A recipe in Poke, a bridge on your machine.
Pokedex does not move your repository into Poke. It gives Poke a typed MCP recipe and keeps Codex running locally against configured workspaces.
1 · Recipe + tunnel
You add the Pokedex recipe to Poke. The CLI starts npx poke@latest tunnel so Poke can reach the local MCP endpoint.
- "Is Pokedex connected?"
- "In workspace
main, review current changes."
2 · Pokedex relay
The relay listens locally, validates the bearer token, exposes the pokedex_* tools, and forwards tool calls.
- Runs on
127.0.0.1 - Defaults to port
3000 - Does not work on files directly
3 · Agent + Codex
The local agent connects to the relay, checks workspace and sandbox policy, then talks to codex app-server.
- Uses configured workspace aliases
- Runs Codex on your machine
- Returns tool results, events, diffs, and usage
Poke gets typed tools, not the keys
Pokedex narrows what Poke can ask for. The recipe can call MCP tools, but the local config controls which workspaces and access modes are allowed.
Clean names in Poke, real folders in config
The first run stores the current folder as main. Add more aliases from the local prompt or by editing the JSONC config.
{
"workspaces": [
{
"alias": "main",
"root": "/home/user/project",
"description": "main workspace",
"allowWrite": false,
"allowFullAccess": false,
"defaultSandbox": "read_only"
}
]
}
──────────────────
main · read only
you ▸ In workspace main, summarize the app.
real paths stay in the local config
Read-only first, writes by opt-in
Pokedex refuses write and full-access requests unless both the global setting and the selected workspace allow that mode.
read_only
Codex can inspect and answer, but cannot write files.
workspace_write
Allows writes only when the agent and workspace both allow it.
danger_full_access
Requires explicit full-access gates in local config. Treat the name as the warning.