WebSocket API

Bridge and relay protocol notes

FlyDex is not publishing a full public SDK here. This page documents the observable relay surfaces and lifecycle milestones operators need for troubleshooting or architecture review.

Reference map

Public docs sections

Authentication

Account auth, QR claims, local-connect tokens, and machine continuity.

Agent control

Thread access, send/resume turns, and remote approvals.

WebSocket API

Bridge lifecycle, documented endpoints, and status model.

Security

Threat model, data boundaries, and transport safeguards.

Architecture

Control plane, connector, and local Codex runtime topology.

Examples Competitive comparison

Documented endpoints

Known public and localhost surfaces

SurfaceEndpointPurpose
Local helperGET /v1/healthReadiness and presence check on localhost.
Local helperPOST /v1/connectStarts local connector session work once the browser and cloud side are ready.
Control planePOST /api/local-connect/startStarts the authenticated local-connect lifecycle.
Control planePOST /api/local-connect/:id/agent-statusLets the connector report lifecycle status transitions back to the control plane.
 
created
-> awaiting_browser_finalize
-> codex_ready

Operational note

How the event path behaves

Modern FlyDex clients send shard hints such as user and machine identifiers so the worker can route authenticated traffic directly to the right per-user durable object shard on the hot path.

Phone / Browser threads, prompts, approvals FlyDex Control Plane auth, pairing, routing, audit short-lived claims + machine scope TLS + authenticated relay Local Connector localhost only 127.0.0.1:48163 /v1/health and /v1/connect Codex local runtime QR claim + account auth relay session local IPC

Updated 2026-03-16. FlyDex keeps Codex local to your machine while exposing a remote operating layer.

Docs Comparison Security Privacy