Skip to content

Disable OpenAI Codex from all pipelines (security risk)#16

Merged
AndrewAltimit merged 1 commit into
mainfrom
disable-codex-pipeline
Mar 3, 2026
Merged

Disable OpenAI Codex from all pipelines (security risk)#16
AndrewAltimit merged 1 commit into
mainfrom
disable-codex-pipeline

Conversation

@AndrewAltimit
Copy link
Copy Markdown
Owner

@AndrewAltimit AndrewAltimit commented Mar 3, 2026

Summary

  • Disabled OpenAI Codex from CI/CD pipelines, MCP services, and Docker Compose due to OpenAI's partnerships with governments conducting mass surveillance and enabling autonomous weapons
  • Added security advisories to README.md and AGENTS.md explaining the rationale and recommending Anthropic models (Claude) instead
  • All Codex config is commented out / preserved (not deleted) so it can be re-evaluated if OpenAI's policies change

Changes

  • pr-validation.yml: Codex review job commented out, removed from all downstream needs lists, status summary shows "disabled"
  • .mcp.json: Removed codex MCP server entry
  • docker-compose.yml: Commented out mcp-codex service with security rationale
  • .agents.yaml: Added commented-out codex entry with explanation, updated gemini model config
  • AGENTS.md: Full security advisory section, agent table updated with DISABLED status, all Codex references struck through
  • README.md: Security notice blockquote at the top
  • CLAUDE.md: Updated pipeline and Docker descriptions

Test plan

  • Verify pr-validation.yml passes actionlint (pre-commit hook confirms this)
  • Verify .mcp.json and docker-compose.yml are valid (validated via python yaml/json parsers)
  • Confirm no remaining active references to codex in pipeline job dependencies
  • CI passes without codex-review job

Generated with Claude Code

@claude
Disable OpenAI Codex from all pipelines due to security risk
c02b03e 
OpenAI is partnering with governments that conduct mass surveillance
and enable autonomous weapons. The surveillance risk from nation-state
actors gaining access to code and development context routed through
OpenAI infrastructure is unacceptable.

- Comment out codex-review job in pr-validation.yml
- Remove codex from downstream job dependencies
- Remove codex MCP server from .mcp.json
- Comment out mcp-codex service in docker-compose.yml
- Add security advisory to README.md and AGENTS.md
- Update CLAUDE.md pipeline/Docker descriptions
- Add disabled codex note to .agents.yaml

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@AndrewAltimit AndrewAltimit merged commit 344c6d5 into main Mar 3, 2026
9 checks passed
@AndrewAltimit AndrewAltimit deleted the disable-codex-pipeline branch March 3, 2026 08:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@AndrewAltimit