Skip to content

Security: devmusehq/codex-switchboard

Security

SECURITY.md

Security

Codex Switchboard is a local utility around Ollama's Codex App integration.

Command Surface

The app intentionally keeps its command surface small:

ollama --version
ollama list
ollama launch codex-app --model <selected-model> --yes
ollama launch codex-app --restore --yes
open -a Codex
open -a "Codex App"
open <action log path>

Commands are executed with explicit program and argument arrays, not shell strings.

Switch and restore commands are blocked by the backend if the installed Ollama version is older than 0.24.0.

What The App Does Not Do

  • It does not host models.
  • It does not download or install models.
  • It does not edit Codex SQLite/state files.
  • It does not modify Codex thread state.
  • It does not modify user repositories.
  • It does not include accounts, cloud sync, telemetry, analytics, payments, or online services.

Logs

The app keeps a local JSONL action log in the Tauri app data directory.

Logs may contain command output from Ollama. Stdout and stderr are truncated before writing, but users should still review logs before sharing them publicly.

Unsigned Builds

Public builds are currently unsigned and not notarized. macOS Gatekeeper may warn when opening the app.

Users who do not want to run an unsigned app should build from source.

Reporting Issues

Please include:

  • macOS version
  • Ollama version
  • Codex Switchboard version
  • Whether Codex App was open during switch/restore
  • The relevant action log entry, after reviewing it for sensitive output

There aren't any published security advisories