Skip to content

adamsardo/poke-codex-bridge

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Poke Codex Bridge

Hosted MCP service that lets a public Poke recipe orchestrate Codex jobs without exposing a raw Codex app-server or a personal machine.

What This Is

poke-codex-bridge exposes a Streamable HTTP MCP endpoint at /mcp. Poke can call tools to:

  • list approved repo aliases
  • create Codex plan/review jobs
  • create patch jobs that require a second approval step
  • check job status
  • continue or cancel jobs

The current repo adapter is local and allowlisted for validation. Public release should replace it with an OAuth/GitHub App workspace provider before publishing on poke.com/recipes.

Bridge jobs run through a Codex CLI wrapper that ignores the operator's personal Codex config/rules and uses ephemeral Codex sessions. This prevents accidental inheritance of local skills, memories, hooks, and preferences during validation. It is not a replacement for production container or VM isolation.

Local Validation

cp .env.example .env
npm install
npm run build
npm run dev

In another terminal:

npx @modelcontextprotocol/inspector

Connect to http://localhost:3000/mcp with:

Authorization: Bearer dev-bridge-token-change-me
X-Poke-User-Id: local-dev-user

Then validate with Poke:

npx poke@latest login
npx poke@latest tunnel http://localhost:3000/mcp -n "Codex Bridge" --recipe

The tunnel is only for validation. Do not publish a public recipe backed by a local tunnel.

Public Release Boundary

Before public recipe submission, replace the local adapter with:

  • GitHub App or OAuth-based repo authorization
  • per-user ephemeral checkouts in isolated containers, VMs, or sandboxed workers
  • branch/PR output instead of direct default-branch mutation
  • durable job storage
  • per-user quotas and abuse monitoring
  • hosted secrets, logs, metrics, and incident controls

Do not back a public recipe with a personal ChatGPT/Codex login on a developer machine. For public release, the runner should use service-managed credentials or per-user authorization inside an isolated runtime.

See docs/public-release-plan.md.

About

No description, website, or topics provided.

Resources

Stars

1 star

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors