codex-web-bridge
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@codex-web-bridgesnapshot the project at /path/to/project and show git status"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Codex Web Bridge
Use ChatGPT Web as the planning UI while this local MCP bridge provides tools for files, code search, shell commands, tests, git status/diff, and lightweight task/process state.
The recommended public setup is:
ChatGPT Web
-> your HTTPS domain
-> server reverse proxy
-> SSH reverse tunnel
-> local bridge on 127.0.0.1:3838
-> local projectsThis avoids ngrok and does not require exposing your Mac directly to the internet.
What It Provides
MCP over stdio for local MCP clients.
MCP over Streamable HTTP for ChatGPT Apps / Connectors.
Local project tools: read, search, list, write, patch, move, delete.
Shell/test/git tools with policy checks.
Workspace/task/process helpers for longer work.
Optional HTTP token auth for
/mcp.Audit logs for write/destructive operations.
Related MCP server: mcp-devtools
Quick Start
npm install
npm run build
bash scripts/test-mcp.shRun locally:
CODEX_WEB_AUTH_TOKEN="$(openssl rand -hex 32)" node dist/index.js --http 3838
curl -sS http://127.0.0.1:3838/healthLocal macOS Service
Generate local-only config files:
bash scripts/configure-local.sh bridgeInstall the bridge as a user LaunchAgent:
bash scripts/install-launchd.shStop it:
bash scripts/stop-launchd.shGenerated files such as launchd/com.codexweb.bridge.plist, launchd/com.codexweb.tunnel.plist, and bridge.policy.json are intentionally ignored by git. Do not commit them; they contain local paths and, usually, a token.
Server Setup Without ngrok
You need:
A Linux server reachable over SSH.
A domain with HTTPS terminating on that server.
A reverse proxy such as nginx.
SSH key access from your Mac to the server.
1. Start The Local Bridge
bash scripts/install-launchd.sh
curl -sS http://127.0.0.1:3838/health2. Create An SSH Reverse Tunnel
For an interactive test:
SSH_TARGET="ubuntu@example.com" \
REMOTE_PORT=3839 \
LOCAL_PORT=3838 \
bash scripts/start-ssh-tunnel.shWith a key:
SSH_TARGET="ubuntu@example.com" \
SSH_KEY="$HOME/.ssh/id_ed25519" \
REMOTE_PORT=3839 \
LOCAL_PORT=3838 \
bash scripts/start-ssh-tunnel.shFor a macOS LaunchAgent:
SSH_TARGET="ubuntu@example.com" \
SSH_KEY="$HOME/.ssh/id_ed25519" \
REMOTE_PORT=3839 \
LOCAL_PORT=3838 \
bash scripts/configure-local.sh tunnel
bash scripts/install-launchd.shOn the server, this should respond:
curl -sS http://127.0.0.1:3839/health3. Reverse Proxy With A Secret Path
ChatGPT's app setup may not give you a place to add a custom bearer header. A practical pattern is:
Keep
CODEX_WEB_AUTH_TOKENenabled on the local bridge.Use a long random path on your HTTPS domain.
Have nginx inject the bearer token when proxying to the tunnel.
Example nginx location:
location /codex-mcp/<long-random-secret>/ {
proxy_pass http://127.0.0.1:3839/;
proxy_http_version 1.1;
proxy_set_header Authorization "Bearer <your-local-bridge-token>";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}Then test:
curl -sS https://your-domain.example/codex-mcp/<long-random-secret>/healthThe MCP URL for ChatGPT is:
https://your-domain.example/codex-mcp/<long-random-secret>/mcpIn ChatGPT, choose No Auth for the app authentication if nginx is injecting the bearer token.
ChatGPT App Setup
Open ChatGPT Web.
Go to Apps -> Manage -> Create app.
Use
Server URL.MCP Server URL:
https://your-domain.example/codex-mcp/<long-random-secret>/mcpAuthentication:
No Authif your reverse proxy injects the bearer token.Accept the custom MCP server risk notice.
Create and connect the app.
Try a read-only prompt first:
Use Local Codex Bridge. Run project.snapshot for /absolute/path/to/my/project and summarize the project type, git status, and scripts.Stdio Config
For local MCP clients that support stdio:
{
"mcpServers": {
"codex-web-bridge": {
"command": "node",
"args": ["/absolute/path/to/codex-web/dist/index.js"],
"env": {
"CODEX_WEB_DATA_DIR": "~/.codex-web",
"CODEX_WEB_POLICY_PATH": "/absolute/path/to/codex-web/bridge.policy.json"
}
}
}
}Policy
bridge.policy.json controls what local paths and shell commands are allowed.
Default template:
{
"allowedProjectRoots": ["~"],
"denyGlobs": [
"**/.env",
"**/.env.*",
"**/*.pem",
"**/*.key",
"**/*.p12",
"**/*.pfx",
"**/.npmrc",
"**/.netrc",
"**/.ssh/**",
"**/id_rsa",
"**/id_ed25519"
],
"shell": {
"enabled": true,
"denyPatterns": [
"sudo",
"rm\\s+-rf\\s+/",
"chmod\\s+-R",
"chown\\s+-R",
"security\\s+find-",
"launchctl\\s+bootout\\s+system"
]
}
}For safer use, narrow allowedProjectRoots to specific project directories.
Tools
The server exposes these MCP tools:
Tool | Purpose |
| Project summary, git status, language/package hints, bounded file tree |
| Read package scripts |
| Higher-level project index |
| Read files or line ranges |
| Search with ripgrep-compatible output |
| Inspect files without reading full contents |
| Modify files inside policy boundaries |
| Delete files, requires |
| Run a shell command after policy checks |
| Detect and run tests |
| Git inspection and guarded revert |
| Register and resolve local workspaces |
| Persist lightweight task/session notes |
| Start/list/stop managed long-running processes |
| Check local TCP ports |
| Inspect bridge service health and logs |
| Restart fixed local bridge/tunnel services, requires |
Security Notes
Do not expose
/mcppublicly without auth or a protected reverse proxy path.Do not commit generated plist files, tokens, SSH key paths, logs, or real domains if they are private.
Prefer a long random URL segment even when token injection is enabled.
Keep
CODEX_WEB_AUTH_TOKENenabled for public HTTP use.Keep
.env,.ssh, key files,.npmrc, and.netrcdenied.Use read-only tools first before write/shell tools.
Treat shell output and logs as potentially sensitive.
For long-term use, rotate the secret path and token if they are ever pasted into a public place.
If your Mac is asleep/offline, ChatGPT cannot reach the local bridge through the tunnel.
macOS LaunchAgents start after user login, not before login.
Restart Behavior
Server reboot:
nginx/systemd usually comes back automatically.
The Mac-side SSH LaunchAgent reconnects when the server is reachable.
No ChatGPT app reconfiguration is needed if the domain and secret path stay the same.
Mac reboot:
The LaunchAgents start after you log in.
The tunnel reconnects if SSH credentials still work.
You need to reconfigure only if the domain, secret path, bridge token, SSH target, SSH key, or ChatGPT app is changed or deleted.
Validation
Local:
curl -sS http://127.0.0.1:3838/healthServer:
curl -sS http://127.0.0.1:<remote-port>/healthPublic:
curl -sS https://your-domain.example/codex-mcp/<long-random-secret>/healthMCP initialize:
curl -sS https://your-domain.example/codex-mcp/<long-random-secret>/mcp \
-H 'Content-Type: application/json' \
-H 'Accept: application/json, text/event-stream' \
--data '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2025-06-18","capabilities":{},"clientInfo":{"name":"verify","version":"1.0"}}}'Development
npm run typecheck
npm run build
bash scripts/test-mcp.shThis server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/truongvknnlthao-gif/codex-web-bridge'
If you have feedback or need assistance with the MCP directory API, please join our Discord server