v1.9.40: add Codex integration — skill setup, deploy, GUI buttons

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

.codex/skills/server-manager/SKILL.md

@@ -0,0 +1,88 @@
+---
+name: server-manager
+description: Use ServerManager's shared local server inventory and ssh.py utility to manage configured SSH, Telnet, SQL, Redis, S3/MinIO, Grafana, Prometheus, and WinRM endpoints by alias without exposing credentials. Use when the user asks to operate on servers managed by ServerManager or when editing ServerManager's Claude/Codex integration.
+metadata:
+  short-description: Safe remote ops through ServerManager aliases
+---
+
+# Server Manager
+
+Use this skill for two cases:
+
+1. The user wants work done on a server or service already configured in ServerManager.
+2. The user wants to modify ServerManager's CLI/integration layer so Claude/Codex can use it safely.
+
+## First Step
+
+Before any server operation:
+
+```bash
+$HOME/.server-connections/codex-ssh --list
+```
+
+Read the `Type` column before choosing commands. Do not guess the server type.
+
+If the wrapper is missing, run the doctor script for your platform:
+
+```bash
+$HOME/.codex/skills/server-manager/scripts/server-manager-doctor.sh
+```
+
+On Windows, use:
+
+```bat
+%USERPROFILE%\.codex\skills\server-manager\scripts\server-manager-doctor.cmd
+```
+
+## Hard Rules
+
+- Never read `~/.server-connections/servers.json`, `settings.json`, or `encryption.py` directly.
+- Never use `--list-full`.
+- Never use raw `ssh`, `scp`, `rsync`, `redis-cli`, `mysql`, `psql`, `mc`, `aws s3`, or similar tools unless the user explicitly asks to bypass ServerManager.
+- Maximum one connection attempt per action. If it times out or fails, report it and stop.
+- `ALIAS "command"` is only for `ssh` and `telnet`.
+- `rdp` and `vnc` are GUI-only. Do not invent CLI access.
+- For S3/MinIO, list buckets and paths before upload, delete, or URL generation.
+- Ask for confirmation before destructive actions if the user's intent is not explicit.
+
+## Preferred Entry Points
+
+Use the shared wrapper:
+
+```bash
+$HOME/.server-connections/codex-ssh ...
+```
+
+It delegates to the installed `ssh.py` backend without requiring a `python` alias.
+
+Safe discovery commands:
+
+```bash
+$HOME/.server-connections/codex-ssh --list
+$HOME/.server-connections/codex-ssh --info ALIAS
+$HOME/.server-connections/codex-ssh --status
+```
+
+Read [references/command-matrix.md](references/command-matrix.md) when you need the per-type command matrix.
+
+## Server Operation Workflow
+
+1. Run `--list`.
+2. Match the alias using notes/type, not credentials.
+3. Pick commands strictly from the server type.
+4. Execute exactly one action.
+5. Report the result without exposing IPs, logins, passwords, ports, or secrets.
+
+## Working On ServerManager Itself
+
+Read [references/project.md](references/project.md) before changing integration code.
+
+Source-of-truth files:
+
+- `tools/ssh.py`: local CLI used by Claude/Codex
+- `tools/skill-ssh.md`: current Claude `/ssh` instructions
+- `core/claude_setup.py`: Claude installer logic
+- `build.py`: auto-deploys shared CLI files after build
+- `README.md` and `CLAUDE.md`: project-level rules and architecture
+
+If you change command semantics in `tools/ssh.py`, update the user-facing instructions alongside it.

.codex/skills/server-manager/references/command-matrix.md

@@ -0,0 +1,91 @@
+# Command Matrix
+
+Always identify the server type first with:
+
+```bash
+$HOME/.server-connections/codex-ssh --list
+```
+
+## Type To Command Map
+
+| Type | Use | Do Not Use |
+| --- | --- | --- |
+| `ssh` | `ALIAS "command"`, `--upload`, `--download`, `--ping`, `--install-key` | n/a |
+| `telnet` | `ALIAS "command"` | `--upload`, `--download`, `--install-key` |
+| `mariadb`, `mssql`, `postgresql` | `--sql`, `--sql-databases`, `--sql-tables` | `ALIAS "command"` |
+| `redis` | `--redis`, `--redis-info`, `--redis-keys` | `ALIAS "command"` |
+| `s3` | `--s3-buckets`, `--s3-ls`, `--s3-upload`, `--s3-download`, `--s3-delete`, `--s3-url`, `--s3-create-bucket` | `ALIAS "command"`, SSH/SFTP commands |
+| `grafana` | `--grafana-dashboards`, `--grafana-alerts` | `ALIAS "command"` |
+| `prometheus` | `--prom-query`, `--prom-targets`, `--prom-alerts` | `ALIAS "command"` |
+| `winrm` | `--ps`, `--cmd` | `ALIAS "command"` |
+| `rdp`, `vnc` | GUI only | all CLI actions |
+
+## Common Safe Commands
+
+```bash
+$HOME/.server-connections/codex-ssh --list
+$HOME/.server-connections/codex-ssh --info ALIAS
+$HOME/.server-connections/codex-ssh --status
+$HOME/.server-connections/codex-ssh --set-note ALIAS "description"
+```
+
+## SSH And Telnet
+
+```bash
+$HOME/.server-connections/codex-ssh ALIAS "command"
+$HOME/.server-connections/codex-ssh ALIAS --no-sudo "command"
+$HOME/.server-connections/codex-ssh ALIAS --upload "local" //remote/path
+$HOME/.server-connections/codex-ssh ALIAS --download //remote/path "local"
+$HOME/.server-connections/codex-ssh ALIAS --ping
+```
+
+Use double slashes for remote SSH/SFTP paths when working from Git Bash style environments.
+
+## SQL
+
+```bash
+$HOME/.server-connections/codex-ssh --sql ALIAS "SELECT * FROM table LIMIT 10"
+$HOME/.server-connections/codex-ssh --sql-databases ALIAS
+$HOME/.server-connections/codex-ssh --sql-tables ALIAS [database]
+```
+
+## Redis
+
+```bash
+$HOME/.server-connections/codex-ssh --redis ALIAS "GET key"
+$HOME/.server-connections/codex-ssh --redis-info ALIAS
+$HOME/.server-connections/codex-ssh --redis-keys ALIAS "pattern:*"
+```
+
+## S3 / MinIO
+
+Before modifying objects:
+
+```bash
+$HOME/.server-connections/codex-ssh --s3-buckets ALIAS
+$HOME/.server-connections/codex-ssh --s3-ls ALIAS bucket/prefix/
+```
+
+Then act:
+
+```bash
+$HOME/.server-connections/codex-ssh --s3-upload ALIAS "local" bucket/key
+$HOME/.server-connections/codex-ssh --s3-download ALIAS bucket/key "local"
+$HOME/.server-connections/codex-ssh --s3-delete ALIAS bucket/key
+$HOME/.server-connections/codex-ssh --s3-url ALIAS bucket/key [seconds]
+$HOME/.server-connections/codex-ssh --s3-create-bucket ALIAS bucket-name
+```
+
+Do not treat S3 as a shell filesystem.
+
+## Grafana / Prometheus / WinRM
+
+```bash
+$HOME/.server-connections/codex-ssh --grafana-dashboards ALIAS
+$HOME/.server-connections/codex-ssh --grafana-alerts ALIAS
+$HOME/.server-connections/codex-ssh --prom-query ALIAS "up"
+$HOME/.server-connections/codex-ssh --prom-targets ALIAS
+$HOME/.server-connections/codex-ssh --prom-alerts ALIAS
+$HOME/.server-connections/codex-ssh --ps ALIAS "Get-Process"
+$HOME/.server-connections/codex-ssh --cmd ALIAS "dir"
+```

.codex/skills/server-manager/references/project.md

@@ -0,0 +1,68 @@
+# Project Notes
+
+This skill is based on `/home/code/CODING/server-manager`.
+
+## What ServerManager Is
+
+ServerManager is a cross-platform desktop GUI built with CustomTkinter. It manages multiple remote endpoint types through one local encrypted inventory:
+
+- SSH / Telnet
+- MariaDB / MSSQL / PostgreSQL
+- Redis
+- S3 / MinIO
+- Grafana
+- Prometheus
+- WinRM
+- RDP / VNC launchers
+
+## Core Integration Model
+
+The GUI and CLI share one local backend:
+
+```text
+ServerManager GUI <-> ~/.server-connections/servers.json <-> ~/.server-connections/ssh.py
+```
+
+The AI never needs raw credentials. It only uses aliases and the local CLI.
+
+## Important Files
+
+- `README.md`: product overview and install flow
+- `CLAUDE.md`: project rules, architecture, security, workflow
+- `tools/ssh.py`: CLI entry point used by AI tools
+- `tools/skill-ssh.md`: current Claude `/ssh` instructions
+- `core/claude_setup.py`: installer for shared CLI files, Claude command, and Codex skill
+- `build.py`: auto-deploys `ssh.py`, `encryption.py`, Claude skill, and Codex skill after builds
+
+## Architectural Shape
+
+- `core/server_store.py`: encrypted storage, CRUD, observers, backups
+- `core/connection_factory.py`: type-to-client factory with lazy imports
+- `core/*_client.py`: protocol-specific backends
+- `gui/app.py`: tab registry, conditional tabs by server type
+- `gui/tabs/`: protocol-specific GUI surfaces
+
+## Existing Local Agent Integration
+
+Current setup installs:
+
+- `~/.server-connections/ssh.py`
+- `~/.server-connections/encryption.py`
+- `~/.claude/commands/ssh.md`
+- `~/.codex/skills/server-manager/`
+- `~/.server-connections/codex-ssh` or `codex-ssh.cmd`
+- a `~/.claude/CLAUDE.md` guidance block
+
+The Codex skill mirrors the same safety model:
+
+- use aliases only
+- use the shared local CLI
+- never read credentials directly
+- choose commands by server type
+
+## Local Findings
+
+- `ssh.py` is executable and uses a `python3` shebang, so Codex does not need a `python` alias.
+- `ssh.py` has no `--help`; use `--list`, `--info`, and `--status` for safe discovery.
+- The Unix wrapper path covers both Linux and macOS through `codex-ssh-wrapper.sh`.
+- Windows-native Codex wrapper support exists through `codex-ssh-wrapper.cmd`.

.codex/skills/server-manager/scripts/codex-ssh-wrapper.cmd

@@ -0,0 +1,28 @@
+@echo off
+setlocal
+
+set "SHARED_DIR=%SERVER_MANAGER_SHARED_DIR%"
+if "%SHARED_DIR%"=="" set "SHARED_DIR=%USERPROFILE%\.server-connections"
+set "SSH_SCRIPT=%SHARED_DIR%\ssh.py"
+
+if not exist "%SSH_SCRIPT%" (
+  echo error: missing ssh.py at %SSH_SCRIPT% 1>&2
+  echo hint: install ServerManager shared CLI files first 1>&2
+  exit /b 1
+)
+
+where py >nul 2>&1
+if not errorlevel 1 (
+  py -3 "%SSH_SCRIPT%" %*
+  exit /b %errorlevel%
+)
+
+where python >nul 2>&1
+if not errorlevel 1 (
+  python "%SSH_SCRIPT%" %*
+  exit /b %errorlevel%
+)
+
+echo error: neither py nor python is available in PATH 1>&2
+echo hint: install Python launcher or use ServerManager Setup on a machine with Python present 1>&2
+exit /b 1

.codex/skills/server-manager/scripts/codex-ssh-wrapper.sh

@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+shared_dir="${SERVER_MANAGER_SHARED_DIR:-$HOME/.server-connections}"
+ssh_script="${shared_dir}/ssh.py"
+
+if [[ ! -x "$ssh_script" ]]; then
+  echo "error: missing executable ssh.py at ${ssh_script}" >&2
+  echo "hint: install ServerManager's shared CLI files first" >&2
+  exit 1
+fi
+
+exec "$ssh_script" "$@"

.codex/skills/server-manager/scripts/server-manager-doctor.cmd

@@ -0,0 +1,41 @@
+@echo off
+setlocal
+
+set "SHARED_DIR=%SERVER_MANAGER_SHARED_DIR%"
+if "%SHARED_DIR%"=="" set "SHARED_DIR=%USERPROFILE%\.server-connections"
+set "CODEX_HOME=%USERPROFILE%\.codex\skills\server-manager"
+
+set "FAILED=0"
+
+if exist "%SHARED_DIR%\ssh.py" (
+  echo ok: found %SHARED_DIR%\ssh.py
+) else (
+  echo error: missing %SHARED_DIR%\ssh.py 1>&2
+  set "FAILED=1"
+)
+
+if exist "%SHARED_DIR%\encryption.py" (
+  echo ok: found %SHARED_DIR%\encryption.py
+) else (
+  echo error: missing %SHARED_DIR%\encryption.py 1>&2
+  set "FAILED=1"
+)
+
+if exist "%SHARED_DIR%\codex-ssh.cmd" (
+  echo ok: found %SHARED_DIR%\codex-ssh.cmd
+) else (
+  echo error: missing %SHARED_DIR%\codex-ssh.cmd 1>&2
+  set "FAILED=1"
+)
+
+if exist "%CODEX_HOME%\SKILL.md" (
+  echo ok: found %CODEX_HOME%\SKILL.md
+) else (
+  echo error: missing %CODEX_HOME%\SKILL.md 1>&2
+  set "FAILED=1"
+)
+
+if "%FAILED%"=="1" exit /b 1
+
+echo ok: ServerManager Codex integration looks installed
+exit /b 0

.codex/skills/server-manager/scripts/server-manager-doctor.sh

@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+shared_dir="${SERVER_MANAGER_SHARED_DIR:-$HOME/.server-connections}"
+ssh_script="${shared_dir}/ssh.py"
+encryption_module="${shared_dir}/encryption.py"
+wrapper="${shared_dir}/codex-ssh"
+
+status=0
+
+check_file() {
+  local path="$1"
+  if [[ -f "$path" ]]; then
+    printf '[ok] file %s\n' "$path"
+  else
+    printf '[missing] file %s\n' "$path" >&2
+    status=1
+  fi
+}
+
+check_exec() {
+  local path="$1"
+  if [[ -x "$path" ]]; then
+    printf '[ok] executable %s\n' "$path"
+  else
+    printf '[missing] executable %s\n' "$path" >&2
+    status=1
+  fi
+}
+
+check_file "$encryption_module"
+check_exec "$ssh_script"
+check_exec "$wrapper"
+
+if [[ -d "/home/code/CODING/server-manager" ]]; then
+  printf '[ok] source repo /home/code/CODING/server-manager\n'
+else
+  printf '[warn] source repo /home/code/CODING/server-manager not found\n'
+fi
+
+exit "$status"