What is a local AI agent control center?

A local AI agent control center is a dashboard or operating layer that shows what an AI coding agent is doing, keeps tasks approval-gated, records safe metadata, and gives the human operator a way to review or stop work before the agent gets more autonomy.

Can this prompt work with Claude Code or Cursor?

Yes, but it should be adapted. The prompt is written around Codex defaults, so Claude Code, Cursor, or another coding LLM should adjust the CLI commands, session paths, event formats, hooks, and sandbox controls for that tool while preserving the privacy rules.

Does the control center need an OpenAI API key?

The public prompt requires no OpenAI API key for local observation. It asks the system to read local metadata only and avoid direct model calls from the dashboard itself.

What should not be included in a public agent-control dashboard?

Do not include credentials, auth files, raw prompts, assistant output, private logs, databases, production exports, sensitive business records, local usernames, or screenshots showing private UI.

Build Your Own Local AI Agent Control Center

A prompt by itself is not an operating system. It can start a useful build, but it does not give you visibility, approval gates, privacy rules, logs, or a way to stop a runaway task.

That is the useful lesson behind Codex Control Center. The public project is a local-first dashboard for observing Codex activity and launching approval-gated work. The reusable part is bigger than Codex: small teams need a pattern for letting AI agents work locally without handing them the whole machine, the whole repo, or the whole business.

So I turned the system into a public-safe build prompt. You can copy it, adapt it, and ask a coding LLM to build a similar control center for your own setup. The important bit is not the exact UI. The important bit is the safety model: local-first observation, metadata-only storage, fake fixtures, read-only defaults, and human approval before execution.

Generated editorial image of a local AI agent control center dashboard with task queues, approval gates, safety checks, and a prompt panel — Generated with GPT Image inside Codex: the control-center pattern in one public-safe visual.

Why agent control centers matter now

Coding agents are moving from "write this function" toward "operate inside my workflow." Codex can run locally from the terminal, inspect a selected directory, edit files, and run commands. Claude Code has hooks and permission events. Cursor and similar tools are getting more agentic. The agent is no longer just answering a question; it is touching the working environment.

That shift changes the product requirement. A useful agent setup needs more than a clever instruction. It needs a control layer that answers practical questions:

What is the agent allowed to read?
What is it allowed to write?
Which tasks require approval?
What did it do last time?
What should be hidden from public demos and GitHub?
How does the human stop or review work before it spreads?

OpenAI's safety writing around Codex points at sandboxes, approvals, and agent-aware telemetry. Microsoft is using the language of observability and governance for agents. Claude Code's hooks make tool events programmable. Different ecosystems, same direction: agents need a visible operating layer.

What the public prompt builds

The prompt asks the LLM to build a local AI agent control center. In the Codex version, Observe Mode reads local Codex metadata, and Control Mode launches approved tasks through the local Codex CLI.

The expected app is simple in concept:

Dashboard: health, recent activity, usage signals, and privacy posture.
Tasks: a queue where new work starts as awaiting approval.
Results: safe summaries and metadata rather than raw private output.
Skills: discovered local skill or plugin metadata without exposing private paths.
Publishing checks: reminders and scanner logic for keeping secrets, logs, databases, and private screenshots out of public repos.

The recommended stack is deliberately ordinary: Python, FastAPI, SQLite, Vite, React, TypeScript, Tailwind, React Query, and lucide icons. No cloud dependency is required for local observation.

The public demo uses fake fixtures and demo-safe screenshots, so people can inspect the product shape without seeing private local sessions, prompts, paths, or logs.

Codex Control Center dashboard with local metadata cards, usage signals, and system health — **Dashboard** Health, recent activity, usage signals, and privacy posture in one local-first view.

Codex Control Center tasks page with read-only queue task form and approval gate — **Tasks** New work starts queued, scoped, and approval-gated before the local agent runs.

Codex Control Center results page with safe task summaries and filters — **Results** Safe summaries and metadata, without raw private prompts, outputs, or command logs.

Codex Control Center skills page with safe plugin and workspace skill labels — **Skills** Local skill and plugin awareness without exposing full private workspace paths.

The real deliverable is the boundary.

The dashboard can be redesigned. The stack can be swapped. The useful part is the operating rule: observe locally, store metadata, ask before running tasks, and never turn private workspace data into public proof.

What the prompt deliberately avoids

The prompt is intentionally strict because the tempting version of this project is dangerous. A dashboard that reads everything, stores everything, and screenshots everything would be easier to build. It would also be a privacy mess.

The public-safe version says no to:

auth files;
API keys and tokens;
raw prompt text;
assistant output;
raw command output;
absolute local paths;
private logs and databases;
screenshots with private UI;
unattended dangerous execution.

That is why the prompt requires fake fixtures and a public-safety checklist. If the generated app cannot explain what it reads, what it stores, and what it never touches, it is not ready.

How to adapt it for Codex, Claude Code, Cursor, or another LLM

The prompt is written with Codex in mind because Codex Control Center is the reference project. But the pattern is portable.

Tool	What to adapt	What stays the same
Codex	Use Codex session metadata and local CLI commands.	Read-only defaults, approval gates, metadata-only views.
Claude Code	Use Claude Code session paths, hooks, permissions, and tool events.	Human review before risky actions and no private logs in public output.
Cursor	Use Cursor's workspace behavior, agent settings, and available local metadata.	Scoped workspace, fake fixtures, and explicit task approval.
Other LLMs	Map the CLI, event format, sandbox model, and file locations.	The privacy boundary and control model.

The adaptation request should be explicit. Before asking the model to build, say: "First identify the correct local session paths, CLI commands, sandbox controls, and event formats for this tool. Preserve the privacy requirements exactly."

The browser walkthrough below shows the finished control-center shape using demo-safe data. The launch video is useful context too, but I would keep this post focused on the tutorial and hands-on tour.

Copy the prompt

This is the public-safe build prompt. It is designed to be useful without exposing private project details. Start with fake fixtures, review generated code before running it, and keep real credentials out of the workspace.

Public-safe prompt

Copy the public-safe build prompt

Paste this into Codex, Claude Code, Cursor, or another coding LLM. Ask it to adapt the tool-specific paths and commands before it starts building.

Ready to copy

Build a local-first AI agent control center inspired by Codex Control Center.

If you are running in Codex, use Codex-specific paths and commands. If you are running in Claude Code, Cursor, or another coding LLM, adapt the implementation to that tool's CLI, local session format, sandbox model, and metadata paths. Keep the same local-first, metadata-only, approval-gated privacy model.

Requirements:

- No OpenAI API key is required for local observation.
- The dashboard itself must not call OpenAI.
- Observe Mode reads local Codex metadata from `~/.codex/sessions`.
- Control Mode launches approved tasks through `codex exec --json --ephemeral`.
- Never read or store `~/.codex/auth.json`.
- Store metadata only by default.
- Do not store prompt text, assistant output, raw command output, `.env`, tokens, or absolute local paths.
- Redact project paths to basename plus a stable local hash.
- Bind to `127.0.0.1`.
- Use Python, FastAPI, SQLite WAL, Vite, React, TypeScript, Tailwind, TanStack Router, React Query, and lucide icons.
- Tasks start as `awaiting_approval`.
- Default sandbox is `read-only`.
- Allow `workspace-write` only when explicitly selected.
- Block `danger-full-access` in v1.
- Emergency stop may kill only dashboard-launched child PIDs.
- Include fake fixtures and a public-safety checklist for GitHub sharing.

Public-sharing rules:

- Use fake demo data only.
- Do not include private project names, client names, account identifiers, local usernames, raw prompts, logs, databases, exports, or screenshots with private UI.
- Document which data is read, which data is stored, and which data is never touched.
- Add a scanner or checklist that flags secrets, local paths, databases, logs, and raw session files before publishing.

Deliver:

- A working local app.
- Public-safe docs.
- Fake test fixtures.
- Parser, API, and frontend tests.
- A clear README stating: "No API key required for local observation."

Before you run it

Before you paste the prompt into a coding agent, use this small checklist.

Use a new folder. Do not build inside a private production repo.
Start with fake fixtures. The first version should not need real session data.
Keep secrets outside the workspace. No auth files, API keys, tokens, databases, or private exports.
Ask for a plan first. Make the agent explain local paths, commands, and storage before writing code.
Default to read-only. Any write permission should be explicit and narrow.
Review generated code. Especially file readers, process launchers, subprocess commands, and public demo logic.
Run the scanner. Before GitHub, scan for secrets, local paths, logs, databases, and private screenshots.

This is the same pattern I use when turning private systems into public proof: publish the workflow and the boundary, not the private data that made the internal version useful.

Useful next step

Open the interactive demo, copy the prompt, then ask your coding agent to adapt it to your toolchain before it writes files.

Build Your Own Local AI Agent Control Center

Why agent control centers matter now

What the public prompt builds

What the prompt deliberately avoids

How to adapt it for Codex, Claude Code, Cursor, or another LLM

Copy the prompt

Copy the public-safe build prompt

Before you run it

Sources

Want a system
like this one?

Build Your Own Local AI Agent Control Center

Why agent control centers matter now

What the public prompt builds

What the prompt deliberately avoids

How to adapt it for Codex, Claude Code, Cursor, or another LLM

Copy the prompt

Copy the public-safe build prompt

Before you run it

Sources

Related Articles

Safe Coding Agents Need Logs, Sandboxes, and Review Queues

AI Agents Need a Control Plane, Not Just Better Prompts

From Prompt Library to Skill Library

Want a systemlike this one?

Want a system
like this one?