mirror of
https://github.com/openai/codex.git
synced 2026-05-03 02:46:39 +00:00
1.7 KiB
1.7 KiB
Codex Network Proxy Quickstart (Local)
This is a compact guide to build and validate the Codex network proxy locally.
Build
From the Codex repo:
cd codex/codex-rs
cargo build -p codex-network-proxy
For MITM support:
cargo build -p codex-network-proxy --features mitm
Configure
Add this to ~/.codex/config.toml:
[network_proxy]
enabled = true
proxy_url = "http://127.0.0.1:3128"
admin_url = "http://127.0.0.1:8080"
mode = "limited" # or "full"
poll_interval_ms = 1000
[network_proxy.policy]
allowed_domains = ["azure.com", "*.openai.com"]
denied_domains = ["169.254.*"]
# macOS only: allow specific local IPC when proxy-restricted.
allow_local_binding = false
# Example: allow SSH agent socket for git/ssh.
allow_unix_sockets = ["$SSH_AUTH_SOCK"]
[network_proxy.mitm]
enabled = false
Run the proxy
cd codex/codex-rs
cargo run -p codex-network-proxy -- proxy
With MITM:
cargo run -p codex-network-proxy --features mitm -- proxy
Test with curl
HTTP/HTTPS via proxy:
export HTTP_PROXY="http://127.0.0.1:3128"
export HTTPS_PROXY="http://127.0.0.1:3128"
curl -sS https://example.com
Limited mode + HTTPS requires MITM. If MITM is on, trust the generated CA:
security add-trusted-cert -d -r trustRoot \
-k ~/Library/Keychains/login.keychain-db \
~/.codex/network_proxy/mitm/ca.pem
Or pass the CA directly:
curl --cacert ~/.codex/network_proxy/mitm/ca.pem -sS https://example.com
Admin endpoints
Reload config after edits:
curl -fsS -X POST http://127.0.0.1:8080/reload
Switch modes:
curl -fsS -X POST http://127.0.0.1:8080/mode -d '{"mode":"full"}'