Skip to content

edamametechnologies/edamame_codex

BranchesTags

Repository files navigation

EDAMAME for Codex CLI

EDAMAME for Codex CLI bridges OpenAI Codex CLI reasoning artifacts to the local EDAMAME Security host so EDAMAME can correlate declared intent against observed system activity.

This package keeps the same workstation pattern as the Cursor and Claude packages:

  • bridge/codex_edamame_mcp.mjs exposes local MCP tools and the control center.
  • adapters/session_prediction_adapter.mjs reads Codex CLI transcripts from ~/.codex/sessions/YYYY/MM/DD/rollout-*.jsonl (or $CODEX_HOME/sessions).
  • service/codex_extrapolator.mjs forwards raw sessions to EDAMAME via upsert_behavioral_model_from_raw_sessions.
  • setup/install.sh and setup/install.ps1 install the package and register edamame-codex in Codex CLI's ~/.codex/config.toml.

External Observer

Starting with edamame_core 1.2.3, EDAMAME also includes an external transcript observer that reads the same Codex CLI session directory directly. The observer is additive: this package's MCP bridge still works and still pushes raw sessions. If the observer is paused while this package is installed, EDAMAME raises the unsecured_codex internal threat on the next score cycle.

Observer vs plugin: what provides the security

EDAMAME's host-side transcript observer is the security control of record -- it runs divergence detection against Codex as soon as Codex is discovered on disk, with zero plugin installed, and a compromised agent cannot pause or silence it. This package is a cooperative enhancement: it adds off-host coverage (when Codex runs where the host observer cannot read its transcripts -- remote box, SSH, container, CI, VM) and turnkey onboarding/UX (MCP discovery, pairing, in-agent posture/verdict views, health checks). It never provides -- and can never weaken -- the guarantee. See Observer vs plugin: the value boundary.

Install

bash setup/install.sh /path/to/workspace

Windows:

.\setup\install.ps1 -WorkspaceRoot C:\path\to\workspace

After install, start Codex CLI and use the edamame_codex_control_center MCP tool to pair with EDAMAME, or paste a PSK generated by edamame_posture mcp-generate-psk.

Test

node --test tests/*.test.mjs
bash setup/healthcheck.sh --strict --json

Repository Layout

bridge/      stdio MCP bridge and control-center HTML
adapters/    Codex transcript parsing and raw-session payload generation
service/     extrapolator, healthcheck, posture facade, config, verdict reader
setup/       install/uninstall scripts and config templates
skills/      EDAMAME posture/divergence skill docs
agents/      security-monitor agent guidance
commands/    healthcheck/export-intent commands

About

EDAMAME for OpenAI Codex CLI developer workstation package

Resources

Readme

License

View license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages