codex-pet-limit-rings is local-first, but it does read local Codex authentication state so it can request live usage data.
Do not share ~/.codex/auth.json, Codex logs, screenshots containing private prompts, or generated files from tmp/ when filing issues.
If you report a security issue, include the smallest source-level description needed to reproduce it. Do not include bearer tokens or local Codex data.