Codencer stores commit-safe project defaults in:
repo/.codencer/project.json
By default, codencer project init creates only this file under repo .codencer/. It does not create policy files, manifests, prompts, schemas, logs, runtime state, artifacts, proof bundles, connector identity, daemon URLs, relay URLs, tokens, private keys, enrollment material, machine IDs, or absolute local paths in the repository.
Gateway config and Relay profiles are local runtime state under
$CODENCER_HOME/runtime/gateway/config.json; they are never written into
repo/.codencer/project.json.
Minimum shape:
{
"version": "codencer.io/v1alpha1",
"kind": "ProjectConfig",
"project": {
"id": "codencer",
"name": "Codencer",
"description": ""
},
"execution": {
"default_adapter": "codex",
"default_profile": "codex-workspace"
},
"workspace": {
"root": ".",
"forbidden_paths": [".env", ".env.*", ".git", "node_modules", "dist", "build"]
},
"validations": []
}workspace.root and forbidden paths must be relative repository paths. Project config validation rejects absolute paths, URLs, and token-like fields such as token, secret, private_key, daemon_url, relay_url, connector_id, and machine_id.
execution.default_adapter and execution.default_profile define the project
default executor profile. Codencer uses that default unless a run supplies a
task-level override through --profile, Gateway API profile /
adapter_profile, or MCP tool arguments.
Useful commands:
codencer executor list --json
codencer executor scan --json
codencer executor default codex-workspace --repo . --json
codencer submit --project codencer --profile codex-workspace --goal "Run the approved task" --wait --jsoncodencer executor default updates .codencer/project.json and the local
registry entry when the project has already been adopted. It does not create
additional .codencer/ files and does not write executor secrets or local
machine state into the repository.
See Executor Profiles.
Workspace provisioning is opt-in and separate from .codencer/project.json.
Codencer reads native provisioning settings from .codencer/workspace.json when
that file exists, but codencer project init does not create it by default.
Codencer is Grove-compatible. Codencer can read a safe subset of grove.yaml
and .groverc.json. It uses those files only if native
.codencer/workspace.json is absent or incomplete. Native
.codencer/workspace.json has precedence. Codencer does not depend on the Grove
CLI. Codencer does not write Grove state files.
Current Grove-compatible reads are limited to provisioning-oriented fields:
grove.yaml:workspace.setup.copy,workspace.setup.symlinks, andworkspace.hooks.post_create..groverc.json:symlinkandafterCreate.
Codencer merges these as fallbacks only for missing native provisioning fields; it does not treat Grove files as project identity, routing, credential, daemon, Relay, or connector configuration.
Machine-local state stays in $CODENCER_HOME:
$CODENCER_HOME/machine.json: stable localmachine_id, detectedhostname, editablehost_label, OS, arch, timestamps.$CODENCER_HOME/projects.json: local registry with absoluterepo_root, daemon URL, sharing state, relay instance mapping, machine metadata, and project config path.$CODENCER_HOME/runtime/gateway/config.json: local Gateway config with Relay profile URLs and token env/file references.
Use:
codencer machine show --json
codencer machine set-label macbook --jsonhost_label is safe to edit and is used by Relay/MCP as a human-friendly project-location selector. It is not committed.
When .codencer/project.json is missing:
codencer project init --repo . --id codencer --name "Codencer" --jsoncreates .codencer/project.json, validates it, generates or loads machine identity, and creates/updates only the local registry.
When .codencer/project.json already exists, project init validates and adopts it into $CODENCER_HOME/projects.json. It does not overwrite the repo config unless --update-project-config or --force is explicit.
After cloning a repo that already has project config:
codencer project adopt --repo . --jsonrequires .codencer/project.json and updates only local registry state.
Scan is read-only:
codencer project scan --repo . --jsonIt detects common project files and proposes language, package manager, commands, forbidden paths, and project id/name. It does not write files.
Connectors advertise shared projects with location metadata:
project_idproject_namemachine_idhost_labelhostnameinstance_idstatus
Gateway and Relay/MCP project listings return projects with locations[].
Locations include machine and connector identifiers plus safe repo labels/hashes,
never absolute repo paths.
Project execution tools accept optional selectors:
{"project_id": "codencer", "machine_id": "mach_..."}or:
{"project_id": "codencer", "host_label": "macbook"}Resolution order:
machine_idroutes to that online location.host_labelroutes to a matching online location.- A single online location routes automatically.
- Multiple online locations without a selector return
ambiguous_project_locationwithplanner_decision_required: true.
Codencer never randomly chooses among multiple machines for the same project_id.
Gateway adds one more selector layer: if multiple Relay profiles expose the same
project_id, execution must pass relay_profile_id or Gateway returns
ambiguous_relay_profile.