The supported default setup binds Codex app-server to:
ws://127.0.0.1:18790This keeps the service reachable only from the local machine.
Please open a GitHub issue for security hardening suggestions that do not expose private information.
Do not include:
- API keys
- GitHub tokens
- private SSH keys
- personal credentials
- sensitive logs
This project does not recommend public exposure of Codex app-server.
If you need access from a VM or another trusted machine, use an SSH tunnel or a private network binding with explicit firewall restrictions.