Opt-in
Nothing is projected until you ask for the extra view. It stays local and off by default.
Limits
I built it to make risk visible, not to manufacture confidence. The final answer still needs tests, a real browser, and your own read of the situation.
What it won't fake
Privacy and state
The helper script keeps session scaffolds, estimates, prompts, outputs, stats, history,
and alter overrides in plugin-local state. Before you publish a repo, make sure
.codex-council/ is gitignored and uncommitted.
# Check for local runtime artifacts before publishing.
git status --short
find . -name '.codex-council' -o -name '.DS_Store' -o -name '__pycache__'
Decision Runtime safety
Nothing is projected until you ask for the extra view. It stays local and off by default.
Unknown or unhealthy shadow state is ignored; the original session and verdict remain usable.
Shadow data is local state, not encrypted proof. Treat it with the same care as the source session.
Where it comes from
The pattern comes from karpathy/llm-council and llm-council.dev: ask several independent models, anonymize the answers, rank them, then synthesize a final one. Codex Council keeps that shape but runs it through Codex roles, local scoring, token estimates, and optional browser evidence.