This project is designed around a strict local boundary:
- The web UI sends structured JSON intents only.
- The Node server owns all child process spawning.
- Android commands are built as argv arrays with
shell: false. - The server binds to
127.0.0.1by default. - No Codex app patching.
- No Codex++ dependency.
- No private or undocumented Android APIs.
- No runtime code fetched from the network.
- No arbitrary filesystem writes from browser input.