Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
No blocking static signals were detected.
Trigger
User runs `traice-codex-collector install` or `collect`; persistence additionally requires `--launch-agent` or `--start-service`.
Impact
Configured destinations receive Codex usage, identity, project-path, model, and policy metadata; optional LaunchAgent keeps collection running.
Mechanism
Explicit Codex telemetry configuration, local session harvesting, and authenticated usage forwarding.
Rationale
No concrete malicious lifecycle, remote-code execution, credential theft, or hidden persistence chain was found. Warn because explicit installation mutates Codex configuration and enables ongoing collection and forwarding of Codex-derived metadata.
Evidence
package.jsoncli.mjsinstall.mjscollector.mjsREADME.md~/.codex/config.toml~/.codex/sessions/**/*.jsonl~/.codex/state_5.sqlite~/.traice/internal-spend-codex/install.json~/.traice/internal-spend-codex/requests.ndjson~/.traice/internal-spend-codex/events.ndjson~/Library/LaunchAgents/com.traice.internal-spend-codex-collector.plist