Codex is one of the most popular coding harnesses out there. And MCP makes the experience even better. With Signpath MCP integration, you can draft, triage, summarise emails, and much more, all without leaving the terminal or the app, whichever you prefer.
Table of Contents
Connect Signpath without Auth hassles
We manage OAuth, API Key, token refresh, and scopes, you just build.
Try for FreeIntroduction
Also integrate Signpath with
Why use Composio?
Apart from a managed and hosted MCP server, you will get:
- CodeAct: A dedicated workbench that allows GPT to write its code to handle complex tool chaining. Reduces to-and-fro with LLMs for frequent tool calling.
- Large tool responses: Handle them to minimise context rot.
- Dynamic just-in-time access to 20,000 tools across 870+ other Apps for cross-app workflows. It loads the tools you need, so GPTs aren't overwhelmed by tools you don't need.
How to install Signpath MCP in Codex
Run the setup command
Run this command in your terminal to add the Composio MCP server to Codex.
It will initiate the authentication in a browser window, authorize Codex to access your Composio account.
(Optional) Authenticate with OAuth
To authenticate manually, run the login command to open a browser window and authorize Codex to access your Composio account.
Verify the connection
Run codex mcp list to confirm Composio appears as a registered MCP server.
Codex App
Codex App follows the same approach as VS Code.
- Click ⚙️ on the bottom left → MCP Servers → + Add servers → Streamable HTTP:
- Fill the header and Key fields with
{ "x-consumer-api-key" = "ck_*******" }. - The Key is the Composio API key, that you can find on connect.composio.dev
- Click on Authenticate and authorize Codex to your Composio account and you're all set.
- Restart and verify if it's there in
.codex/config.toml
What is the Signpath MCP server, and what's possible with it?
The Signpath MCP server is an implementation of the Model Context Protocol that connects your AI agent and assistants like Claude, Cursor, etc directly to your Signpath account. It provides structured and secure access to your code signing workflows, so your agent can list certificates, retrieve project details, access signing policies, and check system metadata automatically on your behalf.
- Certificate management and discovery: Quickly list all available code signing certificates within your organization, making it easy for your agent to select the right certificate for each workflow.
- Automated project listing and tracking: Let your agent fetch and paginate through all Signpath projects, helping you organize, monitor, and automate signing across multiple software projects.
- Signing policy insights and selection: Effortlessly retrieve detailed information about your organization’s signing policies, so your agent can ensure every artifact is signed according to security best practices.
- System information and environment awareness: Instantly access Signpath system details, including product info, API version, and environment metadata, to keep your agent up to date with the latest platform capabilities.
Supported Tools & Triggers
Tools
Conclusion
You've successfully integrated Signpath with Codex using Composio's MCP server. Now you can interact with Signpath directly from your terminal, VS Code, or the Codex App using natural language commands.
Key benefits of this setup:
- Seamless integration across CLI, VS Code, and standalone app
- Natural language commands for Signpath operations
- Managed authentication through Composio
- Access to 20,000+ tools across 870+ apps for cross-app workflows
- CodeAct workbench for complex tool chaining
Next steps:
- Try asking Codex to perform various Signpath operations
- Explore cross-app workflows by connecting more toolkits
- Build automation scripts that leverage Codex's AI capabilities
How to build Signpath MCP Agent with another framework
Explore Other Toolkits
FAQ
What are the differences in Tool Router MCP and Signpath MCP?
With a standalone Signpath MCP server, the agents and LLMs can only access a fixed set of Signpath tools tied to that server. However, with the Composio Tool Router, agents can dynamically load tools from Signpath and many other apps based on the task at hand, all through a single MCP endpoint.
Can I use Tool Router MCP with Codex?
Yes, you can. Codex fully supports MCP integration. You get structured tool calling, message history handling, and model orchestration while Tool Router takes care of discovering and serving the right Signpath tools.
Can I manage the permissions and scopes for Signpath while using Tool Router?
Yes, absolutely. You can configure which Signpath scopes and actions are allowed when connecting your account to Composio. You can also bring your own OAuth credentials or API configuration so you keep full control over what the agent can do.
How safe is my data with Composio Tool Router?
All sensitive data such as tokens, keys, and configuration is fully encrypted at rest and in transit. Composio is SOC 2 Type 2 compliant and follows strict security practices so your Signpath data and credentials are handled as safely as possible.
