@tarunspandit/codexflow 0.29.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (92) hide show
  1. package/AGENTS.example.md +18 -0
  2. package/CHANGELOG.md +311 -0
  3. package/CHATGPT_PROMPT.md +12 -0
  4. package/CODEX_PROMPT.md +12 -0
  5. package/CONTRIBUTING.md +51 -0
  6. package/DOMAIN_SETUP.md +241 -0
  7. package/FAQ.md +327 -0
  8. package/FAQ_ZH.md +279 -0
  9. package/LICENSE +21 -0
  10. package/NOTICE +9 -0
  11. package/PUBLIC_LAUNCH_CHECKLIST.md +111 -0
  12. package/README.md +287 -0
  13. package/README_ZH.md +461 -0
  14. package/SECURITY.md +145 -0
  15. package/config.example.env +31 -0
  16. package/dist/analysis/cache.js +27 -0
  17. package/dist/analysis/cache.js.map +1 -0
  18. package/dist/analysis/classify.js +102 -0
  19. package/dist/analysis/classify.js.map +1 -0
  20. package/dist/analysis/extract.js +139 -0
  21. package/dist/analysis/extract.js.map +1 -0
  22. package/dist/analysis/graph.js +22 -0
  23. package/dist/analysis/graph.js.map +1 -0
  24. package/dist/analysis/impact.js +167 -0
  25. package/dist/analysis/impact.js.map +1 -0
  26. package/dist/analysis/index.js +215 -0
  27. package/dist/analysis/index.js.map +1 -0
  28. package/dist/analysis/inventory.js +51 -0
  29. package/dist/analysis/inventory.js.map +1 -0
  30. package/dist/analysis/providers.js +24 -0
  31. package/dist/analysis/providers.js.map +1 -0
  32. package/dist/analysis/rank.js +27 -0
  33. package/dist/analysis/rank.js.map +1 -0
  34. package/dist/analysis/types.js +8 -0
  35. package/dist/analysis/types.js.map +1 -0
  36. package/dist/bashOps.js +233 -0
  37. package/dist/bashOps.js.map +1 -0
  38. package/dist/capabilitiesOps.js +365 -0
  39. package/dist/capabilitiesOps.js.map +1 -0
  40. package/dist/codexSessions.js +379 -0
  41. package/dist/codexSessions.js.map +1 -0
  42. package/dist/config.js +289 -0
  43. package/dist/config.js.map +1 -0
  44. package/dist/fsOps.js +286 -0
  45. package/dist/fsOps.js.map +1 -0
  46. package/dist/gitOps.js +79 -0
  47. package/dist/gitOps.js.map +1 -0
  48. package/dist/guard.js +198 -0
  49. package/dist/guard.js.map +1 -0
  50. package/dist/http.js +1671 -0
  51. package/dist/http.js.map +1 -0
  52. package/dist/proContext.js +274 -0
  53. package/dist/proContext.js.map +1 -0
  54. package/dist/profileStore.js +89 -0
  55. package/dist/profileStore.js.map +1 -0
  56. package/dist/projectCatalog.js +134 -0
  57. package/dist/projectCatalog.js.map +1 -0
  58. package/dist/redact.js +73 -0
  59. package/dist/redact.js.map +1 -0
  60. package/dist/searchOps.js +186 -0
  61. package/dist/searchOps.js.map +1 -0
  62. package/dist/server.js +2502 -0
  63. package/dist/server.js.map +1 -0
  64. package/dist/stdio.js +36 -0
  65. package/dist/stdio.js.map +1 -0
  66. package/dist/toolCardWidget.js +1155 -0
  67. package/dist/toolCardWidget.js.map +1 -0
  68. package/dist/workspaceOps.js +229 -0
  69. package/dist/workspaceOps.js.map +1 -0
  70. package/docs/.nojekyll +1 -0
  71. package/docs/favicon.svg +5 -0
  72. package/docs/index.html +638 -0
  73. package/docs/og.png +0 -0
  74. package/docs/script.js +80 -0
  75. package/docs/star.svg +11 -0
  76. package/docs/styles.css +1229 -0
  77. package/docs/zh.html +436 -0
  78. package/package.json +94 -0
  79. package/scripts/analysis-cli-smoke.mjs +81 -0
  80. package/scripts/analysis-smoke.mjs +179 -0
  81. package/scripts/clean.mjs +6 -0
  82. package/scripts/cli-smoke.mjs +168 -0
  83. package/scripts/codexflow.mjs +4375 -0
  84. package/scripts/doctor-smoke.mjs +90 -0
  85. package/scripts/execute-handoff-smoke.mjs +1110 -0
  86. package/scripts/http-smoke.mjs +812 -0
  87. package/scripts/pro-apply.mjs +141 -0
  88. package/scripts/pro-bundle.mjs +121 -0
  89. package/scripts/pro-smoke.mjs +95 -0
  90. package/scripts/settings-smoke.mjs +756 -0
  91. package/scripts/smoke.mjs +1194 -0
  92. package/scripts/stress.mjs +835 -0
package/README_ZH.md ADDED
@@ -0,0 +1,461 @@
1
+ <p align="center">
2
+ <a href="https://tarunspandit.github.io/codexflow/zh.html"><img src="docs/og.png" width="900" alt="CodexFlow — 一条命令,所有项目,任何对话"></a>
3
+ </p>
4
+
5
+ <h1 align="center">CodexFlow</h1>
6
+
7
+ <p align="center">
8
+ 让 ChatGPT Web 看见你的本地仓库,并像本地代码代理一样工作。
9
+ </p>
10
+
11
+ <p align="center">
12
+ <a href="https://www.npmjs.com/package/@tarunspandit/codexflow"><img alt="npm" src="https://img.shields.io/npm/v/@tarunspandit/codexflow?style=flat-square"></a>
13
+ <a href="https://github.com/tarunspandit/codexflow/actions"><img alt="CI" src="https://img.shields.io/github/actions/workflow/status/tarunspandit/codexflow/ci.yml?branch=main&style=flat-square"></a>
14
+ <a href="https://github.com/tarunspandit/codexflow/blob/main/LICENSE"><img alt="License" src="https://img.shields.io/github/license/tarunspandit/codexflow?style=flat-square"></a>
15
+ </p>
16
+
17
+ CodexFlow 是独立开源项目,与 OpenAI 没有隶属、合作、赞助或官方背书关系。文中提到 Codex、ChatGPT 和 OpenAI 仅用于说明兼容性;相关名称和商标归其各自权利人所有。
18
+
19
+ <p align="center">
20
+ <a href="README.md">English</a>
21
+ ·
22
+ <a href="https://github.com/tarunspandit/codexflow">GitHub 点星</a>
23
+ ·
24
+ <a href="https://www.npmjs.com/package/@tarunspandit/codexflow">npm</a>
25
+ ·
26
+ <a href="DOMAIN_SETUP.md">稳定 URL 指南</a>
27
+ ·
28
+ <a href="FAQ_ZH.md">中文 FAQ</a>
29
+ ·
30
+ <a href="SECURITY.md">安全说明</a>
31
+ </p>
32
+
33
+ ## 安装
34
+
35
+ codexflow 需要 Node.js 20+,以及能使用 Apps / Developer Mode 的 ChatGPT 账号。OpenAI 当前文档列出的 web 端 Developer Mode 账号范围包括 Pro、Plus、Business、Enterprise 和 Education。
36
+
37
+ 先安装 CLI:
38
+
39
+ ```bash
40
+ npm install -g @tarunspandit/codexflow
41
+ ```
42
+
43
+ GitHub `main` 文档可能早于 npm 发布;用 `npm install -g @tarunspandit/codexflow` 前请看 npm badge/version,未发布的 `main` 行为请用下面的 source checkout 方式。
44
+
45
+ 然后在任何目录运行唯一的启动命令:
46
+
47
+ ```bash
48
+ codexflow
49
+ ```
50
+
51
+ codexflow 会从本机 Codex metadata 自动发现所有项目,启动 broker 和 Cloudflare tunnel,并复制 ChatGPT Server URL。先到 `Settings -> Security and login` 打开 Developer mode,再到 `Settings -> Plugins` 创建连接,粘贴这个 URL,并选择 `Authentication: No Authentication / None`。
52
+
53
+ codexflow 把 ChatGPT Developer Mode 变成本地仓库的 MCP 代码代理。ChatGPT 可以读取文件、搜索代码、查看 git 状态、写入或精确编辑文件,并运行安全范围内的验证命令。
54
+
55
+ codexflow 不是速率限制绕过工具。它不会绕过、提升、合并、转售或修改 ChatGPT、Codex、OpenAI 或第三方模型的限制。它只是通过官方 Developer Mode / MCP App 路径,把你自己的 ChatGPT 会话连接到你自己的本地仓库。
56
+
57
+ 如果 Codex 当前工作流暂时不可用,而你的 ChatGPT 页面仍然可用,CodexFlow 可以让你继续在同一个本地仓库上工作。反过来也一样:ChatGPT 负责高上下文规划,Codex、OpenCode、Pi 或其他本地执行器负责终端里的实际执行。
58
+
59
+ ## 适合谁
60
+
61
+ codexflow 适合已经有 ChatGPT Apps / Developer Mode 权限并希望做本地开发的人:
62
+
63
+ - 想让 ChatGPT Web 直接读取本地代码,而不是反复复制文件片段。
64
+ - 想把 `AGENTS.md`、`.ai-bridge`、git diff、源码文件这些 Codex 风格上下文给 ChatGPT。
65
+ - 想在 ChatGPT 里完成规划、审查、改小文件、跑安全验证。
66
+ - 想在某些模型不能调用工具时,导出一个持久上下文包给它做规划。
67
+ - 想把 ChatGPT 的计划交给 Codex、OpenCode、Pi 或自定义本地代理执行。
68
+
69
+ 当前测试显示,ChatGPT Free / Go 账号不暴露 CodexFlow 需要的 Apps / Developer Mode 创建流程。请使用 ChatGPT 中能看到 Apps / Developer Mode 的账号层级。
70
+
71
+ ## 它能做什么
72
+
73
+ ```text
74
+ ChatGPT Web 可以看到:
75
+ AGENTS.md
76
+ .ai-bridge 计划、状态和执行记录
77
+ git status
78
+ show_changes 审查摘要和可选 diff
79
+ 文件树、搜索结果、指定源码文件
80
+
81
+ ChatGPT Web 可以操作:
82
+ read 读取文件
83
+ search 搜索代码
84
+ write 在工作区内写文件
85
+ edit 精确替换文本
86
+ bash 运行安全验证命令
87
+ show_changes 查看当前改动摘要
88
+
89
+ 本地执行器仍然有价值:
90
+ Codex / OpenCode / Pi 执行计划
91
+ 终端重任务留在本地
92
+ ChatGPT 回看执行结果和 diff
93
+ ```
94
+
95
+ 默认 `CODEXFLOW_TOOL_MODE=standard`,只暴露常用编码循环、`codexflow_self_test`、`show_changes`、上下文导出和 handoff。演示时可以用 `--tool-mode minimal`,需要完整兼容工具时用 `--tool-mode full`。
96
+
97
+ 默认工具数量较少是故意的:ChatGPT 面对少量高信号工具时更稳定。workspace open 默认不做 skill discovery;需要 repo-local skills 时传 `include_skills=true`,需要 user/plugin skills 时再加 `include_global_skills=true`。然后用 `load_skill` 按名称、source 和显示出的 path 加载需要的 `SKILL.md`;如果仍有重名匹配,CodexFlow 会报歧义错误,不会随便选一个,也不会把几十个 skill 变成单独 action。
98
+
99
+ codexflow 默认给 ChatGPT 暴露纯 MCP 工具描述,不附带 widget/card metadata。需要紧凑 v9 卡片时用 `CODEXFLOW_TOOL_CARDS=1` 启动;server config、自测、workspace 摘要、读写 diff、bash 验证、git/tree/search/context 和 handoff/export 都有结构化视图。git、skills、tree、terminal 输出、context 和 raw diff 会折叠或截断,避免在聊天里刷出大段原始数据。`CODEXFLOW_WIDGET_DOMAIN` 用于设置 ChatGPT widget iframe 的专用 HTTPS origin,正式提交 app 前应换成你控制的独立域名。
100
+
101
+ ## 其他启动方式
102
+
103
+ 不想全局安装时,也可以用:
104
+
105
+ ```bash
106
+ npx codexflow@latest --root /absolute/path/to/your/repo
107
+ ```
108
+
109
+ 但普通用户更推荐全局安装,这样唯一的启动命令就是 `codexflow`。
110
+
111
+ ## ChatGPT 中的 App 设置
112
+
113
+ 先在 ChatGPT 打开 Developer Mode:
114
+
115
+ ```text
116
+ ChatGPT Settings
117
+ -> Security and login
118
+ -> Developer mode: on
119
+ -> Enforce CSP in developer mode: on
120
+
121
+ ChatGPT Settings
122
+ -> Plugins
123
+ -> Create
124
+ ```
125
+
126
+ 保留 CSP 开启。CodexFlow 的卡片和小组件就是按 CSP 开启的路径设计的,不需要远程脚本、外部字体、iframe 或第三方图片。
127
+
128
+ 在创建 Plugin 页面填写:
129
+
130
+ ```text
131
+ Name: CodexFlow
132
+ Description: Local workspace bridge for ChatGPT coding
133
+ Connection: Server URL
134
+ Server URL: 粘贴 CodexFlow 自动复制的 URL
135
+ Authentication: No Authentication / None
136
+ ```
137
+
138
+ 复制的 Server URL 已经包含私有 `codexflow_token`。不要单独粘贴 token,除非你的 ChatGPT UI 明确支持自定义 header。
139
+
140
+ 保持终端里的 CodexFlow 进程运行。你停止它之后,ChatGPT 就无法继续连接本地仓库。Cloudflare quick tunnel 的 URL 也会失效。
141
+
142
+ ## 三种主要模式
143
+
144
+ ### 1. Normal coding
145
+
146
+ 默认模式。ChatGPT 可以在工作区内读取、搜索、写入、精确编辑文件,并运行安全验证命令。
147
+
148
+ ```bash
149
+ codexflow
150
+ ```
151
+
152
+ 适合小改动、文档更新、定位 bug、查看 diff、跑 lint/test/build。
153
+
154
+ 如果你正在另一个 Codex 会话里工作,不希望 ChatGPT 触发任何 shell 命令,用:
155
+
156
+ ```bash
157
+ codexflow --no-bash
158
+ ```
159
+
160
+ 如果想保留 bash,但要求 ChatGPT 明确命中你启动的这个 CodexFlow 终端会话标签,用:
161
+
162
+ ```bash
163
+ codexflow --bash-session main --require-bash-session
164
+ ```
165
+
166
+ 开启后,`bash` 工具调用必须带上 `session_id: "main"` 才会执行。
167
+
168
+ ### 2. Handoff
169
+
170
+ 规划模式。ChatGPT 不直接写源码,只写入:
171
+
172
+ ```text
173
+ .ai-bridge/current-plan.md
174
+ ```
175
+
176
+ 然后你在本地终端决定是否执行:
177
+
178
+ ```bash
179
+ codexflow execute-handoff --agent opencode --model provider/model --dry-run
180
+ codexflow execute-handoff --agent opencode --model provider/model
181
+ ```
182
+
183
+ 也可以启动监听器,让本地终端在计划变更后执行:
184
+
185
+ ```bash
186
+ codexflow --mode handoff
187
+ codexflow --mode handoff --no-bash
188
+ codexflow watch-handoff --agent opencode --model provider/model --yes
189
+ ```
190
+
191
+ 执行结果会写回:
192
+
193
+ ```text
194
+ .ai-bridge/agent-status.md
195
+ .ai-bridge/implementation-diff.patch
196
+ .ai-bridge/execution-log.jsonl
197
+ ```
198
+
199
+ 然后让 ChatGPT 通过 `read_handoff` 或 `codex_context` 审查结果。
200
+
201
+ ### 3. Pro context fallback
202
+
203
+ 有些 ChatGPT 模型或产品界面不能直接调用 Developer Mode Apps、连接器或 MCP 工具。即使同一个符合条件的账号可以创建 CodexFlow app,某个具体模型界面仍然可能没有工具调用能力。
204
+
205
+ 这时不要强行让它调用工具。先导出一个持久上下文包:
206
+
207
+ ```bash
208
+ codexflow pro-bundle --root /absolute/path/to/your/repo --copy
209
+ ```
210
+
211
+ 它会写入:
212
+
213
+ ```text
214
+ .ai-bridge/pro-context.md
215
+ ```
216
+
217
+ 把这个上下文粘贴给不能调用工具的模型,让它产出窄范围实现计划。然后保存计划并应用:
218
+
219
+ ```bash
220
+ codexflow pro-apply --root /absolute/path/to/your/repo --file plan.md
221
+ ```
222
+
223
+ 这会写入 `.ai-bridge/current-plan.md`,再交给 Codex、OpenCode、Pi 或自定义本地代理执行。
224
+
225
+ 如果你的 ChatGPT 账号已经在 Web 产品里提供 GPT-5.5 或更强模型,并且该模型界面可以调用 Developer Mode Apps,CodexFlow 可以让它通过 MCP 使用本地仓库工具。CodexFlow 不提供、不代理、不转售、也不解锁模型。
226
+
227
+ ## 稳定 URL 怎么选
228
+
229
+ ChatGPT App 需要一个可访问的 Server URL。你有三个常用选择:
230
+
231
+ ```text
232
+ Cloudflare quick tunnel 最快演示路径。每次重启 URL 都变。
233
+ ngrok free dev domain 推荐给大多数用户。免费账号给一个稳定 dev domain。
234
+ Cloudflare named tunnel 适合已有自定义域名的用户。
235
+ ```
236
+
237
+ ### Cloudflare quick tunnel
238
+
239
+ 最适合录 demo 或临时试用:
240
+
241
+ ```bash
242
+ codexflow
243
+ ```
244
+
245
+ 缺点很明确:quick tunnel 的 URL 每次重启都会变。如果你把 quick URL 放进 ChatGPT App,下一次启动时需要重新编辑 ChatGPT App 的 Server URL。
246
+
247
+ ### ngrok free dev domain
248
+
249
+ 推荐给大多数用户。创建一个免费 ngrok 账号,在 ngrok Dashboard 的 Universal Gateway -> Domains 找到你的 dev domain,比如:
250
+
251
+ ```text
252
+ your-name.ngrok-free.dev
253
+ ```
254
+
255
+ 一次性认证 ngrok:
256
+
257
+ ```bash
258
+ ngrok config add-authtoken YOUR_NGROK_TOKEN
259
+ ```
260
+
261
+ 保存到 CodexFlow:
262
+
263
+ ```bash
264
+ codexflow settings set --tunnel ngrok --hostname your-name.ngrok-free.dev
265
+ ```
266
+
267
+ 以后启动:
268
+
269
+ ```bash
270
+ codexflow
271
+ ```
272
+
273
+ ChatGPT 里的 Server URL 可以保持不变。
274
+
275
+ ### Cloudflare named tunnel
276
+
277
+ 如果你有自己的域名,可以用 Cloudflare named tunnel:
278
+
279
+ ```bash
280
+ cloudflared tunnel login
281
+ cloudflared tunnel create CodexFlow
282
+ cloudflared tunnel route dns CodexFlow codexflow.example.com
283
+ ```
284
+
285
+ 之后日常启动:
286
+
287
+ ```bash
288
+ codexflow stable --hostname codexflow.example.com --tunnel-name codexflow
289
+ ```
290
+
291
+ 更多域名细节见 [DOMAIN_SETUP.md](DOMAIN_SETUP.md)。
292
+
293
+ ## Codex 风格上下文
294
+
295
+ codexflow 不读取 Codex 的隐藏运行时记忆。它给 ChatGPT 的是显式工作区上下文:
296
+
297
+ ```text
298
+ open_current_workspace 当前 root、安全模式、AGENTS 状态、git 状态
299
+ codex_context AGENTS 链、.ai-bridge 文件、可选 git status/diff
300
+ read_handoff 只读 .ai-bridge 文件
301
+ workspace_snapshot 更大的项目快照和 handoff 上下文
302
+ ```
303
+
304
+ `codex_context` 会读取从仓库根目录到目标路径上的指令文件:
305
+
306
+ ```text
307
+ AGENTS.override.md
308
+ AGENTS.md
309
+ agents.md
310
+ .agents.md
311
+ ```
312
+
313
+ 并加入:
314
+
315
+ ```text
316
+ .ai-bridge/current-plan.md
317
+ .ai-bridge/agent-status.md
318
+ .ai-bridge/implementation-diff.patch
319
+ .ai-bridge/codex-status.md
320
+ .ai-bridge/decisions.md
321
+ .ai-bridge/open-questions.md
322
+ .ai-bridge/execution-log.jsonl
323
+ git status
324
+ 可选 git diff
325
+ ```
326
+
327
+ 推荐流程:
328
+
329
+ ```text
330
+ 先调用 server_config 和 codexflow_self_test
331
+ 如果 self-test 失败,先停下来报告失败项
332
+ 先调用 open_current_workspace,include_tree=false
333
+ 再调用 codex_context,target_path 指向要改的文件,include_diff=false
334
+ 然后只读取当前任务需要的文件
335
+ ```
336
+
337
+ 这样 ChatGPT 会更接近 Codex 的指令模型,同时不会依赖隐藏状态或大范围重复扫描。
338
+
339
+ ## 安全边界
340
+
341
+ codexflow 是本地开发桥,不是操作系统级沙箱。
342
+
343
+ 默认安全行为:
344
+
345
+ - 公网 tunnel 默认需要私有 CodexFlow token。
346
+ - 写入限制在配置的工作区 root 内。
347
+ - 常见敏感路径会被拒绝:`.env`、私钥、`.git`、`node_modules`、生成目录、缓存目录。
348
+ - symlink 逃逸会被阻止。
349
+ - safe bash 只允许常见检查、搜索、git、lint、test、typecheck、build 等命令。
350
+ - `codexflow --no-bash` 会完全关闭 ChatGPT 可调用的 bash 工具。
351
+ - `execute-handoff` 和 `watch-handoff` 是本地 CLI 命令,不是远程 MCP 工具。
352
+
353
+ 只有在你信任当前仓库和命令时,才考虑更宽的权限,例如 full bash、自定义执行器、额外 allow root。
354
+
355
+ ### Codex 会话边界
356
+
357
+ codexflow 的 MCP transport session id 不代表 Codex 聊天。CodexFlow 不会启动或恢复 Codex CLI;ChatGPT 提供模型,CodexFlow 提供本地文件、git、terminal、仓库规则和 skill 工具。
358
+
359
+ `bash` 工具属于你启动的 CodexFlow 本地服务器进程,并在当前聊天选中的项目目录下运行。并行任务可以通过同一个 broker/tunnel 在不同聊天中选择不同项目;这不是“远程控制当前 Codex 会话”。
360
+
361
+ 如果要减少误触发,可以给这个本地 CodexFlow 进程设置 bash session guard:
362
+
363
+ ```bash
364
+ codexflow --bash-session main --require-bash-session
365
+ ```
366
+
367
+ 这不是 Codex App 聊天会话 id,而是 CodexFlow 本地 bash 工具的显式匹配标签。
368
+
369
+ bash 结果默认使用紧凑 transcript,避免 ChatGPT 对话里突然铺开大段 stdout/stderr。完整 stdout/stderr 仍在结构化工具数据里,CodexFlow 卡片里的输出预览默认折叠。需要旧行为时可以显式打开:
370
+
371
+ ```bash
372
+ codexflow --bash-transcript full
373
+ ```
374
+
375
+ codexflow 也可以在 full tools 下显式开启只读的本地 Codex 会话列表:
376
+
377
+ ```bash
378
+ codexflow --tool-mode full --codex-sessions metadata
379
+ codexflow --tool-mode full --codex-sessions read
380
+ ```
381
+
382
+ `metadata` 会增加 `codex_sessions` 工具,从本地历史列出 session;`read` 还会增加有限长度的 transcript 读取。它们只读取历史,不执行 Codex。
383
+
384
+ 一个 broker/tunnel 可以同时服务多个网页聊天:
385
+
386
+ ```bash
387
+ codexflow --tool-mode full --root /path/to/default-repo --allow-root /path/to/projects
388
+ ```
389
+
390
+ 新聊天调用 `list_projects` 后会显示项目选择器。目录来源包括默认项目、allowed roots 下发现的项目,以及本机 Codex metadata 中最近使用且仍在 allowed roots 内的目录。`select_project` 会把当前 ChatGPT MCP 会话绑定到所选目录;之后不传 `workspace_id` 的文件、git、搜索、编辑和 terminal 调用都会自动路由到该项目。其他网页聊天拥有独立绑定。选择项目时也会发布 repo 指令、workspace/user/plugin skills 和已配置 MCP server 名称。
391
+
392
+ 如果 Codex 历史不在默认位置,可以用 `--codex-dir <dir>`。
393
+
394
+ 如果只想让 ChatGPT 规划、由你本地决定是否执行:
395
+
396
+ ```bash
397
+ codexflow --mode handoff --no-bash
398
+ ```
399
+
400
+ ## 常用命令
401
+
402
+ ```bash
403
+ codexflow
404
+ codexflow
405
+ codexflow --non-interactive
406
+ codexflow status
407
+ codexflow status --json
408
+ codexflow doctor
409
+ codexflow settings
410
+ codexflow settings list
411
+ codexflow settings set --tunnel ngrok --hostname your-name.ngrok-free.dev
412
+ codexflow settings delete --yes
413
+ codexflow pro-bundle --copy
414
+ codexflow execute-handoff --agent opencode --model provider/model --dry-run
415
+ codexflow watch-handoff --agent opencode --model provider/model --yes
416
+ ```
417
+
418
+ 终端控制键:
419
+
420
+ ```text
421
+ Enter 打开 ChatGPT connector 设置
422
+ c 再次复制 Server URL
423
+ o 打开本地 admin dashboard
424
+ h 显示帮助
425
+ q 停止 CodexFlow
426
+ ```
427
+
428
+ 在脚本、CI 或没有交互式终端的环境中,使用 `--non-interactive`。连接器会继续运行,直到收到 SIGINT/SIGTERM;`codexflow status --json` 可用于自动化检查。
429
+
430
+ 本地 admin dashboard 是带 token 保护的 setup/settings 页面。它会显示当前 workspace、local MCP endpoint、安全模式、安装/启动命令、ChatGPT 连接步骤、saved profile 设置和 allowed roots。
431
+
432
+ 页面也提供 GitHub、npm、docs 链接和高级重启命令。普通用户不需要 profile 或 setup;可选高级设置仍能修改 tunnel、hostname、port、bash、write/tool mode 和 widget origin,重启 `codexflow` 后生效。
433
+
434
+ 浏览器 admin 页面只负责 setup/settings/status 和 MCP endpoint;不能切换 ChatGPT 账号,不能直接保存原始 Cloudflare tunnel token,也不能把 CodexFlow 作为后台服务开关。Cloudflare dashboard-managed tunnel 请把 token 放在本地文件里,再填写 Cloudflare token file。
435
+
436
+ ## FAQ
437
+
438
+ 中文常见问题见 [FAQ_ZH.md](FAQ_ZH.md)。
439
+
440
+ 核心结论:
441
+
442
+ - 需要能访问 Apps / Developer Mode 的 ChatGPT 账号。
443
+ - Free / Go 在当前测试中不支持这个 App 创建流程。
444
+ - CodexFlow 不绕过任何速率限制。
445
+ - 某些 Pro / planning 模型界面不能直接连接 MCP 工具,使用 `pro-bundle` 作为上下文回退。
446
+ - quick tunnel 每次重启 URL 会变。
447
+ - 想每天同一个 URL,用 ngrok free dev domain 或 Cloudflare named tunnel。
448
+
449
+ ## 开源与贡献
450
+
451
+ 项目地址:[github.com/tarunspandit/codexflow](https://github.com/tarunspandit/codexflow)
452
+
453
+ 欢迎提 issue、补文档、补平台兼容性、补测试。提交 PR 前请至少运行:
454
+
455
+ ```bash
456
+ npm run build
457
+ npm run smoke
458
+ npm audit --omit=dev
459
+ ```
460
+
461
+ 如果 CodexFlow 对你有用,请在 GitHub 点星。这样其他使用 ChatGPT、Codex、OpenCode、Pi 和 MCP 的开发者更容易找到它。
package/SECURITY.md ADDED
@@ -0,0 +1,145 @@
1
+ # Security Policy
2
+
3
+ codexflow exposes a local workspace to an MCP client. Treat it like a developer tool with access to your source tree, not like a hosted SaaS app.
4
+
5
+ ## Supported Version
6
+
7
+ Security fixes target the latest published version only until the project reaches `1.0.0`.
8
+
9
+ Feature-specific notes follow GitHub `main`; npm users should check the published version before relying on a new command.
10
+
11
+ ## Reporting
12
+
13
+ Please report security issues privately before opening a public issue. If the repository has GitHub private vulnerability reporting enabled, use that. Otherwise contact the maintainer listed by the project owner.
14
+
15
+ Do not include secrets, private repository contents, tunnel tokens, or `.env` values in reports.
16
+
17
+ ## Terms Boundary
18
+
19
+ codexflow is not designed to bypass, avoid, pool, resell, or modify ChatGPT, Codex, OpenAI, or third-party model limits. Do not market, deploy, or configure it that way.
20
+
21
+ Each user should connect their own ChatGPT account, use only product surfaces available to that account, and follow the limits, safety rules, and terms for ChatGPT, Codex, OpenAI, and any third-party model provider they connect.
22
+
23
+ ## Threat Model
24
+
25
+ codexflow can expose:
26
+
27
+ - file metadata and selected file contents from allowed workspaces
28
+ - git status and diffs
29
+ - `.ai-bridge` planning files
30
+ - optional shell command execution through the `bash` tool, hidden when bash mode is off
31
+ - optional write/edit/apply_patch capability depending on `CODEXFLOW_WRITE_MODE`, advertised only in workspace write mode
32
+ - optional local handoff execution through `codexflow execute-handoff`, run from the user's terminal only
33
+ - optional local execute/review looping through `codexflow loop-handoff`, run from the user's terminal only with a user-provided reviewer command and iteration limit
34
+
35
+ ## Failure Model
36
+
37
+ Review changes against these failure modes before release:
38
+
39
+ | Failure mode | Expected control |
40
+ | --- | --- |
41
+ | Public tunnel reachable without a secret | Public/non-loopback HTTP fails closed unless a CodexFlow token is configured. |
42
+ | Raw CodexFlow or Cloudflare token appears in UI, logs, docs, or package output | Tokens are redacted in profile/status output and tunnel tokens use local files for persistence. |
43
+ | ChatGPT can edit outside the intended repo | Allowed roots are explicit; path resolution rejects escapes, blocked globs, and symlink traversal. |
44
+ | ChatGPT can run arbitrary shell by default | Bash defaults to safe mode, can be disabled, and full mode is a trusted-local-only choice. Safe mode can still run repo package scripts, so use `--no-bash` for untrusted repos. |
45
+ | Handoff mode still exposes generic writes | Handoff/pro modes do not advertise generic `write`/`edit`/`apply_patch`; bounded handoff tools write `.ai-bridge` files only. |
46
+ | Local Codex history is treated as ChatGPT memory | Codex session access is opt-in metadata/read mode and never attaches to a live Codex app session. |
47
+ | Browser admin mutates live runtime unexpectedly | Admin profile changes apply on restart; active runtime policy stays stable for the current session. |
48
+ | Remote MCP tool runs Codex/OpenCode/Pi directly | Agent execution remains a user-started CLI/watch process on the local machine. |
49
+ | Autonomous loop drives ChatGPT Web or bypasses approvals | `loop-handoff` only runs local terminal commands over `.ai-bridge` files; it does not resume browser sessions, approve prompts, or expose a remote MCP executor. |
50
+ | Reviewer masks a failed external command | `loop-handoff` requires explicit reviewer verdict assignments and rejects reviewer `PASS` after failed executor, test, or reviewer commands unless the user opts into the supported executor/test override behavior. |
51
+
52
+ The main risks are:
53
+
54
+ - connecting an untrusted MCP client
55
+ - exposing the server through a public tunnel without auth
56
+ - running with `CODEXFLOW_BASH_MODE=full`
57
+ - running with `CODEXFLOW_WRITE_MODE=workspace` on an important repo
58
+ - executing an untrusted `.ai-bridge/current-plan.md` or custom `execute-handoff --command`
59
+ - running `loop-handoff` with an untrusted reviewer command or without a small `--max-iters`
60
+ - adding overly broad allowed roots
61
+ - leaking a `codexflow_token` or Cloudflare tunnel token
62
+ - trusting a downloaded `cloudflared` binary without understanding where it came from
63
+
64
+ ## Safer Defaults
65
+
66
+ Default daily mode:
67
+
68
+ ```bash
69
+ codexflow \
70
+ --root /path/to/repo \
71
+ --bash safe \
72
+ --tunnel cloudflare
73
+ ```
74
+
75
+ Safer planning-only mode:
76
+
77
+ ```bash
78
+ codexflow \
79
+ --root /path/to/repo \
80
+ --mode handoff \
81
+ --bash safe \
82
+ --tunnel cloudflare
83
+ ```
84
+
85
+ For stable public hostnames, keep the CodexFlow auth token stable but private:
86
+
87
+ ```bash
88
+ codexflow \
89
+ --root /path/to/repo \
90
+ --tunnel cloudflare-named \
91
+ --hostname codexflow.example.com \
92
+ --tunnel-name codexflow \
93
+ --token <long-random-token> \
94
+ --bash safe
95
+ ```
96
+
97
+ ## Hard Rules
98
+
99
+ - Do not run public tunnels with `--no-auth`.
100
+ - Public tunnel mode and non-loopback binds fail closed if `CODEXFLOW_HTTP_TOKEN` is missing.
101
+ - Do not commit printed connector URLs that include `codexflow_token`.
102
+ - Do not commit Cloudflare tunnel tokens.
103
+ - Do not paste raw Cloudflare tunnel tokens into browser pages or screenshots. Use `--cloudflare-token-file` or the local page's Cloudflare token file field instead.
104
+ - Use `--mode handoff` for planning workflows where ChatGPT should not edit source files. Handoff mode does not advertise generic `write`/`edit` tools.
105
+ - Preview local handoff execution with `codexflow execute-handoff --dry-run` before running an unfamiliar adapter or custom command.
106
+ - Preview autonomous local loops with `codexflow loop-handoff --dry-run`, keep `--max-iters` small, and prefer `--require-human-confirmation` until you trust the reviewer command.
107
+ - Keep `execute-handoff` local. Do not wrap it in a remote MCP tool unless you add a stronger approval and sandbox story.
108
+ - Keep `loop-handoff` local. Do not use it to automate ChatGPT Web, Codex approvals, account access, third-party Pro sites, quota limits, or product safety prompts.
109
+ - Use default agent mode only with trusted ChatGPT sessions and repo-specific roots.
110
+ - Use `--no-bash` when ChatGPT should never trigger shell commands in the workspace.
111
+ - Use `--bash-session <id> --require-bash-session` when bash should be enabled only for calls that explicitly target this local CodexFlow terminal label.
112
+ - Keep Codex session history access off unless needed. `--codex-sessions metadata` only lists local Codex JSONL metadata; `--codex-sessions read` allows bounded transcript reads.
113
+ - Keep `CODEXFLOW_CONTEXT_DIR` as a workspace-relative hidden directory such as `.ai-bridge`; CodexFlow rejects source, build, dependency, credential, and absolute context directories.
114
+ - Use `--bash full` only for trusted local repos.
115
+ - Do not treat MCP session ids or bash session labels as Codex conversation ids. CodexFlow does not execute inside a Codex app session.
116
+ - Prefer a repo-specific `--root` instead of `--allow-home`.
117
+ - Use `--no-install-cloudflared --cloudflared <path>` if your organization requires a managed Cloudflare Tunnel binary.
118
+
119
+ ## Cloudflare Binary Install
120
+
121
+ For the one-command public tunnel flow, CodexFlow can download the official Cloudflare `cloudflared` release into `~/.codexflow/bin` on supported macOS, Windows, and Linux systems. It does not install a system service, does not use sudo/admin rights, and does not modify shell startup files.
122
+
123
+ Resolution order:
124
+
125
+ ```text
126
+ 1. explicit --cloudflared path or CLOUDFLARED_BIN
127
+ 2. cloudflared already available in PATH
128
+ 3. ~/.codexflow/bin/cloudflared or cloudflared.exe
129
+ 4. download official Cloudflare latest release unless --no-install-cloudflared is set
130
+ ```
131
+
132
+ Use `--install-cloudflared` to refresh the local binary. Use `--no-install-cloudflared` to disable downloads.
133
+
134
+ ## Built-In Guards
135
+
136
+ codexflow blocks common sensitive paths by default:
137
+
138
+ - `.env` and `.env.*`
139
+ - `.git` internals
140
+ - `node_modules`
141
+ - common private key names
142
+ - build/cache folders such as `dist`, `build`, `.next`, `coverage`, `.cache`
143
+ - symlinks that resolve outside the workspace or into blocked paths
144
+
145
+ These guards reduce risk. They are not an OS sandbox.
@@ -0,0 +1,31 @@
1
+ # Copy to .envrc or source manually before running npm run start:http.
2
+ CODEXFLOW_ROOT=/absolute/path/to/your/repo
3
+ # Project-library roots shown by the ChatGPT project picker. Separate multiple paths with the OS path delimiter.
4
+ CODEXFLOW_ALLOWED_ROOTS=/absolute/path/to/projects
5
+ CODEXFLOW_HOST=127.0.0.1
6
+ CODEXFLOW_PORT=8787
7
+ CODEXFLOW_BASH_MODE=safe
8
+ # Optional local bash session guard. If required, bash tool calls must include the matching session_id.
9
+ # CODEXFLOW_BASH_SESSION_ID=main
10
+ # CODEXFLOW_REQUIRE_BASH_SESSION=1
11
+ CODEXFLOW_WRITE_MODE=handoff
12
+ CODEXFLOW_TOOL_MODE=standard
13
+ # Dedicated HTTPS origin for ChatGPT widget iframes. Required for app submission.
14
+ CODEXFLOW_WIDGET_DOMAIN=https://tarunspandit.github.io
15
+
16
+ # Disabled by default so ChatGPT receives plain MCP tool descriptors.
17
+ # Set to 1 only if you want CodexFlow's custom ChatGPT cards.
18
+ CODEXFLOW_TOOL_CARDS=0
19
+ CODEXFLOW_HTTP_TOKEN=replace-with-a-long-random-token
20
+ # Require a token even for loopback binds. Non-loopback and tunnel mode require one unless explicitly overridden.
21
+ # CODEXFLOW_REQUIRE_HTTP_TOKEN=1
22
+ # CODEXFLOW_ALLOW_NO_HTTP_TOKEN=1
23
+ CODEXFLOW_CONTEXT_DIR=.ai-bridge
24
+ # Optional stable public URL mode. Quick tunnels do not keep the same hostname.
25
+ # CODEXFLOW_TUNNEL=cloudflare-named
26
+ # CODEXFLOW_PUBLIC_HOSTNAME=codexflow.example.com
27
+ # CLOUDFLARE_TUNNEL_NAME=codexflow
28
+ # Or use a dashboard-managed tunnel token:
29
+ # CLOUDFLARE_TUNNEL_TOKEN_FILE=/Users/you/.codexflow/cloudflare-tunnel-token
30
+ # Optional comma-separated extra block list:
31
+ # CODEXFLOW_BLOCKED_GLOBS=**/secrets/**,**/*.sqlite,**/*.db
@@ -0,0 +1,27 @@
1
+ const MAX_CACHE_ENTRIES = 8;
2
+ const cache = new Map();
3
+ export function getCachedWorkspaceAnalysis(key) {
4
+ const value = cache.get(key);
5
+ if (!value)
6
+ return undefined;
7
+ cache.delete(key);
8
+ cache.set(key, value);
9
+ return value;
10
+ }
11
+ export function setCachedWorkspaceAnalysis(key, value) {
12
+ cache.delete(key);
13
+ cache.set(key, value);
14
+ while (cache.size > MAX_CACHE_ENTRIES) {
15
+ const oldest = cache.keys().next().value;
16
+ if (!oldest)
17
+ break;
18
+ cache.delete(oldest);
19
+ }
20
+ }
21
+ export function invalidateWorkspaceAnalysis(workspaceId) {
22
+ for (const key of cache.keys()) {
23
+ if (key.startsWith(`${workspaceId}:`))
24
+ cache.delete(key);
25
+ }
26
+ }
27
+ //# sourceMappingURL=cache.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"cache.js","sourceRoot":"","sources":["../../src/analysis/cache.ts"],"names":[],"mappings":"AAEA,MAAM,iBAAiB,GAAG,CAAC,CAAC;AAC5B,MAAM,KAAK,GAAG,IAAI,GAAG,EAA6B,CAAC;AAEnD,MAAM,UAAU,0BAA0B,CAAC,GAAW;IACpD,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC7B,IAAI,CAAC,KAAK;QAAE,OAAO,SAAS,CAAC;IAC7B,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAClB,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACtB,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,0BAA0B,CAAC,GAAW,EAAE,KAAwB;IAC9E,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAClB,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACtB,OAAO,KAAK,CAAC,IAAI,GAAG,iBAAiB,EAAE,CAAC;QACtC,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC,KAA2B,CAAC;QAC/D,IAAI,CAAC,MAAM;YAAE,MAAM;QACnB,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACvB,CAAC;AACH,CAAC;AAED,MAAM,UAAU,2BAA2B,CAAC,WAAmB;IAC7D,KAAK,MAAM,GAAG,IAAI,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;QAC/B,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,WAAW,GAAG,CAAC;YAAE,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC3D,CAAC;AACH,CAAC"}