Hi,
I’m building an open-source developer tool called spark-banana (GitHub: nyosegawa/spark-banana) — a browser-based UI overlay for local development that lets you click an element in the browser, describe a fix, and route the task to Codex via its MCP server mode.
Architecture:
The bridge server (spark-bridge) spawns codex mcp-server as a stdio child process and communicates with it via the official MCP SDK (@modelcontextprotocol/sdk), calling the codex tool through client.callTool().
Browser (overlay) → spark-bridge (WS) → codex mcp-server (stdio/MCP) → Files updated
Key details (see packages/bridge/src/codex-mcp.ts):
-
StdioClientTransportwithcommand: 'codex', args: ['mcp-server'] -
sandbox: 'workspace-write',approval-policy: 'on-request' -
Approval requests are forwarded to the browser UI (not auto-approved)
-
Users authenticate Codex CLI themselves; spark-banana does not handle or redistribute any credentials
Question:
The Terms of Use include:
You may not: “Automatically or programmatically extract data or Output.”
At the same time, the Codex documentation describes codex mcp-server as a supported way to “connect from any MCP client,” and codex exec is designed for scripted workflows.
Does the above clause apply to third-party tools that consume codex mcp-server on the user’s local machine using the official MCP SDK? To my knowledge there are no other third-party tools publicly doing this, so I’d appreciate any clarification before wider distribution.
Thanks!