ArmorCodex
Intent-based security enforcement for OpenAI Codex CLI and Codex Desktop
ArmorCodex
ArmorCodex adds security enforcement to OpenAI Codex. Bash commands, file edits, and MCP tool calls are checked against a declared intent plan and policy rules before execution.
One Command Setup
curl -fsSL https://armoriq.ai/install_armorcodex.sh | bashInstalls the plugin, registers the marketplace, sets up the ArmorIQ CLI, and optionally connects to the ArmorIQ platform.
What It Does
When you prompt Codex to do something, ArmorCodex:
- Makes Codex declare its plan before any tool runs, the agent registers what tools it intends to use via the
register_intent_planMCP tool - Checks every tool call unplanned tools are blocked (intent drift)
- Enforces policy rules set allow/deny rules from any prompt
- Logs everything with an API key, audit logs flow to the ArmorIQ dashboard
Two Modes
| Mode | What you get | API key? |
|---|---|---|
| Local-only | Intent enforcement + policy rules + drift detection | No |
| Backend-connected | + signed JWT tokens + audit logs + dashboard visibility | Yes |
Both modes block unauthorized tool calls. The API key adds backend connectivity.
Works Everywhere Codex Runs
ArmorCodex is wired into your global Codex configuration. Once installed, it is active in:
- Codex CLI (
codexcommand in terminal) - Codex Desktop app (registered marketplace + MCP server visible under Plugins)
Same enforcement in both. No separate install needed.
See It Working
1. Install with one curl command
2. Login to ArmorIQ from the terminal
3. Codex registers its intent plan before every tool call
4. Set a policy rule from the chat prompt
5. The next matching tool call is blocked before execution
6. ArmorCodex visible in Codex Desktop
7. Intent plans visible in the ArmorIQ dashboard
8. Activity logs tracked on the ArmorIQ platform
Requirements
- Codex CLI 0.125+ (or Codex Desktop)
- Node.js 20+
- Git
- macOS, Linux, or Windows (WSL / Git Bash)