Analysis updated 2026-06-24
Route only the Codex desktop app through a Clash proxy without affecting other apps
Fix WebSocket reconnect loops in Codex when system proxy misses non-HTTP traffic
Avoid enabling Clash TUN mode globally on macOS
| sirfetch-d/codex-proxy | 1061700625/github_vps | ganimjeong/harness-for-codex | |
|---|---|---|---|
| Stars | 35 | 38 | 31 |
| Language | Shell | Shell | Shell |
| Setup difficulty | easy | moderate | easy |
| Complexity | 2/5 | 2/5 | 2/5 |
| Audience | developer | ops devops | developer |
Figures from each repo's GitHub metadata at analysis time.
Needs a Clash-compatible client already running locally on port 7890.
codex-proxy is a small macOS shell script that launches OpenAI's Codex desktop app with a proxy configuration applied, so that all of Codex's network traffic, including WebSocket connections, flows through a local Clash proxy. Clash is a popular proxy client used in mainland China and elsewhere to route traffic through custom rules and remote servers. The motivation is specific. On macOS with Clash running, system-level proxy settings only catch HTTP traffic by default. WebSocket connections do not go through the system proxy unless Clash's TUN mode is enabled. TUN mode creates a virtual network interface that captures all traffic for the whole machine, but it is global, so it affects every app, not just Codex. The Codex desktop app uses WebSocket for two things: the remote-connection feature that lets the ChatGPT mobile app talk to the desktop, and its preferred low-latency channel to OpenAI's backend. When WebSocket cannot reach OpenAI, the README notes that Codex shows Reconnecting 1/5 through 5/5, waiting about 15 seconds per retry, before falling back to plain HTTP. The cumulative wait can reach 75 seconds or more. codex-proxy sidesteps the global TUN approach. It launches Codex.app with HTTP_PROXY, HTTPS_PROXY, and ALL_PROXY environment variables set to point at the Clash listener (default 127.0.0.1:7890). Because these environment variables are inherited only by the Codex process, only Codex's traffic goes through the proxy. Every other GUI app on the machine keeps its original network configuration. Usage is five subcommands: codex-proxy start launches the app with proxy variables set, after first killing any existing Codex process so there is no leftover non-proxied instance, and stop, restart, status, and log do what they say. Logs are written to ~/Library/Logs/codex-proxy.log. Configuration is through environment variables you can put in your .zshrc: CODEX_APP for a custom app path, CODEX_HTTP_PROXY, CODEX_ALL_PROXY for a SOCKS5 endpoint, and CODEX_NO_PROXY for hosts that should bypass the proxy. The prerequisites are macOS, any Clash-compatible client like Clash, Clash Verge, or ClashX, and the default Clash port 7890. The license is MIT.
macOS shell script that launches the OpenAI Codex desktop app with HTTP and SOCKS proxy variables set, so only Codex traffic routes through Clash.
Mainly Shell. The stack also includes Shell, macOS, Clash.
MIT license, use, modify, and redistribute freely as long as you keep the copyright notice.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.