Investigate Codex web helper PoC

[bemaru]

Summary

• Documents the security boundary for a possible Codex web helper source.
• Records initial discovery that Codex web is under chatgpt.com and unauthenticated requests hit Cloudflare challenge.
• Adds a minimal scripts/codex-web-helper.ps1 PoC with status, login, and reset only.
• Keeps the PoC script out of release build output and release packages until the web payload is manually verified.
• Adds a manual DevTools checklist for verifying whether a sanitized Codex usage payload exists.

Security boundary

The PoC does not read cookies, decrypt browser storage, call authenticated OpenAI endpoints, or write Codex usage snapshots. login only opens https://chatgpt.com/codex in a dedicated local browser profile.

Verification

• PowerShell source script status passed.
• PowerShell source script reset passed.
• PowerShell source script login opened the dedicated profile and wrote login_browser_opened status.
• MSBuild Release x64 passed locally.
• Verified build/x64/Release/plugins/ClaudeUsagePlugin/codex-web-helper.ps1 is not present after build.
• Subagent security/privacy review found no P0/P1/P2 blockers for draft PoC state.
• Subagent packaging/docs review found no blockers after keeping the PoC outside release assets.

Remaining manual check

A user must sign in inside the helper browser profile and inspect DevTools Network manually. Only sanitized endpoint names and response field names should be recorded. Do not copy cookies, authorization headers, session tokens, prompts, or private repository data.

Future work questions from #7:

• Does a JSON payload expose 5-hour and weekly usage percentages plus reset timestamps?
• How are workspace or organization selection represented?
• What error states are needed for login expired, access denied, Cloudflare/challenge, and payload-shape changes?
• Where should sanitized endpoint and response-field findings be recorded before any automation is added?

Related

Closes no issue yet. Continues #7.