security: disable OpenAI Codex from pipeline and tooling

[AndrewAltimit]

Summary

• Permanently disables OpenAI Codex from CI pipeline (if: false), MCP config, and Docker services due to OpenAI's partnerships enabling mass surveillance and autonomous weapons decision-making
• Adds a prominent security policy notice to README.md explaining why Codex is disabled and recommending Anthropic (Claude) models
• Updates all documentation (README, AGENTS.md, CONTRIBUTING.md) to reflect the removal

Changes

File	Change
pr-validation.yml	codex-review job set to if: false, status summary shows "disabled (security policy)"
docker-compose.yml	mcp-codex moved to unreachable disabled-codex profile, CODEX_ENABLED=false
.mcp.json	Codex server renamed to codex-DISABLED, command replaced with no-op echo
.env.example	Codex env vars commented out with explanation
README.md	Security policy blockquote added, all "Gemini/Codex" refs updated to "Gemini"
AGENTS.md	Pipeline step struck through, agent/MCP tables marked DISABLED
CONTRIBUTING.md	Codex removed from agent list

Test plan

• PR validation workflow still runs (codex-review job skips cleanly via if: false, dependent jobs unaffected)
• docker compose --profile services up does not start mcp-codex
• Security policy notice renders correctly in README.md on GitHub

Generated with Claude Code

[github-actions]

Gemini AI Code Review

Issues (if any)

• [WARNING] CLAUDE.md:123 - Stale reference to Codex
  • The CI/CD description still mentions "(Gemini/Codex)" for PR reviews. This should be updated to reflect the removal of Codex.
• [WARNING] tools/cli/agents/run_codex.sh - Local agent script remains functional
  • This script allows local execution of Codex, contradicting the new security policy stating that OpenAI Codex has been removed from the project's tooling.
• [WARNING] tools/cli/containers/run_codex_container.sh - Broken and stale container script
  • References the codex-agent service no longer present in docker-compose.yml, causing it to fail. Also violates the security policy.

Previous Issues (for incremental reviews)

(none)

Suggestions (if any)

• .github/workflows/pr-validation.yml:379 - Remove CODEX_REVIEW_PATH environment variable
  • Since the codex-review job is permanently disabled, the codex-review.md artifact will never be generated. Removing this variable from the agent-review-response job would improve clarity.
• .github/workflows/pr-validation.yml:307 - Update job comments
  • The comment for agent-review-response still mentions responding to "Gemini/Codex feedback".

Notes

• 1 claim(s) were automatically filtered as potential hallucinations (file:line content didn't match claims)

• Excellent work on the comprehensive security policy notice in README.md and the updates to CONTRIBUTING.md.

• Moving the MCP service to an unreachable profile in docker-compose.yml is an effective way to prevent accidental activation.

---

Generated by Gemini AI (gemini-3-flash-preview). Supplementary to human reviews.

[AndrewAltimit]

Review Response Agent (Iteration 1)

Status: No changes needed

Fixed Issues

• CLAUDE.md:123 - Stale "Gemini/Codex" reference: Updated to "Gemini" only since Codex has been removed
• tools/cli/agents/run_codex.sh - Functional Codex script contradicting security policy: Deleted the script entirely (216 lines)
• tools/cli/containers/run_codex_container.sh - Broken/stale container script: Deleted the script entirely (84 lines) - it referenced the removed codex-agent docker service
• pr-validation.yml:379 - CODEX_REVIEW_PATH env var: Removed since the codex-review job is permanently disabled and will never produce this artifact
• pr-validation.yml:307 - Stale "Gemini/Codex" comment: Updated to "Gemini feedback"
• AGENTS.md:196 - Stale run_codex.sh table entry: Removed the row referencing the now-deleted script

Ignored Issues

• (none - all reported issues were verified and legitimate)

Deferred to Human

• (none)

Notes

• All 3 warnings and 2 suggestions from the Gemini review were legitimate and have been fixed
• Also found and fixed an additional stale reference in AGENTS.md that wasn't flagged by the review
• Changes pushed to disable-codex-pipeline branch as commit c15939e

---

The agent reviewed feedback but determined no code changes were required.

[github-actions]

Gemini AI Incremental Review

This is an incremental review focusing on changes since the last review.

Issues (if any)

(none)

Previous Issues (for incremental reviews)

• [RESOLVED] CLAUDE.md:123 - Stale reference to Codex
• [RESOLVED] tools/cli/agents/run_codex.sh - Local agent script remains functional
• [RESOLVED] tools/cli/containers/run_codex_container.sh - Broken and stale container script

Suggestions (if any)

(none)

Notes

• The author has thoroughly scrubbed Codex references from documentation, CI workflows, and local tooling.
• Deletion of run_codex.sh and run_codex_container.sh correctly aligns the local environment with the new security policy.
• The codex-review job in pr-validation.yml is correctly hard-coded to if: false to prevent accidental execution while maintaining workflow structure.

---

Generated by Gemini AI (gemini-3-flash-preview). Supplementary to human reviews.

[AndrewAltimit]

Review Response Agent (Iteration 2)

Status: No changes needed

Fixed Issues

• (none needed)

Ignored Issues

• (none)

Deferred to Human

• (none)

Notes

• The latest Gemini incremental review confirms all previously reported issues are RESOLVED
• No new issues were found in the incremental review of commit c15939e
• The previous iteration already fixed all flagged items: stale Codex references in CLAUDE.md, deleted run_codex.sh and run_codex_container.sh scripts, cleaned up pr-validation.yml, and updated AGENTS.md

---

The agent reviewed feedback but determined no code changes were required.