Hosted MCP service that lets a public Poke recipe orchestrate Codex jobs without exposing a raw Codex app-server or a personal machine.
poke-codex-bridge exposes a Streamable HTTP MCP endpoint at /mcp. Poke can call tools to:
- list approved repo aliases
- create Codex plan/review jobs
- create patch jobs that require a second approval step
- check job status
- continue or cancel jobs
The current repo adapter is local and allowlisted for validation. Public release should replace it with an OAuth/GitHub App workspace provider before publishing on poke.com/recipes.
Bridge jobs run through a Codex CLI wrapper that ignores the operator's personal Codex config/rules and uses ephemeral Codex sessions. This prevents accidental inheritance of local skills, memories, hooks, and preferences during validation. It is not a replacement for production container or VM isolation.
cp .env.example .env
npm install
npm run build
npm run devIn another terminal:
npx @modelcontextprotocol/inspectorConnect to http://localhost:3000/mcp with:
Authorization: Bearer dev-bridge-token-change-me
X-Poke-User-Id: local-dev-user
Then validate with Poke:
npx poke@latest login
npx poke@latest tunnel http://localhost:3000/mcp -n "Codex Bridge" --recipeThe tunnel is only for validation. Do not publish a public recipe backed by a local tunnel.
Before public recipe submission, replace the local adapter with:
- GitHub App or OAuth-based repo authorization
- per-user ephemeral checkouts in isolated containers, VMs, or sandboxed workers
- branch/PR output instead of direct default-branch mutation
- durable job storage
- per-user quotas and abuse monitoring
- hosted secrets, logs, metrics, and incident controls
Do not back a public recipe with a personal ChatGPT/Codex login on a developer machine. For public release, the runner should use service-managed credentials or per-user authorization inside an isolated runtime.