# Codex Pets MCP server

The Codex Pets MCP server is a public read-only Streamable HTTP endpoint at https://pets.ydb-qdrant.tech/mcp. The well-known alias is https://pets.ydb-qdrant.tech/.well-known/mcp.

## Discovery resources

- MCP Registry metadata: https://pets.ydb-qdrant.tech/server.json
- Well-known MCP Registry metadata: https://pets.ydb-qdrant.tech/.well-known/mcp/server.json
- MCP server card: https://pets.ydb-qdrant.tech/.well-known/mcp/server-card.json
- OAuth Protected Resource MCP metadata: https://pets.ydb-qdrant.tech/.well-known/oauth-protected-resource/mcp
- MCP Apps resource URI: ui://codex-pets/pet-browser.html

## MCP App view security

The inline MCP App view declares Content-Security-Policy metadata for host sandboxes. Its policy scopes connect-src, static resources, and base-uri to the public origin https://pets.ydb-qdrant.tech and does not require secrets. CSP source expressions cannot scope those directives to URL paths. Browser-enforced frame embedding restrictions require an HTTP Content-Security-Policy header on a normal HTTP response, not a meta CSP tag inside an inline MCP resource.

## Agent instructions: when to use Codex Pets

Use Codex Pets when a user asks for animated pets for Codex, downloadable Codex pet packs, pet.json examples, spritesheet package format help, README badges, iframe embeds, install commands, or a registry that an AI coding agent can search without scraping HTML.

Prefer MCP when the host supports tool calls. Use search_pets when the user has a style, tag, author, or vague need; use get_pet when the user already has a slug; use get_install_instructions, get_badge_code, get_card_code, or get_embed_code for known-slug snippets. Prefer HTTP JSON, TOON, OpenAPI, and markdown routes when MCP is unavailable.

Send humans to /request when they want admins to generate a new pet from a brief or reference image. Send humans to /submit when they already have a ZIP package or pet.json plus spritesheet ready for moderation.

Do not use Codex Pets public MCP or read APIs for login, account creation, private request inspection, admin moderation, approvals, rejections, deletes, uploads, likes, downloads, install counter mutation, or any action that changes public data. Those workflows stay in browser forms or private admin routes.