Skip to content

cicdoo/codexoo

CICDoo

Codexoo

Chat with your Odoo — safely.

Deploy on CICDoo Get Support Sponsor

An in-Odoo AI assistant powered by the OpenAI Codex CLI. It answers questions, queries your data, and builds reports — running as the logged-in user, never as superuser, with a full audit trail.

License: LGPL-3.0 Odoo PR checks PRs Welcome

Quick start · Security model · Configuration · Commercial support · Roadmap


Why Codexoo?

Most "AI for Odoo" add-ons either ship your data to a third-party prompt or hand the model a superuser connection and hope for the best. Codexoo is built the other way around — security first:

Codexoo
🔒 Runs as the user Every ORM action executes with su=False, so the user's ir.model.access rights and record rules are enforced automatically. The model can never see or do more than the person using it.
🧮 Read-only SQL, really sql_select is double-guarded: a SELECT-only text validator (no stacked statements, row locks, or dangerous functions) and Postgres SET TRANSACTION READ ONLY + a statement timeout. Gated to a dedicated AI SQL Analyst group.
🧾 Full audit log Every tool call — model, method, SQL, row counts, outcome, even denials — is written to an immutable log on a separate committed cursor, so it survives rollbacks.
🔑 Per-user login, no shared key Each user clicks Login with ChatGPT and authorizes with their own subscription via the Codex device-code flow. Credentials are stored per user in a private CODEX_HOME, mode 0600, never in the database, never echoed back.
🚫 Sandboxed engine, no surprises Codex runs in a read-only sandbox with approvals disabled, so the model cannot touch the shell, filesystem, or network on its own. The authoritative boundary is server-side: the model can affect Odoo only through a small set of tools over a loopback bridge that holds no database credentials.
Streaming UX Replies and tool "chips" stream into the chat in real time over the Odoo bus.

If you sell or run Odoo for clients, the security posture is the feature: you can give business users a natural-language window into their ERP without widening anyone's access by a single record.


🏗 How it works

OWL chat UI ──/codexoo/send (auth=user)──► Odoo worker ──► daemon thread
   ▲ bus stream (deltas, tool chips)                          │ spawns
   │                          codex exec --json (ChatGPT login, read-only sandbox)
   │                          tool surface = mcp__odoo__* ONLY
   │                                       │ stdio MCP
   │                                       ▼
   │               bridge/mcp_server.py  (no DB creds, loopback only)
   │                                       │ Bearer(session token)
   └──── bus.bus ◄── controllers/tools.py (auth='codexoo_bridge', runs AS the user) ──► Postgres
  • Only Odoo touches the database. The CLI subprocess and the MCP forwarder hold no credentials — only a short-lived, session-scoped HMAC bearer token.
  • The bridge is reachable on loopback only; the codexoo_bridge auth method rejects any non-local caller and rebinds the request to the session's user (su=False).
  • Codex itself is launched in a read-only sandbox with approvals disabled, so it cannot escape to the host; its only path to your data is the mcp__odoo__* tool surface.

🚀 Quick start

Requirements

  • Odoo 18.0
  • The OpenAI Codex CLI installed on the Odoo server (set its path via the codexoo.cli_path / codexoo.cli_glob system parameter; auto-detected if blank).
  • A ChatGPT subscription per user (device-code login) — no API key required.

Install

# Put the module on your addons_path (the repo is the module folder),
# then install it:
odoo-bin -c odoo.conf -d <your-db> -i codexoo --stop-after-init
# Restart your live server afterwards (Odoo does not re-import changed Python).

First run

  1. Open the Codexoo app from the top menu.
  2. Click Login with ChatGPT and complete the device-code login in your browser.
  3. Ask away: "How many sale orders are still in draft this month?"

Grant the AI SQL Analyst group to users who should be able to run read-only SQL reports, and AI Assistant Manager to those who configure it and read the audit log.


🔐 Security model

Codexoo treats LLM output as untrusted and defends accordingly:

  • Never superuser. Tool endpoints abort if request.env.su is true.
  • ACLs + record rules apply to every read and write, because the call runs as the user.
  • Writes are opt-in. Read tools are the default; each write tool (orm_create/write/unlink, orm_action, run_wizard, run_server_action) must be granted per user, and zero-trust mode strips them entirely.
  • SQL can only read. See the guard above.
  • Read-only sandbox. Codex runs with approvals disabled and no host write/network access; the server-side bridge + per-user ACLs are the authoritative boundary.
  • Capability tokens expire, are session-scoped, single-jti, and HMAC-signed with the database secret.

See SECURITY.md for the full threat model and how to report a vulnerability.


⚙️ Configuration

Settings → Codexoo (or System Parameters codexoo.*):

Parameter Purpose
cli_path / cli_glob Path (or glob) to the Codex CLI binary (auto-detected if blank)
model Codex model id (blank = your account's default model)
max_turns, timeout_s Per-turn limits
home_root, scratch_root Per-user CODEX_HOME and CLI scratch directories
base_url Loopback URL the bridge calls back on
sql_enabled Master switch for sql_select
zero_trust_default Global default for read-only (zero-trust) mode
python_bin Interpreter used to run the bundled bridge scripts (defaults to Odoo's)

Permissions / groups

  • AI Assistant User — can use the chat (ORM reads).
  • AI SQL Analyst — additionally may run sql_select.
  • AI Assistant Manager — configuration + audit log; sees all sessions.

🧪 Tests

odoo-bin -c odoo.conf -d <db> -i codexoo --test-enable --test-tags codexoo --stop-after-init

Covers the SQL guard, bridge-token mint/verify, the tool-access policy, the codexoo_bridge auth method, and the audit log. CI runs them on every push and PR.


💼 Commercial support

Codexoo is free and open source (LGPL-3.0) and always will be. It is built and maintained by CICDoo, who also offer:

  • 🚀 Managed deployment & hosting — Codexoo running securely on your Odoo, you manage your business and we manage your infrastructure
  • 🛟 Priority support & SLAs for production rollouts.
  • 🧩 Custom tools & integrations — extend the safe tool surface to your models and workflows.
  • 📜 Commercial license for organizations that cannot adopt LGPL terms — modify Codexoo and keep your changes private, embed it in a closed product, or get warranty/indemnification. See COMMERCIAL_LICENSE.md.
  • 🎓 Training & security review for teams enabling AI access to their ERP.

👉 Get in touch: sam@cicdoo.com · cicdoo.com

If Codexoo saves your team time, consider sponsoring its development.


🗺 Roadmap

  • Approval-gated orm_create/orm_write/orm_unlink with before→after diff cards
  • An admin allow/deny policy model for tools and models
  • A dedicated ai_sql_ro Postgres role + view scoping
  • Tighter OS-level sandboxing of the CLI subprocess
  • Per-session rate and tool budgets

Have an idea? Open a feature request or a PR — see CONTRIBUTING.md.


🙌 Acknowledgements

Codexoo wraps OpenAI's Codex CLI. "Codex", "OpenAI", and "ChatGPT" are trademarks of OpenAI. Codexoo is an independent, community project and is not affiliated with or endorsed by OpenAI.

📄 License

Codexoo is dual-licensed — choose whichever fits you:

  • 🆓 Open source: GNU LGPL-3.0-or-later. Free for any use, including on both Odoo Community and Enterprise; modifications to Codexoo's own files stay under the LGPL.
  • 💼 Commercial: a proprietary-friendly license from CICDoo that lifts the LGPL obligations (keep modifications private, embed in closed products, warranty/SLA). See COMMERCIAL_LICENSE.md · license@cicdoo.com.

SPDX-License-Identifier: LGPL-3.0-or-later OR LicenseRef-Codexoo-Commercial

© 2026 CICDoo

About

No description, website, or topics provided.

Resources

License

Code of conduct

Contributing

Security policy

Stars

9 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors