Codex Autonomy Setup
Codex works best when the repository explains what it may do, the local workspace is trusted, and routine verification commands can run without interrupting the session.
Use this guide to prepare a Tasq checkout for long-running local Codex work. If a session still becomes blocked despite this setup, use Recover a Blocked Session to resume the exact Codex thread from Tasq activity.
For Codex product details, see the official Codex documentation for custom instructions, and permissions.
1. Keep Repository Instructions Current
Codex reads repository instructions from AGENTS.md when a session starts.
Keep this file operational and concise:
- Preferred language and tone.
- Branch, commit, push, and PR rules.
- Required verification commands.
- Examples of wrapper scripts that make approved commands safer, when your workflow uses them.
- Documentation synchronization rules.
When a workflow becomes too long for AGENTS.md, move the details into
versioned docs and link to them from AGENTS.md.
2. Maintain Codex Configuration
Codex autonomy depends on local configuration as much as repository
instructions. Keep ~/.codex/config.toml current when you add a Tasq checkout,
create a long-lived worktree, or introduce a toolchain that writes outside the
repository.
First, trust each checkout or worktree that Codex should operate in:
# ~/.codex/config.toml
[projects."/Users/YOU/src/tasq"]
trust_level = "trusted"
Then make workspace-write permissions explicit. For older Codex configuration,
use sandbox_workspace_write.writable_roots to allow the project, the Tasq
project .git directory, and tool cache directories that routine commands
need:
# ~/.codex/config.toml
sandbox_mode = "workspace-write"
approval_policy = "on-request"
[sandbox_workspace_write]
writable_roots = [
"/Users/YOU/src/tasq",
"/Users/YOU/src/tasq/.git",
"/Users/YOU/Library/Caches",
"/Users/YOU/.cache",
"/Users/YOU/.npm",
"/Users/YOU/.pnpm-store",
"/Users/YOU/Library/pnpm/store",
"/Users/YOU/go/pkg/mod",
"/Users/YOU/.cargo",
"/Users/YOU/.gradle",
"/Users/YOU/.m2",
]
For current Codex permissions, prefer a named profile so the same filesystem rules can be reused across sessions:
# ~/.codex/config.toml
default_permissions = "tasq_workspace"
[permissions.tasq_workspace]
description = "Tasq workspace with language and CLI cache writes enabled."
extends = ":workspace"
[permissions.tasq_workspace.filesystem.":workspace_roots"]
"." = "write"
[permissions.tasq_workspace.workspace_roots]
"/Users/YOU/src/tasq" = true
"/Users/YOU/src/tasq/.git" = true
"/Users/YOU/Library/Caches" = true
"/Users/YOU/.cache" = true
"/Users/YOU/.npm" = true
"/Users/YOU/.pnpm-store" = true
"/Users/YOU/Library/pnpm/store" = true
"/Users/YOU/go/pkg/mod" = true
"/Users/YOU/.cargo" = true
"/Users/YOU/.gradle" = true
"/Users/YOU/.m2" = true
Adjust the cache list to the languages, CLIs, and SDKs used by your local workflow. Common examples include npm, pnpm, Go, Cargo, Gradle, Maven, Python package caches, and SDK-specific cache directories. Keep the paths narrow: grant the exact cache directory instead of the whole home directory.
Tasq uses Git worktrees for agent work. When you add a project to Tasq, also
allow writes to that project's root .git path. A worktree checkout can store
its Git metadata as a file that points back to the root repository, and Codex
may need write access to the root .git directory for branch, commit, stash,
and worktree operations.
3. Allow Routine Local Commands
Codex can be more autonomous when low-risk read and verification commands do not require repeated prompts. Keep the allowlist narrow and leave destructive operations, history rewriting, credential changes, and direct remote writes behind prompts or explicit wrapper scripts.
Use Codex rules for repeatable command decisions. See the official
Codex rules documentation for the
current .rules file format, rule fields, and codex execpolicy check.
Useful low-risk command groups for Tasq work include:
git status,git diff,git log, andgit show.rg,sed -n,cat,find, andls.go test ./...,npm run typecheck, and focused frontend test commands.make dev-docs-buildorcd docs/site && npm run buildfor documentation changes.- Read-only
gh pr view,gh pr diff, andgh pr checks.
Wrapper scripts are optional examples, not required Tasq commands. If your workflow provides scripts that validate arguments and limit side effects, you can route approved remote writes through those scripts instead of allowing the raw command directly:
~/.codex/bin/safe-git-push
~/.codex/bin/safe-gh-edit pr <number> --body-file <file>
For user-local defaults, place rules in ~/.codex/rules/default.rules. For
project-local Tasq defaults, place them in .codex/rules/default.rules and keep
the project trusted so Codex loads the project .codex/ layer.
# ~/.codex/rules/default.rules or .codex/rules/default.rules
prefix_rule(
pattern = ["git", ["status", "diff", "log", "show"]],
decision = "allow",
justification = "Read-only Git inspection is safe for routine Tasq work.",
match = [
"git status --short",
"git diff -- docs/site",
"git log --oneline -5",
"git show --stat",
],
)
prefix_rule(
pattern = [["rg", "find", "ls", "cat"]],
decision = "allow",
justification = "Repository inspection commands are safe when scoped by the sandbox.",
match = [
"rg TODO docs",
"find docs/site -maxdepth 2 -type f",
"ls docs/site",
"cat AGENTS.md",
],
)
prefix_rule(
pattern = ["npm", "run", ["build", "typecheck", "test"]],
decision = "allow",
justification = "Tasq frontend and docs verification commands are expected.",
match = [
"npm run build",
"npm run typecheck",
"npm run test",
],
)
prefix_rule(
pattern = ["go", "test"],
decision = "allow",
justification = "Go tests are routine local verification.",
match = [
"go test ./...",
"go test ./internal/...",
],
)
prefix_rule(
pattern = ["/Users/YOU/.codex/bin/safe-git-push"],
decision = "prompt",
justification = "Remote writes should stay explicit even when routed through a wrapper script.",
)
After editing rules, restart Codex so the updated files are loaded. To validate a rule before relying on it, run:
codex execpolicy check --pretty \
--rules ~/.codex/rules/default.rules \
-- git status --short
4. Define the Goal and Workflow Path
For larger tasks, give Codex both a clear task goal and a documented path for
the work. The prompt should define the outcome for the current run, while
WORKFLOW.md should describe the repeatable steps an agent follows in the
repository.
Use the task goal to state:
- The target branch or PR.
- Files or product area in scope.
- What should not change.
- Required tests or docs build commands.
- Whether Codex should commit, push, or create a PR.
Use WORKFLOW.md to make the agent route explicit:
- How to inspect the current state before editing.
- Which implementation steps to take, in order.
- Which commands verify the work.
- Which actions require human approval.
- What to do when the expected route is blocked.
Keep WORKFLOW.md close to the work it governs. A repository-wide workflow can
live at the root, while a product area or package can have a narrower workflow
document beside its code. Link the relevant workflow from AGENTS.md when the
agent should always consider it.
If the task is long-running, ask Codex to keep a goal and update it as work progresses. The combination of a clear task goal and an explicit workflow path reduces dead ends and makes recovery easier when the terminal disconnects or the session needs to be resumed later. For recovery steps, see Recover a Blocked Session.
5. Keep Autonomy Bounded
Autonomy should reduce waiting, not bypass review. Keep these actions explicit:
- Deleting files or branches.
- Rewriting Git history.
- Editing credentials, global configuration, or managed policy.
- Pushing to a remote without a prompt, review step, or wrapper that limits the command.
- Editing GitHub issues or PRs without a prompt, review step, or wrapper that limits the command.
- Running commands outside the trusted workspace.
When Codex asks for approval, review the command, working directory, and likely side effects before allowing it.