A low-noise browser dashboard for triaging, reading, and lightly steering Codex work.
codex-pocket is not trying to be full remote desktop for Codex.
It is aiming to be the fastest way to scan many threads, read what matters, and send lightweight follow-ups from any browser.
Pick a thread, read the transcript, send short input, interrupt a turn, and use a few safe quick controls β without remoting an entire desktop.
Sometimes you do not want full remote desktop. You just want to:
- π check what Codex is doing
- 𧡠switch between recent threads
- π¬ send a quick follow-up
- π interrupt a turn
- π± do all of that comfortably from a phone browser
That is exactly the shape codex-pocket is aiming for.
If the official Codex app is best at remote control, codex-pocket wants to be best at:
- triage
- readability
- multi-thread oversight
- low-noise browser access
- safer limited exposure
- 𧡠list recent Codex threads from local Codex state
- π pin favorite threads locally for fast return trips
- π search / filter / sort by title, source, and project label
- π render transcripts in a mobile-friendly collapsible view
- π§ semantic transcript view for request/answer-first reading
- π¨ clearer blocked / waiting status cues for faster triage
- ποΈ project-grouped thread view plus focus filters for larger dashboards
- π clearer read-only / restricted-review guidance for delegated browser users
- πͺΆ expose a cleaner browser-facing thread/session model without leaking host absolute paths in normal API payloads
- βοΈ send text input into the selected thread
- π interrupt the active turn
- β¨οΈ send quick terminal controls when Codex exposes a live stdin target
- Enter
- Escape
- Ctrl+C
- π± designed for narrow/mobile screens first
- π built-in Korean / English UI toggle
- π§ browser-language detection + saved preference
- π¨ attention digest for urgent thread triage
- π recent activity view for cross-thread scanning
- π§ first-pass multi-host/account browser switcher
- π project-first navigation and sticky current-context view
- π optional local-user browser login with HTTP-only cookie sessions
- π lightweight auth audit trail plus active browser-session visibility for owners/admins
- π§° local account/process CLI for repeatable setup and launch
- π€ local user-management CLI for browser sign-in accounts, roles, modes, visibility scope, and delegated review boundaries
codex-pocket has two sides:
A desktop machine that:
- runs Codex
- has access to
~/.codex - runs the local
codex-pocketNode server
Any browser-capable device that:
- opens the
codex-pocketweb UI - can be a phone, tablet, laptop, or another desktop
The browser never talks to Codex app-server directly. It only talks to
codex-pocket.
- Run Codex on the host machine.
- Start
codex-pocket:
npm start- Optional but recommended for anything beyond pure localhost use:
npm run user:add -- <username>- Open:
- same machine β
http://localhost:4782 - another trusted device β
http://<host-address>:4782
- same machine β
- Sign in if prompted.
- Pick a thread and use the UI π
If you want, you can switch the UI language from either:
- the toolbar
- the login screen
npm startOr use the local account-aware CLI:
npm run onboard
npm run run- host bind:
127.0.0.1 - browser port:
4782 - Codex app-server listen URL:
ws://127.0.0.1:4791
CODEX_POCKET_HOST=127.0.0.1Create a local user on the host machine:
npm run user:add -- <username>Passwords are stored as local password hashes in run/users.json, not plain text.
codex-pocket is not Tailscale-specific.
Any setup that lets a browser reach the host machine on the app port can work:
localhost- same LAN
- VPN / Tailscale / WireGuard / ZeroTier
- reverse-proxied private internal route
- the browser only needs access to the
codex-pocketweb port - the Codex app-server itself can remain bound to
127.0.0.1 - the default browser-facing port is
4782 - LAN/VPN exposure requires an explicit host override because the safer default bind host is
127.0.0.1
Think: βprivate reachability to one web portβ, not βexpose the whole Codex runtime.β
- run
npm start - open
http://localhost:4782
- run
codex-pocketon the host desktop - find the host LAN IP
- open
http://<host-lan-ip>:4782
- connect the client device to the same private network as the host
- open
http://<host-vpn-ip>:4782
The project includes a small local CLI for repeatable setup, account switching, and preflight checks.
npm run runnpm run onboardThis creates local config under run/accounts.json (gitignored) and stores:
- bind host
- browser port
CODEX_HOME- Codex app-server listen URL
- Codex app-server URL
Browser login users are stored separately in run/users.json (also gitignored).
npm run account:add -- <account-name>
npm run account:remove -- <account-name>
npm run account:list
npm run account:show -- <account-name>
npm run account:set-default -- <account-name>npm run user:add -- <username>
npm run user:list
npm run user:remove -- <username>
npm run user:set-password -- <username>
npm run user:set-mode -- <username> <read_only|input_only|control>
npm run user:set-role -- <username> <member|admin|owner>
npm run user:set-projects -- <username> </allowed/project,/another/project>
npm run user:set-threads -- <username> <thread-id-1,thread-id-2>
npm run user:set-action-threads -- <username> <thread-id-1,thread-id-2>
npm run user:clear-scope -- <username>Browser access now has three layers:
- role
ownerβ full access, including role managementadminβ can manage member access modes/scopesmemberβ no user management
- permission mode
read_onlyβ triage/reading onlyinput_onlyβ can send follow-up input, but not broader control actionscontrolβ can use interrupt/terminal controls
- visibility scope
- optional per-user
projectPrefixesandthreadIds - when set, the server only exposes matching threads/sessions
- optional per-user
- session-level action scope
- optional per-user
actionThreadIds - when set, matching threads stay interactive while other visible threads become read-only in the session view
- optional per-user
Example: create a low-risk triage account that can only see one project:
npm run user:add -- reviewer
npm run user:set-mode -- reviewer read_only
npm run user:set-projects -- reviewer /Users/song/Projects/codex-pocketnpm run print-env -- <account-name>
npm run doctor -- <account-name>export CODEX_POCKET_HOST=127.0.0.1
export CODEX_POCKET_ALLOWED_ORIGINS="https://codex-pocket.example.com,https://pocket.internal"
export CODEX_POCKET_FORCE_SECURE_COOKIES=true
export CODEX_POCKET_SESSION_TTL_SECONDS=$((60 * 60 * 24 * 7))CODEX_POCKET_HOST=127.0.0.1keeps the Node server local-only unless you intentionally choose broader reachabilityCODEX_POCKET_ALLOWED_ORIGINSlimits cookie-authenticatedPOSTrequests to specific browser originsCODEX_POCKET_FORCE_SECURE_COOKIES=trueforces the session cookie to staySecurebehind HTTPS reverse proxies even if proxy headers are incomplete- shorter
CODEX_POCKET_SESSION_TTL_SECONDSvalues can be useful for shared internal setups - see
docs/deployment-hardening.mdfor the fuller checklist, safety-envelope guidance, and reverse-proxy notes
doctor checks things like:
CODEX_HOMEpresencestate_5.sqlitepresence- Codex app-server reachability
- bind host / browser port
- whether any local browser login users are configured
Codex stores thread/session data under ~/.codex.
A small local companion service handles:
- recent thread discovery
- rollout/transcript parsing
- browser API endpoints
- event-driven session updates
- input/control forwarding to Codex app-server
Phase 1
- responsive web app / PWA-like flow
- compact thread picker
- transcript reader
- input bar + quick controls
Phase 2
- optional native wrapper/app
- saved hosts/sessions
- reconnect logic
- stronger auth and session management
For deeper notes:
docs/architecture.mddocs/deployment-hardening.mddocs/mvp-plan.mddocs/next-steps.mddocs/roadmap.mddocs/1.1.0-prd.mddocs/state-classification-design.md
server/β local companion server + CLIweb/public/β browser UIdocs/β architecture / planning / follow-up notesrun/β local runtime config (gitignored)
- built around Codex state under
~/.codex - read-side transcript rendering still depends on rollout/state parsing, not a fully semantic Codex thread model
- Enter / Esc / Ctrl+C only work when Codex exposes a live terminal stdin target for that thread
- mobile-friendly does not yet mean polished native-app quality
- auth/access control is intentionally aimed at trusted internal sharing, not hardened direct public internet exposure
- prefer
localhost, LAN, VPN, Tailscale, or another trusted private route - do not expose this prototype directly to the public internet without stronger auth, TLS, and operational hardening
- the current security model is meant for trusted internal sharing, not fuller delegated-access collaboration
- keep the Codex app-server bound locally when possible
- create at least one local browser login user before opening access beyond localhost
- browser login users are created locally on the Codex host via CLI; they are not self-service from the web UI
- use lower roles/modes plus optional visibility/action scope for shared/internal viewers instead of handing out full control by default
- browser-facing API payloads are intentionally reduced so normal thread/session reads do not expose host absolute paths like
cwdor rollout file locations - optional
CODEX_POCKET_ALLOWED_ORIGINSlets you narrow which browser origins may issue authenticatedPOSTactions - optional
CODEX_POCKET_FORCE_SECURE_COOKIES=trueis useful behind HTTPS reverse proxies that do not reliably forwardX-Forwarded-Proto - anyone who can reach the web UI and satisfy auth may still inspect allowed transcripts and actions inside their granted scope, so treat network exposure carefully
- for a safer internal-exposure checklist, clearer proxy guidance, and a "when this is / is not enough" breakdown, see
docs/deployment-hardening.md
Keep the browser-based version as the default surface first. If it proves sticky and genuinely useful, wrap it later as a native mobile app instead of treating iPhone as the only target from day one.