{ "$schema": "https://bringyour.ai/schemas/mcp-config-migration.v1.json", "id": "bringyour-mcp-config-migration", "title": "MCP config migration from Claude Code to Codex", "url": "https://bringyour.ai/mcp-config-migration", "html_url": "https://bringyour.ai/mcp-config-migration", "json_url": "https://bringyour.ai/mcp-config-migration.json", "product": "Bring Your AI", "updated_at": "2026-05-11", "remote_invariant": { "harness_data_remote": false, "notes": "The public MCP config migration route is descriptive only. Bring Your AI remote MCP and JSON routes do not accept MCP config files, generated memories, user rules, API keys, GitHub handles, local paths, or file contents." }, "risk_model": [ { "id": "secret_reference_literalization", "risk": "Secret references are copied as literal values into the Codex target config.", "required_control": "Preserve environment, Keychain, 1Password, vault, or wrapper references. Never inline credential material." }, { "id": "source_only_absolute_paths", "risk": "Claude Code wrapper paths, sockets, or helper scripts point at source-harness locations that Codex cannot use.", "required_control": "Rewrite paths to target-valid wrapper locations or create a target-side validation note before the first Codex run." }, { "id": "transport_shape_drift", "risk": "stdio, HTTP, and local launcher assumptions change when the MCP server is moved.", "required_control": "Record transport type and run one tools/list or equivalent dry-run per critical server." }, { "id": "launcher_policy_drift", "risk": "Claude Code-specific lifecycle hooks, managed policy, or tool restrictions are treated as if Codex enforces them.", "required_control": "Record non-equivalent behavior as target-side validation notes instead of silently copying config." } ], "recommended_sequence": [ { "order": 1, "name": "Inventory MCP servers", "outcome": "Classify every server by name, transport, command or URL, env refs, local wrapper dependencies, and target criticality." }, { "order": 2, "name": "Preserve indirect secrets", "outcome": "Keep references to environment variables, Keychain, 1Password, or vault helpers. Do not copy raw values." }, { "order": 3, "name": "Rewrite source-only paths", "outcome": "Replace absolute paths or wrapper locations with target-valid equivalents, or mark the server as requiring manual validation." }, { "order": 4, "name": "Dry-run critical servers", "outcome": "Run tools/list or the lowest-risk discovery call for critical servers before allowing Codex to edit code." }, { "order": 5, "name": "Write target-side validation notes", "outcome": "Record every non-equivalent server behavior where Codex cannot enforce the same hook, policy, or launcher contract." } ], "local_commands": [ "bringyour preview --from claude-code --to codex", "bringyour migrate --from claude-code --to codex --policy merge" ], "agent_readable_surfaces": { "openapi": "https://bringyour.ai/openapi.yaml", "agent_manifest": "https://bringyour.ai/.well-known/agent.json", "codex_import_checklist": "https://bringyour.ai/codex-import-checklist.json", "commerce_manifest": "https://bringyour.ai/.well-known/commerce.json", "catalog": "https://bringyour.ai/api/v1/catalog" } }