Skip to content

ethanolivertroy/codex-grc-agent-demo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
data
data
 
 
examples
examples
 
 
src/grc_agent
src/grc_agent
 
 
tests
tests
 
 
.env.example
.env.example
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pyproject.toml
pyproject.toml
 
 

Repository files navigation

Codex GRC Agent Demo

Python proof-of-concept for a bounded GRC assessment agent built with the OpenAI Agents SDK and the experimental codex_tool.

The demo keeps the deterministic parts of compliance in code and data:

  • baseline membership comes from local JSON,
  • control metadata comes from local JSON,
  • shared-responsibility hints come from code,
  • POA&M entries are formatted by a deterministic helper,
  • specialist analysis happens through Agent.as_tool(),
  • local workspace inspection happens through codex_tool(...).

Status

This repository is a demo. It is not a production assessment platform and it is not a substitute for formal security or compliance review.

What it does

  • assesses a local SSP and evidence bundle against a small NIST 800-53 / FedRAMP Moderate starter dataset,
  • returns typed findings and a compliance rollup,
  • generates POA&M-ready remediation entries for weak controls,
  • uses specialist agents for policy review and evidence review,
  • keeps Codex inside workspace-write with network disabled.

Project layout

codex-grc-agent-demo/
├── data/
│   ├── fedramp-baselines.json
│   └── nist-800-53-r5.json
├── examples/
│   ├── sample-ssp.md
│   └── evidence/
│       ├── access-review.md
│       ├── logging-procedure.md
│       └── mfa-standard.md
├── src/grc_agent/
│   ├── agent.py
│   ├── cli.py
│   ├── datasets.py
│   └── models.py
└── tests/

Install

python -m venv .venv
source .venv/bin/activate
pip install -e ".[dev]"
npm i -g @openai/codex

Codex CLI can authenticate with either CODEX_API_KEY or OPENAI_API_KEY.

export OPENAI_API_KEY=sk-...

Run

grc-agent assess \
  --framework "NIST 800-53" \
  --baseline "FedRAMP Moderate" \
  examples/sample-ssp.md

Optional file output:

grc-agent assess \
  --framework "NIST 800-53" \
  --baseline "FedRAMP Moderate" \
  --output out/assessment.json \
  examples/sample-ssp.md

Notes

  • The included framework data is intentionally tiny so the repo stays readable.
  • Swap the JSON files in data/ for fuller baseline data before treating outputs as meaningful.
  • The agent code follows the current OpenAI docs pattern for Runner.run(...).final_output, Agent.as_tool(), and the experimental codex_tool.

Test

python -m pytest

About

GRC assessment demo built with the OpenAI Agents SDK and Codex CLI

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages