Skip to main content

Privacy-First Design

CodexBar is designed with privacy as a core principle. All usage parsing happens locally on your device, and the app never stores passwords or transmits sensitive data to external servers.

On-Device Parsing

All data processing happens locally—no cloud services involved

Browser Cookies Opt-In

Cookie access is optional and requires explicit user permission

No Password Storage

CodexBar reuses existing sessions; passwords never touch the app

Minimal Data Access

Only reads known locations for enabled features

What CodexBar Reads

CodexBar does not crawl your filesystem. It only accesses a small set of known locations when related features are enabled:

Browser Cookies & Local Storage

  • When: You enable cookie-based providers (Cursor, Droid, Amp) and grant permission
  • What: Session cookies from Safari, Chrome, Firefox, Edge, Brave, or Arc
  • Why: To reuse your existing browser sessions without requiring separate login
  • Cached: Cookies are stored in Keychain and reused until invalid to minimize prompts

Local JSONL Logs

  • When: Cost tracking features are enabled for Codex or Claude
  • What: ~/.codex/sessions/**/*.jsonl and ~/.config/claude/projects/**/*.jsonl
  • Why: To calculate token costs over the last 30 days
  • Privacy: Logs are parsed locally; no data leaves your machine

CLI Credentials

  • When: You use CLI-based providers (Codex, Claude, Gemini, Kiro)
  • What: OAuth tokens or session files created by official provider CLIs
  • Why: To query usage data without requiring separate authentication

Local Configuration

  • When: Using providers with local probes (Antigravity, JetBrains AI)
  • What: Language server endpoints or IDE XML quota files
  • Why: To read usage data directly from running applications
See the audit notes in issue #12 for a detailed discussion of file access.

macOS Permissions Explained

CodexBar requests permissions only when necessary for specific features. Here’s what each permission is used for:

Full Disk Access (Optional)

Only required if you use Safari cookies for web-based providers (Codex web, Claude web, Cursor, Droid/Factory).
  • Why: Safari stores cookies in protected locations that require Full Disk Access
  • Alternative: Use Chrome/Firefox cookies or CLI-only sources instead
  • What we access: Safari’s Cookies.binarycookies and LocalStorage databases
  • What we don’t access: Any other files or directories

Keychain Access (Prompted by macOS)

CodexBar uses Keychain to securely store and retrieve credentials:
  • Chrome Safe Storage: Required to decrypt Chrome cookies
  • Also applies to: Brave, Edge, Arc (Chromium-based browsers)
  • Firefox: Direct access; no decryption key needed

Provider Credentials

  • Claude OAuth: Reads Claude Code-credentials written by Claude CLI
  • z.ai API token: Stored from Settings → Providers
  • Copilot token: Stored during GitHub device flow
  • OpenRouter API token: Stored from provider configuration
  • Account: com.steipete.codexbar.cache
  • Items: cookie.<provider> entries
  • Purpose: Reuse browser cookies without repeated Keychain prompts

Preventing Keychain Prompts

To stop Keychain Access alerts:
1

Open Keychain Access.app

Launch Keychain Access from Applications → Utilities
2

Find the Item

Search for the keychain item (e.g., “Claude Code-credentials” or “Chrome Safe Storage”)
3

Edit Access Control

Double-click the item → Access Control tab
4

Add CodexBar

Click the + button and add CodexBar.app to “Always allow access by these applications”
5

Save and Relaunch

Click Save Changes and restart CodexBar
Prefer adding just CodexBar to the access list. Avoid “Allow all applications” unless you want system-wide access.
Keychain Access Control Example

Files & Folders Prompts

CodexBar launches provider CLIs (codex, claude, gemini, antigravity) which may trigger folder access prompts:
  • Why: If a CLI reads a project directory or external drive, macOS asks CodexBar for permission
  • Example: Desktop folder access when codex operates in ~/Desktop/project
  • Not: Background disk scanning—these prompts are driven by CLI working directories

Permissions We Don’t Request

CodexBar does not require:
  • Screen Recording
  • Accessibility access
  • Automation permissions
  • Camera or microphone
  • Location services

No Passwords Stored

CodexBar never asks for or stores passwords:
  • Browser cookies: Reuses your existing authenticated sessions
  • OAuth flows: Handled by official provider CLIs (Claude, Copilot, Gemini)
  • API tokens: You provide tokens generated from provider dashboards
  • CLI authentication: Leverages credentials you’ve already set up with official tools

Disabling Keychain Access

If you prefer not to grant Keychain access:
  1. Open Settings → Advanced
  2. Enable “Disable Keychain access”
  3. Manually paste Cookie headers in Settings → Providers for web-based providers
  4. Note: Claude OAuth and z.ai API token features won’t work without Keychain
Disabling Keychain access limits functionality for providers that require secure credential storage.

Data Transmission

CodexBar communicates with provider APIs only to fetch usage data:
  • What’s sent: Authentication tokens or cookies (same as your browser/CLI)
  • What’s received: Usage limits, credits, reset times, and status information
  • What’s not sent: Code, files, or any data unrelated to usage queries
  • No telemetry: CodexBar doesn’t collect analytics or usage statistics about you

Open Source Transparency

CodexBar is fully open source under the MIT license:
  • Source code: github.com/steipete/CodexBar
  • Audit the code: Review exactly what the app does and doesn’t do
  • Community review: Security researchers and developers can inspect the implementation
  • Build from source: Compile your own copy if you prefer

Multi-Provider Support

See authentication methods for all providers

Menu Bar Interface

Learn about the menu bar visualization

Build docs developers (and LLMs) love

Get started for freeTalk to us