# dexgate Codex Adapter One-Pager

## Purpose
Provide a concise overview of the dexgate Codex adapter as a standalone local hard gate with an upgrade path to SDE-backed paid pilot governance.

## Audience
- Engineering teams evaluating safer Codex usage
- Security and assurance reviewers
- Enterprise evaluators of governed coding workflows

## Free Standalone Mode (public beta · mature)
The Codex adapter starts as a useful standalone local hard gate (**developer-free**):

- Allow read-only / constrained shell through `functions.shell_command`
- Allow **limited** `functions.apply_patch` for local edits
- Allow `functions.update_plan` and `functions.view_image`
- Block high-consequence mutation such as `git commit` / `git push` (upgrade CTA)
- No Passport; expect free baseline check output (`governed: false` / `source: local-hardening`)

## Paid Pilot Mode (early access)
In paid mode, the adapter sends normalized requests to the customer-hosted SDE PDP and receives allow / deny / constrain decisions with Passport-shaped evidence when entitled.

Also available on validated paths:
- Live destructive-action governance (not mock-PDP-only)
- Stable reason codes and governed traces
- Explicit readonly **governance-gap** signaling when the host lacks a pre-execution hook

## Current Claim Boundary
- Commercial posture: **public beta adapters**; paid runtime is **early access / pilot** (not generally available production for all customers)
- Compatibility matrix labels such as `CERTIFIED_ENFORCED` are **internal validation scope** for declared version/runtime rows only—not a general production guarantee
- Supporting evidence includes controlled host coverage; additional Linux validation may support a declared row without expanding commercial posture

## Why Teams Use It
- Reduce accidental production-bound mutation during evaluation
- Keep early Codex usage useful (limited local edit) without opening unrestricted shell
- Add shared PDP monitor/record and Passport evidence only when ready for paid pilot
