| Version | Supported |
|---|---|
| 10.13.x | ✅ |
| 3.13.x | ✅ |
| < 3.10 | ❌ |
Please do not report security vulnerabilities through public GitHub issues.
Instead, please report them via:
- GitHub Security Advisory: Create a new security advisory
- Or email the maintainers directly
You should receive a response within 48 hours. If the issue is confirmed, a patch will be released as soon as possible.
- API keys are stored locally in
~/.codex/endpoints.json - Keys are never transmitted to any server except the configured AI provider
- The proxy does not log API keys
- Recommendation: Set file permissions to
600onendpoints.json
- OAuth tokens for Google Gemini/Antigravity are stored locally
- Tokens are refreshed automatically using PKCE flow
- Token storage location:
~/.codex/
- The proxy binds to
127.0.0.1by default (localhost only) - Do not expose the proxy to public networks without authentication
- The
--portflag changes the listening port - The
/admin/*endpoints require the admin API key if configured
- All outbound connections use HTTPS/TLS
- Connection pooling with persistent connections
- SSL certificate verification is always enabled
- In scope: API key leakage, unauthorized proxy access, supply chain attacks on dependencies
- Out of scope: Compromised AI provider endpoints, local machine compromise
- Zero dependencies: The project uses only Python stdlib, minimizing supply chain risk
- Protect your API keys: Set
chmod 600 ~/.codex/endpoints.json - Use localhost binding: Default
127.0.0.1binding prevents network exposure - Keep updated: Update to the latest version for security fixes
- Review configs: Periodically check
~/.codex/for unauthorized changes - Docker: Use the provided Docker image for additional isolation