Skip to content
| Marketplace
Sign in
Visual Studio>Tools>Origence Codex
Origence Codex

Origence Codex

Origence

|
3 installs
| (0) | Free
Origence Codex policy registry, knowledge base, and threat model for Visual Studio.
Download

Origence Codex for Visual Studio

Connects Visual Studio to the Origence Codex — live policy enforcement, platform knowledge, and compliance metadata for every repo you open.

The extension is a thin client. It writes the MCP server configuration into your workspace and starts the Origence Codex MCP server, which serves the policy registry, knowledge base, and threat model to whichever AI assistant you're using (Copilot, Claude, Cursor, etc.) over the Model Context Protocol.

What you get

  • Policies sidebar — browse the 78 Origence policies (Tier 0 invariants, Tier 1 standards, Tier 2 guidance) with full rationale, detection rules, and remediation guidance.
  • Knowledge base sidebar — open the platform architecture, security architecture, threat model, integration runbooks, and operational troubleshooting articles directly inside Visual Studio.
  • Threat model viewer — render the Threagile model as interactive diagrams without leaving the IDE.
  • Auto-configuration — on first activation, the extension writes the MCP config entries your AI assistant needs and starts the server. No manual setup.

Requirements

  • Visual Studio 2022 (Community, Professional, or Enterprise), version 17.0 or later.
  • An Origence-issued Azure Artifacts feed access token. The extension auto-downloads the Codex MCP binary from the private feed on first run.
  • An AI assistant that speaks MCP (GitHub Copilot, Claude Code, Cursor, or any other MCP-compatible client).

How it works

Visual Studio
  └── Origence Codex extension (this VSIX — a thin dropper)
        ├── writes %WORKSPACE%/.mcp.json with the Origence Codex server entry
        └── starts %USERPROFILE%/.origence/bin/codex-mcp.exe
              ↑ downloaded from the Origence private Azure Artifacts feed
              ↑ contains the policy registry, knowledge base, threat model
              ↑ exposes them to your AI assistant via MCP

All intellectual property — the policies, knowledge articles, threat model, evaluation engine — lives in the MCP server binary, distributed via the Origence private feed. The VSIX itself contains only the client glue.

Companion products

  • Origence Codex for VS Code — the same experience for VS Code users. Available on the VS Code Marketplace.
  • Origence Codex Python package — for headless use in CI pipelines, pre-commit hooks, and origence-policy CLI invocations. Available on the Origence private Azure Artifacts PyPI feed.

Uninstalling

Visual Studio extensions cannot run code on uninstall (this is a platform limitation — unlike VS Code, which supports an vscode:uninstall hook). To remove all files this extension generates on your machine, run the Origence Codex: Remove Installed Files command BEFORE uninstalling the VSIX:

  1. Tools → Origence Codex: Remove Installed Files
  2. Confirm the prompt.
  3. The command stops the running MCP server, deletes ~/.origence/ (the binary, version marker, port file, archived backups), and removes the origence-codex entry from your current solution's .vscode/mcp.json (other MCP server entries are preserved).
  4. Extensions → Manage Extensions → Installed, find Origence Codex, click Uninstall.

If you uninstall first and forget to run cleanup, you can remove the leftover files manually:

Remove-Item -Recurse -Force $env:USERPROFILE\.origence

And edit each .vscode/mcp.json in your solutions to drop the "origence-codex" entry under "servers".

Smoke validation (install + package load)

Before releasing a new VSIX, run the automated smoke check outside Visual Studio:

powershell -ExecutionPolicy Bypass -File .\scripts\validate-vsix-package-load.ps1 -ForceCloseRunningDevenv

What it validates:

  1. Uninstalls any existing Origence.Codex.VS extension.
  2. Installs the specified VSIX.
  3. Launches Visual Studio with a dedicated /log output file.
  4. Fails if ActivityLog contains OrigenceCodexPackage load failures (CreateInstance failed, package-load dialog signature, or assembly load failures).

This catches install-time/runtime binding issues that unit tests and static VSIX content checks cannot detect.

Support

  • Source code, issues, and contribution guide: dev.azure.com/cudirect/Origence/_git/Origence.Codex
  • Internal Slack: #origence-codex
  • AppSec Lead: Iliana Saer
  • Contact us
  • Jobs
  • Privacy
  • Manage cookies
  • Terms of use
  • Trademarks
© 2026 Microsoft