New tool watches exactly what Codex sends over the network

This tool was built to answer a simple question: when an like Codex is given access to your whole , what does it actually send back to the model? Running 'npx agent-wiretap -- codex' launches Codex alongside a live terminal dashboard that shows every file being read or written, every domain being contacted, and the running token cost. It also flags secrets caught in outbound traffic using regex matching, though this detection is not perfect.

Codex is made to trust a via the SSL_CERT_FILE setting, which is what lets the traffic be inspected in the first place. Once you actually watch the wire, CLI tools tend to talk to more places than expected — telemetry, update checks, and sometimes traffic routed through entirely separate services. The tool simply makes that traffic visible instead of hidden.

It is , runs fully locally, and sends no telemetry of its own.

Key points

  • Run with 'npx agent-wiretap -- codex' to get a live
  • Shows every file read/written, every domain contacted, and running token cost
  • Flags likely secrets in outbound traffic via regex matching, not perfect
  • Works by making Codex trust a through SSL_CERT_FILE
  • , fully local, and the tool itself sends no telemetry
Read original