AxioRank for Codex

Govern Codex

Block destructive commands, secret exfiltration, and prompt-injected tool results in OpenAI Codex CLI, locally and offline, before they run. Then prove the session was governed with a signed Coding Session Seal.

Get the Codex plugin See how verification works

Install for OpenAI Codex CLI

1
Add the AxioRank marketplace
This registers the AxioRank marketplace; install the plugin from the Codex plugin directory.
```
codex plugin marketplace add AxioRank/codex-plugin
```
2
Or wire the hook directly (any agent)
Prefer the published npm hook? This wires the guard into the agent's hook config.
```
npx -y @axiorank/coding-guard init
```

OpenAI's official Codex Plugin Directory is coming soon. Until then, the marketplace command above installs it today.

What an ungoverned coding agent can do

Destructive commands

rm -rf, git push --force, DROP TABLE, or curl piped into a shell, run faster than you can read the diff.

Secret exfiltration

A generated command or file write ships an API key, a token, or your .env somewhere it should never go.

Agent hijacking

A poisoned MCP reply or fetched page carries hidden instructions that steer the agent (agentjacking).

Watch the guard decide

This runs the real detection engine in your browser, the same one the OpenAI Codex CLI hook runs on your machine. Pick an action, or edit the command, and see the verdict. No key, no network.

coding agent session · @axiorank/coding-guard

the agent wants to run

Edit the command. The guard re-scores it live, offline, with no API key.

Blockedrisk 70/100

A destructive operation was detected.

signals · 2

Destructive ×2

Recursive/forced file deletedestructive
Dangerous CLI flagdestructive

Blocks locally, offline, no key

The exact AxioRank detection engine your production agents use, in the hook, on your machine. Destructive operations, secret exfiltration, and prompt-injected results are denied before they run.

Same control plane as production

Add a key and every governed call flows into the same policy, audit log, alerts, and approvals as your production agents. Org policy can only tighten the local decision, never loosen a block.

A signed seal nobody else mints

At session end AxioRank mints a Coding Session Seal: an Ed25519-signed, offline-verifiable proof of how many calls were governed and blocked. Provenance, not just a dashboard.

Blocking is free. Proof is the upgrade.

Local guardrails for OpenAI Codex CLI are free, with no account, and so is reporting a session to your workspace (within your normal event quota). The signed Coding Session Seal is the upgrade, on the Team plan and above.

See pricing Read the docs