OCI Deal Accelerator — Codex Plugin
Codex plugin that connects to the OCI Deal Accelerator MCP server and bundles a companion skill. Distributed internally via ai-lad.com.
What you get
14 tools surfaced through a remote MCP server (streamable HTTP, OAuth 2.1):
generate_full_proposal,generate_bom,generate_bom_appca,generate_cost_estimategenerate_deck,generate_diagram,generate_business_caserun_wa_review,check_feature_compatibility,compare_competitivesearch_reference_architectures,search_field_findings,report_field_findingscore_ecal_readiness
Plus a skill (skills/oci-deal-accelerator/SKILL.md) that guides Codex on when and how to invoke each tool.
Prerequisites
Before installing, ensure your ~/.codex/config.toml has:
experimental_use_rmcp_client = true
This flag enables Codex's rmcp client, required for streamable-HTTP MCP servers with OAuth. Without it you'll get Auth required when send initialize errors.
The installer adds this automatically; the requirement is documented here for users installing manually.
Install
Once the plugin is registered in ai-lad.com you will get an <ID>. Replace it below.
Windows (PowerShell)
iwr -UseBasicParsing 'https://ai-lad.com/api/skills/<ID>/install-script?os=windows' | iex
macOS / Linux
curl -fsSL 'https://ai-lad.com/api/skills/<ID>/install-script?os=unix' | bash
The installer downloads the plugin ZIP, installs it as a Codex plugin, merges the ai-factory marketplace entry in ~/.agents/plugins/marketplace.json, and restarts Codex. In most setups the plugin ends up under ~/.codex/plugins/oci-deal-accelerator/, though some project-local environments use a local plugins/ folder instead. Policy: installation: "AVAILABLE", authentication: "ON_INSTALL".
First-run authentication
On first install Codex kicks off the OAuth 2.1 + PKCE flow against the MCP server (AS proxy → OCI Identity Domain). A browser window opens; sign in with your Oracle SSO.
The MCP server implements Dynamic Client Registration (RFC 7591), so Codex's ephemeral http://localhost:<port> callback registers itself on the fly — no manual whitelisting in the AS required. Restricted to @oracle.com identities.
Re-authentication
If a tool call fails with Auth required, the OAuth access token has expired and Codex did not refresh it automatically. Re-authenticate without uninstalling:
codex mcp login oci-deal-accelerator
Opens the browser, re-authenticates with Oracle SSO, tools are available again. If that fails, force a clean slate first:
codex mcp logout oci-deal-accelerator
codex mcp login oci-deal-accelerator
As a last resort, uninstall the plugin from your Codex plugin directory and reinstall — in most setups that is ~/.codex/plugins/oci-deal-accelerator/, though some project-local environments use a local plugins/ folder. The authentication: "ON_INSTALL" policy triggers a fresh OAuth flow on install.
Repo layout
oci-deal-accelerator-codex/
├── .codex-plugin/
│ └── plugin.json # Codex plugin manifest
├── .mcp.json # Remote MCP server config
├── skills/
│ └── oci-deal-accelerator/
│ └── SKILL.md # Tool-usage guidance
├── assets/ # logo.png, icon.png, screenshot-1.png
├── README.md
└── .gitignore