Add verbose raw MCP logging

Author: xuio

CHANGELOG.md

@@ -5,5 +5,6 @@
 - Initial Claude Code plugin for launching Codex agents through a daemonless stdio MCP server.
 - Added read-only defaults, non-interactive approvals, Codex desktop binary resolution, and per-call `project_dir`.
 - Added explicit full-access mode via `dangerously_bypass_approvals_and_sandbox`.
+- Added verbose default stderr logging for raw MCP JSON-RPC traffic, progress, queue/job/session lifecycle, and Codex process communication.
 - Added single-agent, parallel-agent, Spark preset, and nested Codex subagent support.
 - Added unit, MCP smoke, reliability, runtime, desktop Claude Code, and opt-in live Claude/Codex validation scripts.

README.md

@@ -18,6 +18,7 @@ The plugin lets Claude Code launch one Codex agent or several Codex agents in pa
 - Codex home: uses the user's Codex home by default; pass `isolated_codex_home: true` to use a temporary Codex home with auth but without inherited `config.toml` MCP servers.
 - Concurrency: Codex processes run through a global queue. Defaults are `CODEX_SUBAGENTS_MAX_GLOBAL_PROCESSES=4` and `CODEX_SUBAGENTS_MAX_PROJECT_PROCESSES=2`.
 - Progress: long-running tools emit MCP `notifications/progress` events when the client supplies a progress token.
+- Logging: verbose JSONL logs are written to stderr by default. The logs include raw MCP JSON-RPC frames, tool arguments/results, prompt outputs, progress notifications, queue/job/session lifecycle, and Codex stdin/stdout/stderr traffic.
 - Security: secret-looking output is redacted before it is returned to Claude, and secret-looking environment variables are not forwarded to Codex unless `forward_sensitive_env` is explicitly true.
 - Sessions: `start_session` and `send_session_prompt` use Codex's recorded thread id so a Codex subagent can keep context across multiple prompts without a background daemon.
 
@@ -29,6 +30,8 @@ Optional environment overrides:
 - `CODEX_SUBAGENTS_MAX_GLOBAL_PROCESSES`: maximum Codex child processes across this MCP server.
 - `CODEX_SUBAGENTS_MAX_PROJECT_PROCESSES`: maximum Codex child processes per project key.
 - `CODEX_SUBAGENTS_JOB_TTL_SECONDS`: completed async job retention window. Defaults to one hour.
+- `CODEX_SUBAGENTS_LOG_LEVEL`: `debug`, `info`, `warn`, `error`, or `silent`. Defaults to `debug`.
+- `CODEX_SUBAGENTS_LOG_MAX_STRING_CHARS`: maximum string payload retained per log field before truncation metadata is used. Defaults to `20000`.
 
 ## Spark And Nested Subagents
 

SECURITY.md

@@ -9,6 +9,8 @@ This plugin launches Codex from Claude Code through a local stdio MCP server. Th
 
 Full local access is available only when a tool call explicitly sets `dangerously_bypass_approvals_and_sandbox: true`. That passes Codex's `--dangerously-bypass-approvals-and-sandbox` flag, bypassing all sandboxing and approval prompts for that process. Do not enable it for routine review or exploration.
 
+Verbose stderr logging is enabled by default for debugging Claude Code behavior. These logs intentionally include raw MCP JSON-RPC frames, tool arguments/results, and Codex stdin/stdout/stderr traffic. Treat local logs as sensitive project data; set `CODEX_SUBAGENTS_LOG_LEVEL=silent` to disable logging.
+
 ## Reporting A Vulnerability
 
 Please report security issues through GitHub Security Advisories for this repository. If advisories are not available, open an issue with a minimal description and avoid posting secrets, tokens, private logs, or sensitive project contents.