> ## Documentation Index
> Fetch the complete documentation index at: https://docs.root.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Codex

> Automatically detect and patch vulnerabilities in Codex

The Root.io plugin for Codex integrates vulnerability detection and patching directly into your Codex workflow.

## Prerequisites

* Codex installed and configured
* Complete the [AI Integrations prerequisites](/ai-integrations/overview#prerequisites) (Root.io account, `rootio_patcher` CLI, registry configuration)

## Installation

Codex supports three installation methods for plugins. Choose the one that fits your workflow.

### Option 1: Clone the Repository

Clone the root-ai repository and register the plugin path in Codex:

```bash theme={null}
git clone https://github.com/rootio-avr/root-ai.git
```

Then in Codex settings, register the plugin directory: `<clone-path>/root-ai/platforms/codex`

### Option 2: Repository Marketplace

Add the plugin to your project's `marketplace.json`:

```json theme={null}
{
  "plugins": [
    {
      "name": "rootio-patcher",
      "source": "https://github.com/rootio-avr/root-ai",
      "path": "platforms/codex"
    }
  ]
}
```

Commit this file to your repository. Codex will automatically discover and install the plugin.

### Option 3: Personal Marketplace

Add the plugin to your personal `marketplace.json` file (location varies by Codex configuration):

```json theme={null}
{
  "plugins": [
    {
      "name": "rootio-patcher",
      "source": "https://github.com/rootio-avr/root-ai",
      "path": "platforms/codex"
    }
  ]
}
```

This makes the plugin available across all your Codex projects.

## Plugin Structure

The plugin consists of:

* **Plugin root:** `platforms/codex`
* **Manifest:** `platforms/codex/.codex-plugin/plugin.json`
* **Skill:** `platforms/codex/skills/rootio-patcher/SKILL.md`

Codex reads the manifest to understand the plugin capabilities and loads the skill for AI-assisted patching.

## How It Works

The Codex plugin automatically triggers when you're working with dependency files:

**Triggers when:**

* Editing or discussing: `package.json`, `pom.xml`, `requirements.txt`, `pyproject.toml`, `Pipfile`

**Behavior:**

1. Codex recognizes dependency management context
2. The rootio-patcher skill becomes available
3. Codex can suggest vulnerability checks and patches
4. You can manually invoke the skill or let Codex suggest it

## Example Interaction

When working with dependencies:

1. **You add a package** - Edit `package.json` to add a new dependency
2. **Codex detects context** - Recognizes you're managing dependencies
3. **Codex suggests check** - "Would you like me to check for vulnerabilities with Root.io?"
4. **You approve** - Codex runs `rootio_patcher npm remediate`
5. **Patches applied** - If vulnerable packages found, Codex offers to apply Root.io patches

## Manual Usage

You can manually invoke the skill at any time:

```
"Use the rootio-patcher skill to check for vulnerabilities"
```

Or directly ask Codex to run the patcher:

```
"Run rootio_patcher to scan my Python dependencies"
```

For complete CLI usage, see the [Root Patcher CLI documentation](/rlc/patcher).