for codex users

Codex writes the code. You approve the Git.

Codex proposes every Git operation over MCP and nothing runs until you approve it in FluxGit. You see the exact diff, a risk level and a restore point first, and one click undoes anything you approved.

macOS today, Windows & Linux by invite · free for public repos · works with any MCP host

Real interface · synthetic demo data

The 60-second setup.

Three steps. Every command below comes straight from the README of the open-source MCP server, so what you paste is what actually ships.

step 1install

Install FluxGit

Download the desktop app for macOS; Windows and Linux builds are by invite during the beta. This is where the approval cards appear. If you only want the free read-only shell without the app, one command puts fluxgit-mcp-sidecar on your PATH:

cargo install --git https://github.com/fluxgit-hq/fluxgit-mcp-server fluxgit-mcp-sidecar
step 2connect

Connect Codex over MCP

Codex is not on FluxGit's one-click detected list, so I will not pretend it is. If your Codex setup speaks the Model Context Protocol, it connects like any MCP-compatible host: add the generic block below to your host's MCP config. It is the same block the mirror README documents, so what you paste is what actually ships:

{
  "mcpServers": {
    "fluxgit": {
      "command": "/absolute/path/to/fluxgit-mcp-sidecar",
      "env": {
        "FLUXGIT_GATEWAY_ADDR": "127.0.0.1:14660",
        "FLUXGIT_MCP_AUDIT_LOG": "/optional/path/to/audit.jsonl"
      }
    }
  }
}

FLUXGIT_GATEWAY_ADDR unlocks the FluxGit-powered tools and the approval loop; without it, the free read-only tier still works. FLUXGIT_MCP_AUDIT_LOG is optional and writes an append-only audit file. The FluxGit app pre-fills the absolute sidecar path and gateway address under Settings, Agents / MCP, Quick Connect for you to copy.

step 3first approval

Ask Codex to do something with Git

Tell Codex to "commit what you changed". Codex calls repo.brief to orient itself, then sends operation.preview.commit with its reason and the exact files it wants to stage. A card appears in FluxGit; you read it and click Approve or Reject. That is the whole loop.

What changes for you.

no surprisespropose

It asks first

No more discovering a reset after it already happened. Every Git write Codex wants arrives as a card with a plain-language reason, the exact diff, a risk level and a restore point captured before anything runs.

recoveryundo

Undo anything

Approved a batch and regret it? The completed card offers one-click undo through the guarded reset flow, and every approval keeps its restore point in the Safety Timeline.

contextrepo.brief

It saves Codex's context

Orienting in a repo through raw git output cost 1,886 tokens on a 44-commit test repo; one repo.brief call answered the same questions in 607. Measured, not estimated. That is context Codex keeps for your actual task.

Honest answers.

pricing

Is it free?

Public repositories are free. A $39 founder license, one-time, adds private, self-hosted and local-only repos. The MCP shell itself is open source under Apache-2.0.

other agents

Does it only work with Codex?

No. FluxGit speaks the open Model Context Protocol, so any MCP host connects the same way: Claude Code, Cursor, or whatever you switch to next. Claude Code and Cursor are one-click detected hosts today; Codex uses the generic config above. Nothing in the setup is Codex-specific.

security

Can the agent bypass approval?

No. The MCP server exposes no write capability at all; every mutation is a proposal, and the only path to a Git write is your click in the desktop app. That is construction, not policy.

git skills

What if I don't know Git well?

That is the point. The card explains what the operation does in plain terms, flags the risk, and shows the way back before you approve. You learn Git by reviewing real decisions instead of memorizing commands.

I built FluxGit so the machine asks first. If you want the full tool surface and the wire contract, the MCP feature page has all of it.

FluxGit is an independent product, not affiliated with OpenAI.