This repository is a public Codex plugin package. It does not include the private XMemo service implementation, production deployment scripts, database credentials, or internal logs.
Codex authenticates to XMemo through a bearer token stored in XMEMO_KEY.
The plugin manifest and MCP config reference the environment variable name only:
{
"bearer_token_env_var": "XMEMO_KEY"
}The following headers are used for attribution:
X-Memory-OS-Agent-ID: codexX-Memory-OS-Agent-Instance-ID: <local-instance-id>
These headers are not authenticators and should not be treated as secrets.
Screenshots, recordings, logs, and issue comments must not include:
- Bearer tokens
- OAuth authorization codes
- Cookies
- Internal account IDs
- Raw production logs
- Private user memory unrelated to the review
Use synthetic review data for demos.
Security issues can be reported to:
security@xmemo.dev