Skip to main content
The Root.io plugin for Codex integrates vulnerability detection and patching directly into your Codex workflow.

Prerequisites

Installation

Codex supports three installation methods for plugins. Choose the one that fits your workflow.

Option 1: Clone the Repository

Clone the root-ai repository and register the plugin path in Codex: 
git clone https://github.com/rootio-avr/root-ai.git
Then in Codex settings, register the plugin directory: <clone-path>/root-ai/platforms/codex

Option 2: Repository Marketplace

Add the plugin to your project’s marketplace.json: 
{
  "plugins": [
    {
      "name": "rootio-patcher",
      "source": "https://github.com/rootio-avr/root-ai",
      "path": "platforms/codex"
    }
  ]
}
Commit this file to your repository. Codex will automatically discover and install the plugin.

Option 3: Personal Marketplace

Add the plugin to your personal marketplace.json file (location varies by Codex configuration): 
{
  "plugins": [
    {
      "name": "rootio-patcher",
      "source": "https://github.com/rootio-avr/root-ai",
      "path": "platforms/codex"
    }
  ]
}
This makes the plugin available across all your Codex projects.

Plugin Structure

The plugin consists of:
  • Plugin root: platforms/codex
  • Manifest: platforms/codex/.codex-plugin/plugin.json
  • Skill: platforms/codex/skills/rootio-patcher/SKILL.md
Codex reads the manifest to understand the plugin capabilities and loads the skill for AI-assisted patching.

How It Works

The Codex plugin automatically triggers when you’re working with dependency files: Triggers when:
  • Editing or discussing: package.json, pom.xml, requirements.txt, pyproject.toml, Pipfile
Behavior:
  1. Codex recognizes dependency management context
  2. The rootio-patcher skill becomes available
  3. Codex can suggest vulnerability checks and patches
  4. You can manually invoke the skill or let Codex suggest it

Example Interaction

When working with dependencies:
  1. You add a package - Edit package.json to add a new dependency
  2. Codex detects context - Recognizes you’re managing dependencies
  3. Codex suggests check - “Would you like me to check for vulnerabilities with Root.io?”
  4. You approve - Codex runs rootio_patcher npm remediate
  5. Patches applied - If vulnerable packages found, Codex offers to apply Root.io patches

Manual Usage

You can manually invoke the skill at any time: 
"Use the rootio-patcher skill to check for vulnerabilities"
Or directly ask Codex to run the patcher: 
"Run rootio_patcher to scan my Python dependencies"
For complete CLI usage, see the Root Patcher CLI documentation.