@tarunspandit/codexflow 0.29.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.example.md +18 -0
- package/CHANGELOG.md +311 -0
- package/CHATGPT_PROMPT.md +12 -0
- package/CODEX_PROMPT.md +12 -0
- package/CONTRIBUTING.md +51 -0
- package/DOMAIN_SETUP.md +241 -0
- package/FAQ.md +327 -0
- package/FAQ_ZH.md +279 -0
- package/LICENSE +21 -0
- package/NOTICE +9 -0
- package/PUBLIC_LAUNCH_CHECKLIST.md +111 -0
- package/README.md +287 -0
- package/README_ZH.md +461 -0
- package/SECURITY.md +145 -0
- package/config.example.env +31 -0
- package/dist/analysis/cache.js +27 -0
- package/dist/analysis/cache.js.map +1 -0
- package/dist/analysis/classify.js +102 -0
- package/dist/analysis/classify.js.map +1 -0
- package/dist/analysis/extract.js +139 -0
- package/dist/analysis/extract.js.map +1 -0
- package/dist/analysis/graph.js +22 -0
- package/dist/analysis/graph.js.map +1 -0
- package/dist/analysis/impact.js +167 -0
- package/dist/analysis/impact.js.map +1 -0
- package/dist/analysis/index.js +215 -0
- package/dist/analysis/index.js.map +1 -0
- package/dist/analysis/inventory.js +51 -0
- package/dist/analysis/inventory.js.map +1 -0
- package/dist/analysis/providers.js +24 -0
- package/dist/analysis/providers.js.map +1 -0
- package/dist/analysis/rank.js +27 -0
- package/dist/analysis/rank.js.map +1 -0
- package/dist/analysis/types.js +8 -0
- package/dist/analysis/types.js.map +1 -0
- package/dist/bashOps.js +233 -0
- package/dist/bashOps.js.map +1 -0
- package/dist/capabilitiesOps.js +365 -0
- package/dist/capabilitiesOps.js.map +1 -0
- package/dist/codexSessions.js +379 -0
- package/dist/codexSessions.js.map +1 -0
- package/dist/config.js +289 -0
- package/dist/config.js.map +1 -0
- package/dist/fsOps.js +286 -0
- package/dist/fsOps.js.map +1 -0
- package/dist/gitOps.js +79 -0
- package/dist/gitOps.js.map +1 -0
- package/dist/guard.js +198 -0
- package/dist/guard.js.map +1 -0
- package/dist/http.js +1671 -0
- package/dist/http.js.map +1 -0
- package/dist/proContext.js +274 -0
- package/dist/proContext.js.map +1 -0
- package/dist/profileStore.js +89 -0
- package/dist/profileStore.js.map +1 -0
- package/dist/projectCatalog.js +134 -0
- package/dist/projectCatalog.js.map +1 -0
- package/dist/redact.js +73 -0
- package/dist/redact.js.map +1 -0
- package/dist/searchOps.js +186 -0
- package/dist/searchOps.js.map +1 -0
- package/dist/server.js +2502 -0
- package/dist/server.js.map +1 -0
- package/dist/stdio.js +36 -0
- package/dist/stdio.js.map +1 -0
- package/dist/toolCardWidget.js +1155 -0
- package/dist/toolCardWidget.js.map +1 -0
- package/dist/workspaceOps.js +229 -0
- package/dist/workspaceOps.js.map +1 -0
- package/docs/.nojekyll +1 -0
- package/docs/favicon.svg +5 -0
- package/docs/index.html +638 -0
- package/docs/og.png +0 -0
- package/docs/script.js +80 -0
- package/docs/star.svg +11 -0
- package/docs/styles.css +1229 -0
- package/docs/zh.html +436 -0
- package/package.json +94 -0
- package/scripts/analysis-cli-smoke.mjs +81 -0
- package/scripts/analysis-smoke.mjs +179 -0
- package/scripts/clean.mjs +6 -0
- package/scripts/cli-smoke.mjs +168 -0
- package/scripts/codexflow.mjs +4375 -0
- package/scripts/doctor-smoke.mjs +90 -0
- package/scripts/execute-handoff-smoke.mjs +1110 -0
- package/scripts/http-smoke.mjs +812 -0
- package/scripts/pro-apply.mjs +141 -0
- package/scripts/pro-bundle.mjs +121 -0
- package/scripts/pro-smoke.mjs +95 -0
- package/scripts/settings-smoke.mjs +756 -0
- package/scripts/smoke.mjs +1194 -0
- package/scripts/stress.mjs +835 -0
package/FAQ.md
ADDED
|
@@ -0,0 +1,327 @@
|
|
|
1
|
+
# CodexFlow FAQ
|
|
2
|
+
|
|
3
|
+
## Which ChatGPT account should I use?
|
|
4
|
+
|
|
5
|
+
Use a ChatGPT account with Apps / Developer Mode access. OpenAI currently lists Developer Mode for Pro, Plus, Business, Enterprise, and Education accounts on web.
|
|
6
|
+
|
|
7
|
+
Current testing shows free and Go accounts do not expose the app flow needed for CodexFlow.
|
|
8
|
+
|
|
9
|
+
codexflow does not unlock Developer Mode, unlock models, bypass account limits, or provide account access. It connects to the ChatGPT app surface your account already has.
|
|
10
|
+
|
|
11
|
+
Account access and model tool support are separate. An eligible account can have Apps / Developer Mode, while a specific model surface may still be unable to call connectors or MCP tools directly. If CodexFlow actions are unavailable in that chat, use another tool-capable ChatGPT surface or the Pro context fallback for that session.
|
|
12
|
+
|
|
13
|
+
## How is CodexFlow different from generic workspace bridges?
|
|
14
|
+
|
|
15
|
+
They can look similar at the transport layer because both use a local MCP-style bridge and a workspace root.
|
|
16
|
+
|
|
17
|
+
codexflow is more focused: it is built around one clear product loop for ChatGPT users:
|
|
18
|
+
|
|
19
|
+
```text
|
|
20
|
+
install -> run codexflow -> paste the copied Server URL -> choose a project per ChatGPT conversation
|
|
21
|
+
```
|
|
22
|
+
|
|
23
|
+
The main differences are:
|
|
24
|
+
|
|
25
|
+
- CodexFlow is ChatGPT Developer Mode first, not a generic workspace bridge.
|
|
26
|
+
- Bash, write/edit, tool mode, Codex session reads, and handoff execution are separate safety controls.
|
|
27
|
+
- Durable context is repo-backed through `AGENTS.md` and `.ai-bridge/*`, so important project memory stays reviewable in files.
|
|
28
|
+
- The normal workflow emphasizes compact cards, diffs, `show_changes`, smoke tests, and handoff status files.
|
|
29
|
+
- CodexFlow keeps a strict boundary: no model proxying, account pooling, third-party Pro site scraping, quota bypassing, or OS sandbox claims.
|
|
30
|
+
|
|
31
|
+
codexflow connects ChatGPT to a user-approved local repository over MCP. Repository access, command permissions, and change review remain explicit.
|
|
32
|
+
|
|
33
|
+
## What does Repository Analysis understand?
|
|
34
|
+
|
|
35
|
+
Repository Analysis builds a local repository map from bounded, inspectable evidence:
|
|
36
|
+
|
|
37
|
+
- project and package manifests
|
|
38
|
+
- source/test/config/documentation paths
|
|
39
|
+
- common declarations, imports, includes, and internal module relationships
|
|
40
|
+
- Git changes and existing project verification scripts
|
|
41
|
+
|
|
42
|
+
It supports TypeScript/JavaScript, Python, Go, Rust, Swift, Java, C#, C, and C++ declaration patterns. Unsupported languages still participate in safe inventory and lexical search.
|
|
43
|
+
|
|
44
|
+
Relationships are labeled `exact`, `strong`, or `inferred`. The repository map does not replace a compiler or language server. CodexFlow does not require a language server, daemon, embedding service, or vector database.
|
|
45
|
+
|
|
46
|
+
Analysis is process-local and cached by a bounded workspace fingerprint. Direct CodexFlow writes, edits, and patches invalidate that cache. If limits are reached, results say `partial` and retain normal tree/search/read/review fallback behavior.
|
|
47
|
+
|
|
48
|
+
Set `CODEXFLOW_ANALYSIS=0` to disable this layer while keeping the standard file, search, Git, and review tools available.
|
|
49
|
+
|
|
50
|
+
Terminal users can inspect the same facts without ChatGPT:
|
|
51
|
+
|
|
52
|
+
```bash
|
|
53
|
+
codexflow inspect --json
|
|
54
|
+
codexflow review --json
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
## What is the `codexflow` supertool?
|
|
58
|
+
|
|
59
|
+
Note: this FAQ follows GitHub `main`. Check the npm badge/version before assuming a `main` feature is in `codexflow@latest`.
|
|
60
|
+
|
|
61
|
+
`codexflow` is a stable wrapper tool for advanced setups. It accepts:
|
|
62
|
+
|
|
63
|
+
```json
|
|
64
|
+
{ "action": "search", "args": { "query": "needle", "path": "src" } }
|
|
65
|
+
```
|
|
66
|
+
|
|
67
|
+
Call it with `action=list_actions` to see what the current server mode actually allows. It cannot call tools that are hidden by `--tool-mode`, `--no-bash`, or non-workspace write mode.
|
|
68
|
+
|
|
69
|
+
Use explicit tools such as `read`, `search`, `edit`, `bash`, and `show_changes` for normal work. Use the supertool when ChatGPT connector caching, custom workflows, or stable wrapper-style integrations matter more than separate visible tool descriptors.
|
|
70
|
+
|
|
71
|
+
## What is the recommended install path?
|
|
72
|
+
|
|
73
|
+
Install globally once:
|
|
74
|
+
|
|
75
|
+
```bash
|
|
76
|
+
npm install -g @tarunspandit/codexflow
|
|
77
|
+
```
|
|
78
|
+
|
|
79
|
+
Then run one command from anywhere:
|
|
80
|
+
|
|
81
|
+
```bash
|
|
82
|
+
codexflow
|
|
83
|
+
```
|
|
84
|
+
|
|
85
|
+
CodexFlow discovers local Codex project folders automatically and starts the broker and tunnel.
|
|
86
|
+
|
|
87
|
+
`npx codexflow@latest` still works as a no-install fallback, but the global install is easier for normal users.
|
|
88
|
+
|
|
89
|
+
## What do I enable in ChatGPT?
|
|
90
|
+
|
|
91
|
+
Open ChatGPT and go to:
|
|
92
|
+
|
|
93
|
+
```text
|
|
94
|
+
Settings
|
|
95
|
+
-> Security and login
|
|
96
|
+
-> Developer mode: on
|
|
97
|
+
-> Enforce CSP in developer mode: on
|
|
98
|
+
|
|
99
|
+
Settings
|
|
100
|
+
-> Plugins
|
|
101
|
+
-> Create
|
|
102
|
+
```
|
|
103
|
+
|
|
104
|
+
When creating the plugin:
|
|
105
|
+
|
|
106
|
+
```text
|
|
107
|
+
Name: CodexFlow
|
|
108
|
+
Description: Local workspace bridge for ChatGPT coding
|
|
109
|
+
Connection: Server URL
|
|
110
|
+
Server URL: paste the URL copied by CodexFlow
|
|
111
|
+
Authentication: No Authentication / None
|
|
112
|
+
```
|
|
113
|
+
|
|
114
|
+
The copied Server URL already includes the private CodexFlow token.
|
|
115
|
+
|
|
116
|
+
## Should CSP stay enabled?
|
|
117
|
+
|
|
118
|
+
Yes. Keep Enforce CSP in developer mode enabled.
|
|
119
|
+
|
|
120
|
+
codexflow widgets are built for the CSP-enabled path. They do not need unrestricted network access, external fonts, remote scripts, iframes, or third-party images.
|
|
121
|
+
|
|
122
|
+
## Does CodexFlow bypass rate limits?
|
|
123
|
+
|
|
124
|
+
No.
|
|
125
|
+
|
|
126
|
+
codexflow does not bypass, avoid, increase, pool, resell, or modify ChatGPT, Codex, OpenAI, or third-party model limits. Every request still runs through the user's own ChatGPT session and whatever limits that account has.
|
|
127
|
+
|
|
128
|
+
The useful part is that Codex and ChatGPT are different product surfaces. If one workflow is unavailable and another product surface you already have access to is still available, CodexFlow lets you work against the same local repo without changing either product's limits.
|
|
129
|
+
|
|
130
|
+
## Can CodexFlow use GPT-5.5?
|
|
131
|
+
|
|
132
|
+
Only if your ChatGPT account already exposes that exact model, or a similar stronger model, in the ChatGPT web product surface you are using, and that model surface can call Developer Mode apps.
|
|
133
|
+
|
|
134
|
+
Some GPT-5.5 Pro or other model surfaces may not expose app actions in a given chat. If CodexFlow actions are unavailable there, CodexFlow cannot make that request reach the local server. CodexFlow does not provide, proxy, resell, or unlock models. It gives compatible ChatGPT sessions local repo tools.
|
|
135
|
+
|
|
136
|
+
For models that cannot call tools, generate a repo context bundle instead:
|
|
137
|
+
|
|
138
|
+
```bash
|
|
139
|
+
codexflow pro-bundle --root /path/to/repo --copy
|
|
140
|
+
```
|
|
141
|
+
|
|
142
|
+
## What can ChatGPT see through CodexFlow?
|
|
143
|
+
|
|
144
|
+
ChatGPT can see explicit workspace context exposed by tools:
|
|
145
|
+
|
|
146
|
+
- `AGENTS.md`
|
|
147
|
+
- `.ai-bridge` plans and status files
|
|
148
|
+
- git status
|
|
149
|
+
- git diff
|
|
150
|
+
- selected source files
|
|
151
|
+
- file tree and search results
|
|
152
|
+
|
|
153
|
+
It cannot read hidden Codex runtime memory or anything outside the allowed workspace unless you explicitly allow that root.
|
|
154
|
+
|
|
155
|
+
## What can ChatGPT edit?
|
|
156
|
+
|
|
157
|
+
In normal coding mode, ChatGPT can write and exact-edit files inside the configured workspace.
|
|
158
|
+
|
|
159
|
+
Safety defaults block common sensitive paths:
|
|
160
|
+
|
|
161
|
+
- `.env`
|
|
162
|
+
- private keys
|
|
163
|
+
- `.git`
|
|
164
|
+
- `node_modules`
|
|
165
|
+
- generated build/cache folders
|
|
166
|
+
- symlink escapes
|
|
167
|
+
- paths outside the workspace
|
|
168
|
+
|
|
169
|
+
Use handoff mode if you want ChatGPT to write a plan only and let Codex execute locally. In handoff mode, generic `write` and `edit` tools are not advertised to ChatGPT.
|
|
170
|
+
|
|
171
|
+
Use `CODEXFLOW_WRITE_MODE=off` when you want direct `write` and `edit` tools removed from the advertised MCP tool list while still allowing bounded handoff/context files.
|
|
172
|
+
|
|
173
|
+
## Can CodexFlow bind bash to a specific session id?
|
|
174
|
+
|
|
175
|
+
codexflow cannot attach to, read, or execute inside a specific Codex app conversation or terminal session.
|
|
176
|
+
|
|
177
|
+
The MCP `bash` tool runs from the CodexFlow server process you started for the configured workspace. MCP session ids are HTTP transport state between ChatGPT and CodexFlow; they are not Codex conversation ids.
|
|
178
|
+
|
|
179
|
+
What CodexFlow can do is require a matching local bash session label before it runs shell commands:
|
|
180
|
+
|
|
181
|
+
```bash
|
|
182
|
+
codexflow --bash-session main --require-bash-session
|
|
183
|
+
```
|
|
184
|
+
|
|
185
|
+
Then `bash` calls must include `session_id: "main"`. This helps avoid accidental shell execution in the wrong CodexFlow terminal, but it is not remote control of an existing Codex app chat.
|
|
186
|
+
|
|
187
|
+
codexflow can list local Codex session ids and titles when you explicitly opt in:
|
|
188
|
+
|
|
189
|
+
```bash
|
|
190
|
+
codexflow --codex-sessions metadata
|
|
191
|
+
```
|
|
192
|
+
|
|
193
|
+
This reads local Codex JSONL history under `~/.codex/sessions` and `~/.codex/archived_sessions` and returns metadata plus `codex resume <session-id>` commands. Use `--codex-sessions read` only if you also want bounded transcript reads. It does not attach to a live Codex app conversation.
|
|
194
|
+
|
|
195
|
+
If you do not want ChatGPT to trigger shell commands while you work in Codex, start CodexFlow with bash disabled:
|
|
196
|
+
|
|
197
|
+
```bash
|
|
198
|
+
codexflow --no-bash
|
|
199
|
+
```
|
|
200
|
+
|
|
201
|
+
This removes the `bash` MCP tool from the advertised tool list. ChatGPT can still use non-bash CodexFlow tools such as workspace open, read, search, and show_changes. Direct `write`/`edit` are advertised only in workspace write mode.
|
|
202
|
+
|
|
203
|
+
If you only want ChatGPT to plan and leave execution to Codex or another local agent:
|
|
204
|
+
|
|
205
|
+
```bash
|
|
206
|
+
codexflow --mode handoff --no-bash
|
|
207
|
+
```
|
|
208
|
+
|
|
209
|
+
## Which tunnel should I choose?
|
|
210
|
+
|
|
211
|
+
Use this rule:
|
|
212
|
+
|
|
213
|
+
```text
|
|
214
|
+
Fast demo: Cloudflare quick tunnel
|
|
215
|
+
Recommended stable URL: ngrok free dev domain
|
|
216
|
+
Custom domain: Cloudflare named tunnel
|
|
217
|
+
Tailnet users: Tailscale Funnel
|
|
218
|
+
No public tunnel: local-only mode, only for clients that can reach localhost
|
|
219
|
+
```
|
|
220
|
+
|
|
221
|
+
Cloudflare quick tunnel URLs change on restart. If you put a quick-mode URL into ChatGPT, you must edit the ChatGPT app Server URL every time you restart the tunnel.
|
|
222
|
+
|
|
223
|
+
For most users, the better path is a free ngrok dev domain. Create a free ngrok account, find your assigned dev domain under Universal Gateway -> Domains, and save that hostname during `codexflow`.
|
|
224
|
+
|
|
225
|
+
If you own a domain, use Cloudflare named tunnels and route DNS to a hostname like `codexflow.example.com`.
|
|
226
|
+
|
|
227
|
+
## Why does ChatGPT show “Something went wrong” when I create a connector?
|
|
228
|
+
|
|
229
|
+
Usually ChatGPT could not reach the public MCP URL. A generated `trycloudflare.com` URL is not proof that `cloudflared` stayed connected.
|
|
230
|
+
|
|
231
|
+
Run the connection test:
|
|
232
|
+
|
|
233
|
+
```bash
|
|
234
|
+
codexflow connection-test --root /path/to/repo
|
|
235
|
+
```
|
|
236
|
+
|
|
237
|
+
This keeps `read`, `tree`, `search`, and `load_skill`, but disables file writes,
|
|
238
|
+
bash, and tool cards. In ChatGPT, create the development plugin under
|
|
239
|
+
`Settings -> Plugins`, paste the complete Server URL, and choose
|
|
240
|
+
`No Authentication`.
|
|
241
|
+
|
|
242
|
+
The terminal output separates the failure boundary:
|
|
243
|
+
|
|
244
|
+
- No `POST /mcp received`: the request did not reach CodexFlow. Check the ChatGPT
|
|
245
|
+
Plugins page and the tunnel.
|
|
246
|
+
- `POST /mcp -> 401`: paste the complete URL, including `codexflow_token`.
|
|
247
|
+
- `POST /mcp -> 2xx`: ChatGPT reached CodexFlow and the MCP endpoint responded.
|
|
248
|
+
|
|
249
|
+
Keep CodexFlow running while testing. A Cloudflare quick-tunnel URL changes on
|
|
250
|
+
every restart. If Cloudflare returns `530` / `Error 1033`, check DNS or
|
|
251
|
+
proxy-client DNS handling on the machine running `cloudflared`.
|
|
252
|
+
|
|
253
|
+
ChatGPT now manages development apps under Plugins. The browser error
|
|
254
|
+
`Failed to execute 'removeChild' on 'Node'` occurs in the ChatGPT page, before
|
|
255
|
+
codexflow can handle an MCP request. Remove or recreate the stale plugin entry
|
|
256
|
+
from the Plugins page, then retry with the current URL. CodexFlow cannot repair
|
|
257
|
+
that browser-side entry.
|
|
258
|
+
|
|
259
|
+
Official references:
|
|
260
|
+
|
|
261
|
+
- OpenAI: connect an MCP server to ChatGPT: https://developers.openai.com/apps-sdk/deploy/connect-chatgpt
|
|
262
|
+
- OpenAI: MCP server authentication: https://developers.openai.com/apps-sdk/build/auth
|
|
263
|
+
- ngrok dev domains: https://ngrok.com/docs/universal-gateway/domains
|
|
264
|
+
- Cloudflare Tunnel routing: https://developers.cloudflare.com/tunnel/routing/
|
|
265
|
+
- Cloudflare Tunnel DNS records: https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/routing-to-tunnel/dns/
|
|
266
|
+
|
|
267
|
+
## Can I use the same ChatGPT app URL every day?
|
|
268
|
+
|
|
269
|
+
Yes, if you use a stable hostname.
|
|
270
|
+
|
|
271
|
+
Recommended simple path:
|
|
272
|
+
|
|
273
|
+
```bash
|
|
274
|
+
codexflow
|
|
275
|
+
# choose ngrok
|
|
276
|
+
# enter your ngrok free dev domain
|
|
277
|
+
```
|
|
278
|
+
|
|
279
|
+
After that:
|
|
280
|
+
|
|
281
|
+
```bash
|
|
282
|
+
codexflow
|
|
283
|
+
```
|
|
284
|
+
|
|
285
|
+
The same hostname and CodexFlow token are reused for that workspace.
|
|
286
|
+
|
|
287
|
+
## What if I want to work in two repos at once?
|
|
288
|
+
|
|
289
|
+
Run one CodexFlow process. Open two ChatGPT conversations and choose a different project in each picker. Both chats share the same broker and tunnel while keeping independent project bindings.
|
|
290
|
+
|
|
291
|
+
## Where are the current docs?
|
|
292
|
+
|
|
293
|
+
Use the [CodexFlow website](https://tarunspandit.github.io/codexflow/), the [GitHub repository](https://github.com/tarunspandit/codexflow), or the documentation shipped in the npm package.
|
|
294
|
+
|
|
295
|
+
## Is CodexFlow production safe?
|
|
296
|
+
|
|
297
|
+
codexflow is a local developer bridge, not an OS sandbox.
|
|
298
|
+
|
|
299
|
+
Use it with repos you trust. Keep token auth enabled for public tunnels. Keep safe bash on unless you know why you need full bash. Read [SECURITY.md](SECURITY.md) before exposing it through a public tunnel.
|
|
300
|
+
|
|
301
|
+
## Where are saved settings stored?
|
|
302
|
+
|
|
303
|
+
codexflow stores local state under `~/.codexflow` by default. On Windows that is usually `C:\Users\<you>\.codexflow`.
|
|
304
|
+
|
|
305
|
+
Workspace profiles are JSON files saved under:
|
|
306
|
+
|
|
307
|
+
```text
|
|
308
|
+
~/.codexflow/profiles/
|
|
309
|
+
```
|
|
310
|
+
|
|
311
|
+
Current runtime connection files are saved under:
|
|
312
|
+
|
|
313
|
+
```text
|
|
314
|
+
~/.codexflow/runtime/
|
|
315
|
+
```
|
|
316
|
+
|
|
317
|
+
Set `CODEXFLOW_HOME` to move this directory.
|
|
318
|
+
|
|
319
|
+
Use:
|
|
320
|
+
|
|
321
|
+
```bash
|
|
322
|
+
codexflow settings
|
|
323
|
+
codexflow settings list
|
|
324
|
+
codexflow settings delete --yes
|
|
325
|
+
```
|
|
326
|
+
|
|
327
|
+
Saved tokens are redacted when profiles are displayed.
|
package/FAQ_ZH.md
ADDED
|
@@ -0,0 +1,279 @@
|
|
|
1
|
+
# CodexFlow 中文 FAQ
|
|
2
|
+
|
|
3
|
+
## 我应该用什么 ChatGPT 账号?
|
|
4
|
+
|
|
5
|
+
使用能访问 Apps / Developer Mode 的 ChatGPT 账号。OpenAI 当前文档列出的 web 端 Developer Mode 账号范围包括 Pro、Plus、Business、Enterprise 和 Education。
|
|
6
|
+
|
|
7
|
+
当前测试显示,Free / Go 账号不暴露 CodexFlow 需要的 App 创建流程。
|
|
8
|
+
|
|
9
|
+
codexflow 不解锁 Developer Mode,不解锁模型,不绕过账号限制,也不提供账号访问。它只连接你自己的 ChatGPT App 界面和你自己的本地仓库。
|
|
10
|
+
|
|
11
|
+
## 推荐安装方式是什么?
|
|
12
|
+
|
|
13
|
+
注意:这个 FAQ 跟随 GitHub `main`。假设某个 `main` 功能已经进入 `codexflow@latest` 前,请先看 npm badge/version。
|
|
14
|
+
|
|
15
|
+
全局安装一次:
|
|
16
|
+
|
|
17
|
+
```bash
|
|
18
|
+
npm install -g @tarunspandit/codexflow
|
|
19
|
+
```
|
|
20
|
+
|
|
21
|
+
然后从任何目录运行唯一命令:
|
|
22
|
+
|
|
23
|
+
```bash
|
|
24
|
+
codexflow
|
|
25
|
+
```
|
|
26
|
+
|
|
27
|
+
CodexFlow 会自动发现本机 Codex 使用过的项目,并启动 broker 和 tunnel。
|
|
28
|
+
|
|
29
|
+
`npx codexflow@latest` 仍然可用,但普通用户更容易理解全局安装。
|
|
30
|
+
|
|
31
|
+
## ChatGPT 里要打开什么设置?
|
|
32
|
+
|
|
33
|
+
在 ChatGPT 中打开:
|
|
34
|
+
|
|
35
|
+
```text
|
|
36
|
+
Settings
|
|
37
|
+
-> Security and login
|
|
38
|
+
-> Developer mode: on
|
|
39
|
+
-> Enforce CSP in developer mode: on
|
|
40
|
+
|
|
41
|
+
Settings
|
|
42
|
+
-> Plugins
|
|
43
|
+
-> Create
|
|
44
|
+
```
|
|
45
|
+
|
|
46
|
+
创建 Plugin 时填写:
|
|
47
|
+
|
|
48
|
+
```text
|
|
49
|
+
Name: CodexFlow
|
|
50
|
+
Description: Local workspace bridge for ChatGPT coding
|
|
51
|
+
Connection: Server URL
|
|
52
|
+
Server URL: 粘贴 CodexFlow 复制的 URL
|
|
53
|
+
Authentication: No Authentication / None
|
|
54
|
+
```
|
|
55
|
+
|
|
56
|
+
复制的 Server URL 已经包含私有 CodexFlow token。
|
|
57
|
+
|
|
58
|
+
## CSP 要保持开启吗?
|
|
59
|
+
|
|
60
|
+
要保持开启。
|
|
61
|
+
|
|
62
|
+
codexflow 的小组件按 CSP 开启的路径构建。它不需要远程脚本、外部字体、iframe、第三方图片或任意外部请求。
|
|
63
|
+
|
|
64
|
+
## CodexFlow 会绕过速率限制吗?
|
|
65
|
+
|
|
66
|
+
不会。
|
|
67
|
+
|
|
68
|
+
codexflow 不绕过、不提升、不合并、不转售、不修改 ChatGPT、Codex、OpenAI 或第三方模型限制。所有请求仍然通过你自己的 ChatGPT 会话,并受该账号当前限制约束。
|
|
69
|
+
|
|
70
|
+
它的价值在于 ChatGPT 和 Codex 是不同产品界面。某个工作流暂时不可用时,如果另一个你本来就有权限的界面仍可用,CodexFlow 可以让它继续操作同一个本地仓库。
|
|
71
|
+
|
|
72
|
+
## CodexFlow 可以使用 GPT-5.5 吗?
|
|
73
|
+
|
|
74
|
+
前提是你的 ChatGPT 账号已经在 Web 产品里提供这个模型或同级更强模型,并且该模型界面可以调用 Developer Mode Apps。
|
|
75
|
+
|
|
76
|
+
codexflow 不提供、不代理、不转售、也不解锁模型。它只给兼容的 ChatGPT 会话提供本地仓库工具。
|
|
77
|
+
|
|
78
|
+
如果某个模型不能直接调用工具,用上下文包回退:
|
|
79
|
+
|
|
80
|
+
```bash
|
|
81
|
+
codexflow pro-bundle --root /path/to/repo --copy
|
|
82
|
+
```
|
|
83
|
+
|
|
84
|
+
然后把生成的 `.ai-bridge/pro-context.md` 粘贴给该模型,让它做规划,再用本地执行器执行。
|
|
85
|
+
|
|
86
|
+
## 为什么 Pro 账号也可能连不上某个模型?
|
|
87
|
+
|
|
88
|
+
账号权限和模型工具能力是两回事。
|
|
89
|
+
|
|
90
|
+
Plus / Pro 可以暴露 Apps / Developer Mode,但某个具体模型界面仍然可能不能调用连接器或 MCP 工具。遇到这种情况时,用 `codexflow pro-bundle --copy` 导出上下文,再把计划交给本地代理执行。
|
|
91
|
+
|
|
92
|
+
## ChatGPT 能通过 CodexFlow 看到什么?
|
|
93
|
+
|
|
94
|
+
ChatGPT 能看到工具显式暴露的工作区内容:
|
|
95
|
+
|
|
96
|
+
- `AGENTS.md`
|
|
97
|
+
- `.ai-bridge` 计划、状态、执行记录
|
|
98
|
+
- git status
|
|
99
|
+
- git diff
|
|
100
|
+
- 文件树和搜索结果
|
|
101
|
+
- 你让它读取的源码文件
|
|
102
|
+
|
|
103
|
+
它不能读取 Codex 的隐藏运行时记忆,也不能读取工作区外的文件,除非你明确允许额外 root。
|
|
104
|
+
|
|
105
|
+
## ChatGPT 可以编辑什么?
|
|
106
|
+
|
|
107
|
+
Normal coding 模式下,ChatGPT 可以在配置的工作区内写入和精确编辑文件。
|
|
108
|
+
|
|
109
|
+
默认会阻止:
|
|
110
|
+
|
|
111
|
+
- `.env`
|
|
112
|
+
- 私钥
|
|
113
|
+
- `.git`
|
|
114
|
+
- `node_modules`
|
|
115
|
+
- 生成目录和缓存目录
|
|
116
|
+
- symlink 逃逸
|
|
117
|
+
- 工作区外路径
|
|
118
|
+
|
|
119
|
+
如果你只想让 ChatGPT 规划,不想让它直接改源码,用 handoff 模式。
|
|
120
|
+
|
|
121
|
+
## CodexFlow 能把 bash 绑定到某个会话 id 吗?
|
|
122
|
+
|
|
123
|
+
codexflow 不能附加到、读取或复用某一个 Codex App 聊天会话或终端会话。
|
|
124
|
+
|
|
125
|
+
MCP 的 `bash` 工具是在你启动的 CodexFlow 本地服务器进程里,针对配置的 workspace root 执行。MCP session id 只是 ChatGPT 和 CodexFlow HTTP 服务器之间的传输状态,不是 Codex 会话 id。
|
|
126
|
+
|
|
127
|
+
但 CodexFlow 可以要求 bash 调用带上匹配的本地 session 标签:
|
|
128
|
+
|
|
129
|
+
```bash
|
|
130
|
+
codexflow --bash-session main --require-bash-session
|
|
131
|
+
```
|
|
132
|
+
|
|
133
|
+
之后 `bash` 调用必须包含 `session_id: "main"`。这能避免误触发到错误的 CodexFlow 终端,但不是远程控制某个已有的 Codex App 聊天。
|
|
134
|
+
|
|
135
|
+
如果你显式开启,CodexFlow 可以列出本地 Codex session id 和标题:
|
|
136
|
+
|
|
137
|
+
```bash
|
|
138
|
+
codexflow --tool-mode full --codex-sessions metadata
|
|
139
|
+
```
|
|
140
|
+
|
|
141
|
+
它会读取 `~/.codex/sessions` 和 `~/.codex/archived_sessions` 下的本地 Codex JSONL 历史,返回 metadata 和 `codex resume <session-id>` 命令。只有需要有限长度 transcript 读取时才使用 `--codex-sessions read`。它不会附加到正在运行的 Codex App 聊天。
|
|
142
|
+
|
|
143
|
+
如果你正在 Codex 里工作,不希望 ChatGPT 触发 shell 命令,可以关闭 bash:
|
|
144
|
+
|
|
145
|
+
```bash
|
|
146
|
+
codexflow --no-bash
|
|
147
|
+
```
|
|
148
|
+
|
|
149
|
+
如果只想让 ChatGPT 写计划,由 Codex 或其他本地 agent 执行:
|
|
150
|
+
|
|
151
|
+
```bash
|
|
152
|
+
codexflow --mode handoff --no-bash
|
|
153
|
+
```
|
|
154
|
+
|
|
155
|
+
## 选择哪种 tunnel?
|
|
156
|
+
|
|
157
|
+
按这个规则选:
|
|
158
|
+
|
|
159
|
+
```text
|
|
160
|
+
快速 demo: Cloudflare quick tunnel
|
|
161
|
+
推荐稳定 URL: ngrok free dev domain
|
|
162
|
+
自定义域名: Cloudflare named tunnel
|
|
163
|
+
Tailnet 用户: Tailscale Funnel
|
|
164
|
+
无公网 URL: local-only,只适合能访问 localhost 的 MCP 客户端
|
|
165
|
+
```
|
|
166
|
+
|
|
167
|
+
Cloudflare quick tunnel 每次重启 URL 都变。把 quick URL 填到 ChatGPT 后,每次重启都要改 ChatGPT App 的 Server URL。
|
|
168
|
+
|
|
169
|
+
大多数用户建议用 ngrok free dev domain。创建免费 ngrok 账号,在 Universal Gateway -> Domains 找到分配给你的 dev domain,并在 `codexflow` 里保存。
|
|
170
|
+
|
|
171
|
+
如果你有自己的域名,用 Cloudflare named tunnel,把 DNS 路由到例如 `codexflow.example.com` 的主机名。
|
|
172
|
+
|
|
173
|
+
## ChatGPT 创建 connector 时显示 “Something went wrong” 怎么办?
|
|
174
|
+
|
|
175
|
+
通常是 ChatGPT 无法访问公网 MCP URL。生成 `trycloudflare.com` URL 不代表 `cloudflared` 一直连通。
|
|
176
|
+
|
|
177
|
+
运行连接测试:
|
|
178
|
+
|
|
179
|
+
```bash
|
|
180
|
+
codexflow connection-test --root /path/to/repo
|
|
181
|
+
```
|
|
182
|
+
|
|
183
|
+
这个模式保留 `read`、`tree`、`search` 和 `load_skill`,关闭文件写入、bash
|
|
184
|
+
和 tool cards,并记录请求是否到达本地 MCP endpoint。在 ChatGPT 的
|
|
185
|
+
`Settings -> Plugins` 创建 development plugin,粘贴完整 Server URL,
|
|
186
|
+
Authentication 选择 `No Authentication`。
|
|
187
|
+
|
|
188
|
+
- 没有 `POST /mcp received`:请求没有到达 CodexFlow,检查 ChatGPT Plugins 页面和 tunnel。
|
|
189
|
+
- `POST /mcp -> 401`:请粘贴包含 `codexflow_token` 的完整 URL。
|
|
190
|
+
- `POST /mcp -> 2xx`:ChatGPT 已到达 CodexFlow,MCP endpoint 也已响应。
|
|
191
|
+
|
|
192
|
+
测试期间保持 CodexFlow 运行。Cloudflare quick tunnel 每次重启都会更换 URL。
|
|
193
|
+
如果 Cloudflare 返回 `530` / `Error 1033`,检查运行 `cloudflared` 的机器上的
|
|
194
|
+
DNS 或代理客户端 DNS 设置。
|
|
195
|
+
|
|
196
|
+
ChatGPT 现在在 Plugins 中管理 development app。浏览器错误
|
|
197
|
+
`Failed to execute 'removeChild' on 'Node'` 发生在 ChatGPT 页面中,早于任何
|
|
198
|
+
codexflow MCP 请求。请在 Plugins 页面删除或重建旧条目,再使用当前 URL 重试;
|
|
199
|
+
codexflow 无法修复浏览器端的旧条目。
|
|
200
|
+
|
|
201
|
+
## 能每天使用同一个 ChatGPT App URL 吗?
|
|
202
|
+
|
|
203
|
+
可以,前提是使用稳定 hostname。
|
|
204
|
+
|
|
205
|
+
推荐简单路径:
|
|
206
|
+
|
|
207
|
+
```bash
|
|
208
|
+
codexflow
|
|
209
|
+
# 选择 ngrok
|
|
210
|
+
# 输入你的 ngrok free dev domain
|
|
211
|
+
```
|
|
212
|
+
|
|
213
|
+
之后:
|
|
214
|
+
|
|
215
|
+
```bash
|
|
216
|
+
codexflow
|
|
217
|
+
```
|
|
218
|
+
|
|
219
|
+
同一个 hostname 和 CodexFlow token 会被当前工作区复用。
|
|
220
|
+
|
|
221
|
+
## quick mode 为什么每次都要改 URL?
|
|
222
|
+
|
|
223
|
+
Cloudflare quick tunnel 是一次性的临时地址。每次重新启动 tunnel,Cloudflare 会分配一个新的 `trycloudflare.com` URL。
|
|
224
|
+
|
|
225
|
+
如果你不想改 ChatGPT 设置,用 ngrok free dev domain 或 Cloudflare named tunnel。
|
|
226
|
+
|
|
227
|
+
## 同时处理两个仓库怎么办?
|
|
228
|
+
|
|
229
|
+
只运行一个 CodexFlow。打开两个 ChatGPT 对话,在各自的项目选择器中选择不同仓库;它们共享同一个 broker/tunnel,但项目绑定彼此独立。
|
|
230
|
+
|
|
231
|
+
## 最新文档在哪里?
|
|
232
|
+
|
|
233
|
+
请使用 [CodexFlow 网站](https://tarunspandit.github.io/codexflow/zh.html)、[GitHub 仓库](https://github.com/tarunspandit/codexflow) 或 npm 包内附带的文档。
|
|
234
|
+
|
|
235
|
+
## CodexFlow 是否违反服务条款?
|
|
236
|
+
|
|
237
|
+
codexflow 使用 ChatGPT 的官方 Developer Mode / MCP App 接入路径,让你自己的 ChatGPT 会话连接到你自己的本地工具。
|
|
238
|
+
|
|
239
|
+
它不绕过限制,不抓取隐藏接口,不共享账号,不转售模型,不伪造请求来源,也不把第三方模型包装成别的模型。
|
|
240
|
+
|
|
241
|
+
用户仍然需要遵守 ChatGPT、Codex、OpenAI 和任何第三方服务的条款。
|
|
242
|
+
|
|
243
|
+
## CodexFlow 生产环境安全吗?
|
|
244
|
+
|
|
245
|
+
codexflow 是本地开发桥,不是操作系统级沙箱。
|
|
246
|
+
|
|
247
|
+
只在你信任的仓库里使用。公网 tunnel 保持 token auth 开启。保持 safe bash,除非你明确知道为什么需要 full bash。公网暴露前先读 [SECURITY.md](SECURITY.md)。
|
|
248
|
+
|
|
249
|
+
## 保存的设置在哪里?
|
|
250
|
+
|
|
251
|
+
工作区配置保存在:
|
|
252
|
+
|
|
253
|
+
```text
|
|
254
|
+
~/.codexflow/profiles/
|
|
255
|
+
```
|
|
256
|
+
|
|
257
|
+
管理命令:
|
|
258
|
+
|
|
259
|
+
```bash
|
|
260
|
+
codexflow settings
|
|
261
|
+
codexflow settings list
|
|
262
|
+
codexflow settings delete --yes
|
|
263
|
+
```
|
|
264
|
+
|
|
265
|
+
显示设置时,保存的 token 会被打码。
|
|
266
|
+
|
|
267
|
+
## CodexFlow 能帮助 ChatGPT 维持上下文吗?
|
|
268
|
+
|
|
269
|
+
可以帮助,但方式是显式文件和上下文包,不是隐藏记忆。
|
|
270
|
+
|
|
271
|
+
推荐使用:
|
|
272
|
+
|
|
273
|
+
- `AGENTS.md` 写项目规则。
|
|
274
|
+
- `.ai-bridge/decisions.md` 写关键决策。
|
|
275
|
+
- `.ai-bridge/current-plan.md` 写当前计划。
|
|
276
|
+
- `.ai-bridge/agent-status.md` 写本地执行结果。
|
|
277
|
+
- `codexflow pro-bundle --copy` 给不能调用工具的模型生成上下文包。
|
|
278
|
+
|
|
279
|
+
这样 ChatGPT 断线、换模型或换会话后,仍然可以通过文件恢复上下文。
|
package/LICENSE
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2026 CodexFlow contributors
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|
package/NOTICE
ADDED
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
CodexFlow trademark notice
|
|
2
|
+
|
|
3
|
+
CodexFlow is an independent open-source project. It is not affiliated with,
|
|
4
|
+
endorsed by, sponsored by, or otherwise officially connected with OpenAI.
|
|
5
|
+
|
|
6
|
+
Codex, ChatGPT, OpenAI, and related names and marks are the property of their
|
|
7
|
+
respective owner. References in this software and its documentation are used
|
|
8
|
+
only to describe compatibility, interoperability, and the source of optional
|
|
9
|
+
local project metadata.
|