Codex Protect is a personal-use reference policy, not a complete security boundary. Reports are useful when a command documented as blocked is allowed through the same tested Codex execution path, when an allowed control is incorrectly blocked, or when setup guidance can damage or overwrite existing user configuration.
Before a public release establishes a private reporting address, open a GitHub issue only when the report contains no secrets, credentials, private repository names, personal paths, or exploitable private details. For a sensitive bypass, contact the repository owner privately instead of publishing reproduction details.
Include:
- Codex version and surface: CLI, app, or IDE.
- Operating system, version and shell.
- Bun version.
- Relevant rule or hook category.
- Whether the policy was trusted through CLI
/hooksand Codex was restarted. - The smallest safe reproduction using a disposable repository.
- Expected and observed PASS/FAIL result.
Never test a report against production repositories, writable production credentials, or valuable files.
- Windows: repository package validated with Codex CLI
0.144.1and Bun1.3.6; original live/destructive suite documented indocs/TEST_EVIDENCE.md. - macOS: primary-agent validation documented with macOS 26.5.1, Codex CLI
0.144.1and Bun1.3.14; subagent validation pending. - Linux: not currently claimed.
This personal project does not currently promise a formal response or remediation SLA. Security-sensitive claims must remain scoped to the exact versions and execution paths that were independently tested.