by Zhenyu98
A safe bridge for Codex and ChatGPT to hand off coding work, save tokens, and keep local execution under control.
# Add to your Claude Code skills
git clone https://github.com/Zhenyu98/codex-chatgpt-bridgeGuides for using ai agents skills like codex-chatgpt-bridge.
codex-chatgpt-bridge is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by Zhenyu98. A safe bridge for Codex and ChatGPT to hand off coding work, save tokens, and keep local execution under control. It has 83 GitHub stars.
codex-chatgpt-bridge's catalog security scan is still queued. You can run an instant dependency and prompt-injection check now with the "Scan for vulnerabilities" button above.
Clone the repository with "git clone https://github.com/Zhenyu98/codex-chatgpt-bridge" and add it to your Claude Code skills directory (see the Installation section above).
codex-chatgpt-bridge is primarily written in PowerShell. It is open-source under Zhenyu98 on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh codex-chatgpt-bridge against similar tools.
No comments yet. Be the first to share your thoughts!
Unlocks once the catalog security scan passes (runs nightly).
The deep catalog scan for this skill is still queued. Run an instant dependency check now instead.
Long Codex sessions burn quota on planning, re-reading, and repeated design. This bridge moves that heavy thinking to ChatGPT and keeps Codex focused on execution and verification, so a long build stays within budget and under local control.
| Before | After |
|---|---|
| Copy large context into the Codex chat to get a review | ChatGPT reads the scoped project directly over the bridge |
| Codex spends quota planning, re-reading, and iterating | ChatGPT plans and reviews; Codex executes one task at a time |
| A remote tool with unclear reach into your machine | A narrow, OAuth-gated root that is off by default and re-keyable |
git clone https://github.com/Zhenyu98/codex-chatgpt-bridge.git
cd codex-chatgpt-bridge
powershell -ExecutionPolicy Bypass -File .\install.ps1
Expected success signal:
Installed codex-chatgpt-bridge skill to C:\Users\<you>\.codex\skills\codex-chatgpt-bridge
Restart Codex or reload skills to use it.
Then check the local environment (no tunnel started):
$skill = "$env:USERPROFILE\.codex\skills\codex-chatgpt-bridge"
powershell -ExecutionPolicy Bypass -File "$skill\scripts\local_bridge.ps1" -Action Doctor
Copy this to Codex, Claude Code, Cursor, or another coding agent:
Read https://github.com/Zhenyu98/codex-chatgpt-bridge/blob/main/agent-setup.md and follow it to install and configure codex-chatgpt-bridge for me.
See agent-setup.md for the full copy-paste prompt, prerequisites, and safe defaults.
NORMAL: ChatGPT acts like a strong review/reasoning subagent. Codex inspects enough context to steer the task, then executes and verifies.TOKEN_SAVING: Codex acts mostly as the orchestrator. Safe non-mutating reading, broad review, and synthesis go to ChatGPT whenever they save Codex tokens.CHATGPT_ARCHITECT: the planning-inverted mode for long, continuous builds. ChatGPT is the architect/manager (spec, design, task decomposition, per-task prompts, review); Codex executes one small task at a time and verifies. With your explicit L3 grant, ChatGPT can also write over the bridge while Codex integrates.The router picks by marginal cost: a unit of work goes to ChatGPT when it saves far more Codex tokens than one slow bridge round-trip. When a plan needs parallel subagents, ChatGPT can serve as the subagent pool so the fan-out stays off Codex quota, while Codex remains the single orchestrator that integrates and verifies.
$skill = "$env:USERPROFILE\.codex\skills\codex-chatgpt-bridge"
powershell -ExecutionPolicy Bypass -File "$skill\scripts\local_bridge.ps1" -Action Status
powershell -ExecutionPolicy Bypass -File "$skill\scripts\local_bridge.ps1" -Action Doctor
powershell -ExecutionPolicy Bypass -File "$skill\scripts\local_bridge.ps1" -Action Start -ProjectRoot <path> -Tunnel cloudflare -InstallCloudflared
powershell -ExecutionPolicy Bypass -File "$skill\scripts\local_bridge.ps1" -Action Stop
powershell -ExecutionPolicy Bypass -File "$skill\scripts\local_bridge.ps1" -Action Rotate
Start opens the local MCP service and its selected tunnel. Doctor checks the environment plus tunnel and public reachability. Stop closes the service and tunnel while keeping the ChatGPT app configuration, so the next start reuses the same app when a stable URL is used. Rotate is the panic button: it stops the bridge, revokes all issued OAuth tokens, and mints a new Owner password — run it after any suspected unauthorized access, then start and re-authorize.
For a stable ChatGPT app URL across restarts, put a stable Worker / custom proxy or external tunnel in front of the changing Quick Tunnel. Full walkthrough for creating the ChatGPT app (developer mode, app URL, OAuth, smoke test) is in README_zh.md.
Be honest about the trust boundary: once you OAuth-authorize the ChatGPT app, the bridge grants file read/write and shell execution on your machine. The L0–L5 levels are policy Codex instructs ChatGPT to follow; they are guidance, and run_shell is not confined to the root, so an authorized app effectively holds local-user code execution. The boundaries actually enforced are OAuth approval (a strong random Owner password), the narrow allowedRoots for file tools, and stopping the bridge.
Practical rules:
-Action Rotate to revoke all tokens and re-key.Can ChatGPT run anything on my machine?
Once you OAuth-authorize the app, the bridge allows file read/write and shell within your setup. run_shell is not sandboxed, so treat an authorized app as local-user execution: keep the root narrow, stop the bridge when idle, and use Rotate to revoke access.
Does Stop revoke ChatGPT's access?
Stop closes the tunnel and service, so the workspace becomes unreachable, and it keeps the app authorization so the next Start reuses the same app. To actually revoke issued tokens, run Rotate.
Will ChatGPT edit my source directly?
In the default advice profile, Codex applies and verifies every change. With your explicit L3 grant, ChatGPT writes over the bridge and Codex reviews the diff, runs an independent check, and owns git plus the final claim.
The Quick Tunnel URL keeps changing.
Quick Tunnel URLs rotate on restart, which suits testing. For a fixed ChatGPT app URL, front it with a stable Worker / custom proxy or external tunnel.
Issues and pull requests are welcome. Please keep reports specific, include reproduction steps when possible, and avoid sharing secrets in logs or screenshots.
Released under the MIT License. See LICENSE.