an enabled_tools allowlist, a disabled_tools denylist, default_tools_approval_mode (auto / prompt / writes / approve), and per-tool approval_mode. Common servers the docs cite: OpenAI Docs, Context7, Figma, Playwright, Sentry, GitHub. As of 2026-07-17.Codex 把配置存在 config.toml 里,和第 5 章那条「一台引擎」一致:CLI、IDE、桌面应用共用同一份 MCP 配置,配一次几端通用。接入一条命令,分两种形态:本地进程走 STDIO,远程服务走 Streamable HTTP(支持 Bearer token 或 OAuth):MCP (Model Context Protocol) is the open protocol connecting models to tools and context — third-party docs, a browser, Figma all wire in.1注 1Note 1OpenAI Codex 文档 · Model Context Protocol —— MCP 把模型接到工具与上下文,让 ChatGPT 或 Codex 用上第三方文档、浏览器、Figma 等。Codex 把 MCP 配置存在 config.toml([mcp_servers.名字]),CLI / IDE / 桌面应用共用同一份。加服务器:codex mcp add …(STDIO 本地进程,或 Streamable HTTP 远程地址,支持 Bearer / OAuth);codex mcp list 看已配、codex mcp login 走 OAuth;TUI 里 /mcp 看在连的服务器。每服务器可配 enabled_tools 白名单、disabled_tools 黑名单、default_tools_approval_mode(auto / prompt / writes / approve)与按工具的 approval_mode。文档举的常用服务器:OpenAI Docs、Context7、Figma、Playwright、Sentry、GitHub。截至 2026-07-17。OpenAI Codex Docs · Model Context Protocol — MCP connects models to tools and context, giving ChatGPT or Codex third-party docs, a browser, Figma, and more. Codex stores MCP config in config.toml ([mcp_servers.name]), shared by the CLI / IDE / desktop app. Add a server: codex mcp add … (STDIO local process, or Streamable HTTP remote address, with Bearer / OAuth); codex mcp list shows configured servers, codex mcp login runs OAuth; /mcp in the TUI shows connected servers. Per server you can set an enabled_tools allowlist, a disabled_tools denylist, default_tools_approval_mode (auto / prompt / writes / approve), and per-tool approval_mode. Common servers the docs cite: OpenAI Docs, Context7, Figma, Playwright, Sentry, GitHub. As of 2026-07-17. Codex stores the config in config.toml, consistent with chapter 5's 'one engine': the CLI, IDE, and desktop app share one MCP configuration, set once and used everywhere. Connecting is one command in two shapes: local processes over STDIO, remote services over Streamable HTTP (with Bearer token or OAuth):
加一个本地服务器,或直接写 config.toml;/mcp 看连接Add a local server, or write config.toml directly; /mcp shows connections
远程服务器直接写进 config.toml 更省事,一个 [mcp_servers.名字] 表配好 URL 和认证:Remote servers are easier written straight into config.toml, one [mcp_servers.name] table with the URL and auth:
一个远程 HTTP 服务器,带按工具的审批档A remote HTTP server, with a per-tool approval mode
文档自己举的常用服务器就那几个,覆盖多数人的搬运:OpenAI Docs(查官方文档)、Context7(查最新的第三方库文档)、Figma、Playwright、Sentry、GitHub。1注 1Note 1OpenAI Codex 文档 · Model Context Protocol —— MCP 把模型接到工具与上下文,让 ChatGPT 或 Codex 用上第三方文档、浏览器、Figma 等。Codex 把 MCP 配置存在 config.toml([mcp_servers.名字]),CLI / IDE / 桌面应用共用同一份。加服务器:codex mcp add …(STDIO 本地进程,或 Streamable HTTP 远程地址,支持 Bearer / OAuth);codex mcp list 看已配、codex mcp login 走 OAuth;TUI 里 /mcp 看在连的服务器。每服务器可配 enabled_tools 白名单、disabled_tools 黑名单、default_tools_approval_mode(auto / prompt / writes / approve)与按工具的 approval_mode。文档举的常用服务器:OpenAI Docs、Context7、Figma、Playwright、Sentry、GitHub。截至 2026-07-17。OpenAI Codex Docs · Model Context Protocol — MCP connects models to tools and context, giving ChatGPT or Codex third-party docs, a browser, Figma, and more. Codex stores MCP config in config.toml ([mcp_servers.name]), shared by the CLI / IDE / desktop app. Add a server: codex mcp add … (STDIO local process, or Streamable HTTP remote address, with Bearer / OAuth); codex mcp list shows configured servers, codex mcp login runs OAuth; /mcp in the TUI shows connected servers. Per server you can set an enabled_tools allowlist, a disabled_tools denylist, default_tools_approval_mode (auto / prompt / writes / approve), and per-tool approval_mode. Common servers the docs cite: OpenAI Docs, Context7, Figma, Playwright, Sentry, GitHub. As of 2026-07-17.TUI 里 /mcp 随时看哪些在连着。The common servers the docs themselves cite are just a handful, covering most people's haulage: OpenAI Docs (official docs), Context7 (up-to-date third-party library docs), Figma, Playwright, Sentry, GitHub.1注 1Note 1OpenAI Codex 文档 · Model Context Protocol —— MCP 把模型接到工具与上下文,让 ChatGPT 或 Codex 用上第三方文档、浏览器、Figma 等。Codex 把 MCP 配置存在 config.toml([mcp_servers.名字]),CLI / IDE / 桌面应用共用同一份。加服务器:codex mcp add …(STDIO 本地进程,或 Streamable HTTP 远程地址,支持 Bearer / OAuth);codex mcp list 看已配、codex mcp login 走 OAuth;TUI 里 /mcp 看在连的服务器。每服务器可配 enabled_tools 白名单、disabled_tools 黑名单、default_tools_approval_mode(auto / prompt / writes / approve)与按工具的 approval_mode。文档举的常用服务器:OpenAI Docs、Context7、Figma、Playwright、Sentry、GitHub。截至 2026-07-17。OpenAI Codex Docs · Model Context Protocol — MCP connects models to tools and context, giving ChatGPT or Codex third-party docs, a browser, Figma, and more. Codex stores MCP config in config.toml ([mcp_servers.name]), shared by the CLI / IDE / desktop app. Add a server: codex mcp add … (STDIO local process, or Streamable HTTP remote address, with Bearer / OAuth); codex mcp list shows configured servers, codex mcp login runs OAuth; /mcp in the TUI shows connected servers. Per server you can set an enabled_tools allowlist, a disabled_tools denylist, default_tools_approval_mode (auto / prompt / writes / approve), and per-tool approval_mode. Common servers the docs cite: OpenAI Docs, Context7, Figma, Playwright, Sentry, GitHub. As of 2026-07-17./mcp in the TUI shows what's connected anytime.
— II
比「接不接」更细的闸门Gates Finer Than Connect-or-Not.
接一个服务器不是「全接或全不接」。Codex 给了按服务器、按工具的闸门:enabled_tools 只放行你要的那几个工具,disabled_tools 关掉危险的,default_tools_approval_mode 定这台服务器的默认审批档(auto 自动、prompt 每次问、writes 只对非只读工具问、approve 全要批),还能对单个工具再单独定 approval_mode。1注 1Note 1OpenAI Codex 文档 · Model Context Protocol —— MCP 把模型接到工具与上下文,让 ChatGPT 或 Codex 用上第三方文档、浏览器、Figma 等。Codex 把 MCP 配置存在 config.toml([mcp_servers.名字]),CLI / IDE / 桌面应用共用同一份。加服务器:codex mcp add …(STDIO 本地进程,或 Streamable HTTP 远程地址,支持 Bearer / OAuth);codex mcp list 看已配、codex mcp login 走 OAuth;TUI 里 /mcp 看在连的服务器。每服务器可配 enabled_tools 白名单、disabled_tools 黑名单、default_tools_approval_mode(auto / prompt / writes / approve)与按工具的 approval_mode。文档举的常用服务器:OpenAI Docs、Context7、Figma、Playwright、Sentry、GitHub。截至 2026-07-17。OpenAI Codex Docs · Model Context Protocol — MCP connects models to tools and context, giving ChatGPT or Codex third-party docs, a browser, Figma, and more. Codex stores MCP config in config.toml ([mcp_servers.name]), shared by the CLI / IDE / desktop app. Add a server: codex mcp add … (STDIO local process, or Streamable HTTP remote address, with Bearer / OAuth); codex mcp list shows configured servers, codex mcp login runs OAuth; /mcp in the TUI shows connected servers. Per server you can set an enabled_tools allowlist, a disabled_tools denylist, default_tools_approval_mode (auto / prompt / writes / approve), and per-tool approval_mode. Common servers the docs cite: OpenAI Docs, Context7, Figma, Playwright, Sentry, GitHub. As of 2026-07-17.也就是说,你可以接一个能查也能改的服务器,但只放行「查」,把「改」单独设成必须弹窗。Connecting a server isn't 'all or nothing.' Codex offers per-server, per-tool gates: enabled_tools allows only the tools you want, disabled_tools turns off the dangerous ones, default_tools_approval_mode sets that server's default approval (auto, prompt to ask each time, writes to ask only for non-read-only tools, approve for everything), and a single tool can override its approval_mode.1注 1Note 1OpenAI Codex 文档 · Model Context Protocol —— MCP 把模型接到工具与上下文,让 ChatGPT 或 Codex 用上第三方文档、浏览器、Figma 等。Codex 把 MCP 配置存在 config.toml([mcp_servers.名字]),CLI / IDE / 桌面应用共用同一份。加服务器:codex mcp add …(STDIO 本地进程,或 Streamable HTTP 远程地址,支持 Bearer / OAuth);codex mcp list 看已配、codex mcp login 走 OAuth;TUI 里 /mcp 看在连的服务器。每服务器可配 enabled_tools 白名单、disabled_tools 黑名单、default_tools_approval_mode(auto / prompt / writes / approve)与按工具的 approval_mode。文档举的常用服务器:OpenAI Docs、Context7、Figma、Playwright、Sentry、GitHub。截至 2026-07-17。OpenAI Codex Docs · Model Context Protocol — MCP connects models to tools and context, giving ChatGPT or Codex third-party docs, a browser, Figma, and more. Codex stores MCP config in config.toml ([mcp_servers.name]), shared by the CLI / IDE / desktop app. Add a server: codex mcp add … (STDIO local process, or Streamable HTTP remote address, with Bearer / OAuth); codex mcp list shows configured servers, codex mcp login runs OAuth; /mcp in the TUI shows connected servers. Per server you can set an enabled_tools allowlist, a disabled_tools denylist, default_tools_approval_mode (auto / prompt / writes / approve), and per-tool approval_mode. Common servers the docs cite: OpenAI Docs, Context7, Figma, Playwright, Sentry, GitHub. As of 2026-07-17. Which means you can wire in a server that both reads and writes, but allow only 'read' and make 'write' individually prompt.还有一条 Codex 替你兜底的硬规矩:标了破坏性注解的 app / MCP 工具调用永远要审批 —— 即便那个工具同时声称自己只读,只要它宣告了破坏性,Codex 就一定停下问你。2注 2Note 2OpenAI Codex 文档 · Agent approvals & security —— Codex 也会为宣告有副作用的 app(连接器)工具调用征求审批;标了破坏性注解的 app / MCP 工具调用永远要审批,即便它同时标了只读等其它提示。默认 agent 断网;会抓取外部内容的场景可能带来 prompt injection —— 它替你读回的网页或工单里,可能藏着写给模型看的指令。截至 2026-07-17。OpenAI Codex Docs · Agent approvals & security — Codex also elicits approval for app (connector) tool calls that advertise side effects; app / MCP tool calls marked with a destructive annotation always require approval, even if they also advertise other hints like read-only. By default the agent has no network; fetching external content can expose you to prompt injection — the page or ticket it reads back may hide instructions written for the model. As of 2026-07-17.这是「能接但别失控」的最后一格:再松的档,也拦不住的那类动作,由协议层替你按住。And one hard rule Codex backstops for you: app / MCP tool calls marked with a destructive annotation always require approval — even if that tool also claims to be read-only, once it advertises destructiveness, Codex stops and asks.2注 2Note 2OpenAI Codex 文档 · Agent approvals & security —— Codex 也会为宣告有副作用的 app(连接器)工具调用征求审批;标了破坏性注解的 app / MCP 工具调用永远要审批,即便它同时标了只读等其它提示。默认 agent 断网;会抓取外部内容的场景可能带来 prompt injection —— 它替你读回的网页或工单里,可能藏着写给模型看的指令。截至 2026-07-17。OpenAI Codex Docs · Agent approvals & security — Codex also elicits approval for app (connector) tool calls that advertise side effects; app / MCP tool calls marked with a destructive annotation always require approval, even if they also advertise other hints like read-only. By default the agent has no network; fetching external content can expose you to prompt injection — the page or ticket it reads back may hide instructions written for the model. As of 2026-07-17. This is the last cell of 'connect but don't lose control': the class of action no loose setting waves through, held for you at the protocol layer.
— III
能接,不等于该接'Can Connect' Is Not 'Should Connect'.
现在说那条更要紧的线,它有两头。一头是额度:每接一个服务器,它的工具清单就要占你每条消息的上下文 —— 官方省额度建议里明写着一条「限制你用的 MCP 服务器数量,不用时禁用它们」。3注 3Note 3OpenAI Codex 文档 · Pricing(省额度建议)—— 每接一个 MCP 服务器都会给你的每条消息加更多上下文、多吃额度;官方省额度建议里明列一条:「限制你用的 MCP 服务器数量……不用时禁用它们。」截至 2026-07-17。OpenAI Codex Docs · Pricing (quota-saving tips) — every MCP server you add puts more context into each message and uses more of your allowance; the official quota-saving tips list one verbatim: 'Limit the number of MCP servers you use … Disable MCP servers when you don't need them.' As of 2026-07-17.接十个服务器却只用一个,是拿真金白银养着九份闲置上下文。另一头是安全:会抓取外部内容的服务器可能带来 prompt injection —— 它替你读回的网页或工单里,可能藏着写给模型看的指令,诱它做你没让它做的事。2注 2Note 2OpenAI Codex 文档 · Agent approvals & security —— Codex 也会为宣告有副作用的 app(连接器)工具调用征求审批;标了破坏性注解的 app / MCP 工具调用永远要审批,即便它同时标了只读等其它提示。默认 agent 断网;会抓取外部内容的场景可能带来 prompt injection —— 它替你读回的网页或工单里,可能藏着写给模型看的指令。截至 2026-07-17。OpenAI Codex Docs · Agent approvals & security — Codex also elicits approval for app (connector) tool calls that advertise side effects; app / MCP tool calls marked with a destructive annotation always require approval, even if they also advertise other hints like read-only. By default the agent has no network; fetching external content can expose you to prompt injection — the page or ticket it reads back may hide instructions written for the model. As of 2026-07-17.Now the line that matters more, and it has two ends. One is quota: every server you add parks its tool list in the context of each message — the official quota-saving tips write it plainly, 'limit the number of MCP servers you use, disable them when you don't need them.'3注 3Note 3OpenAI Codex 文档 · Pricing(省额度建议)—— 每接一个 MCP 服务器都会给你的每条消息加更多上下文、多吃额度;官方省额度建议里明列一条:「限制你用的 MCP 服务器数量……不用时禁用它们。」截至 2026-07-17。OpenAI Codex Docs · Pricing (quota-saving tips) — every MCP server you add puts more context into each message and uses more of your allowance; the official quota-saving tips list one verbatim: 'Limit the number of MCP servers you use … Disable MCP servers when you don't need them.' As of 2026-07-17. Connecting ten servers to use one is paying real money to keep nine idle contexts alive. The other end is security: servers that fetch external content can expose you to prompt injection — the page or ticket it reads back may hide instructions written for the model, luring it to do what you didn't ask.2注 2Note 2OpenAI Codex 文档 · Agent approvals & security —— Codex 也会为宣告有副作用的 app(连接器)工具调用征求审批;标了破坏性注解的 app / MCP 工具调用永远要审批,即便它同时标了只读等其它提示。默认 agent 断网;会抓取外部内容的场景可能带来 prompt injection —— 它替你读回的网页或工单里,可能藏着写给模型看的指令。截至 2026-07-17。OpenAI Codex Docs · Agent approvals & security — Codex also elicits approval for app (connector) tool calls that advertise side effects; app / MCP tool calls marked with a destructive annotation always require approval, even if they also advertise other hints like read-only. By default the agent has no network; fetching external content can expose you to prompt injection — the page or ticket it reads back may hide instructions written for the model. As of 2026-07-17.接线前过三问,比接完再后悔便宜:这条数据真需要直读吗 —— 一次性的贴进来更快,反复要的才值得接;只读够不够 —— 能查和能改是两个半径,从只读开始;写操作有没有闸 —— 危险动作用上一节的按工具审批档单独按住。接线是为了少搬运,不是为了收集服务器。Three questions before wiring beat regret after: does this data truly need direct reading — one-offs are faster pasted, only the recurring earns a wire; is read-only enough — querying and mutating are two radii, start read-only; is there a gate on writes — hold dangerous actions with the previous section's per-tool approval. Wiring is to haul less, not to collect servers.动手 · 接第一条线,按信任梯度来:Hands-on · wire your first line, up the trust gradient:
01
挑你每周复制最多的那个系统Pick the system you copy from most
工单、报错监控或文档站,选一个。codex mcp add 接上,/mcp 确认连通,先只开只读工具。Tracker, error monitor, or docs site — pick one. codex mcp add it, confirm in /mcp, and enable only the read-only tools first.
02
给它定一个 prompt 审批档,跑一周Give it a prompt approval mode, run a week
default_tools_approval_mode 设 prompt,让每次调用都过你一眼;观察它把数据用得对不对,再决定要不要放开某几个自动。Set default_tools_approval_mode to prompt so each call passes your eye; watch whether it uses the data correctly, then decide which few to let run automatically.
03
月底数一遍你真在用的服务器At month's end, count the servers you actually use
把一个月没调用过的服务器 disabled 掉 —— 每个闲置服务器都在吃你的上下文和额度。少接,是省额度纪律里最实的一条。Disable any server you haven't called in a month — each idle one eats context and quota. Fewer servers is the most concrete quota discipline there is.
上下文不该靠你搬运,
但每根线都记在账上.
Context shouldn't be hauled by you —
but every wire is on the bill.
Aklman Library
— 讨论Discussion
讨论Discussion.
评论区初始化中…Initializing comments…
01 / 01
没有匹配结果No matches.
换个关键词,或按 Esc 回到页面Try another keyword, or press Esc to return