Rules File Design - Declarative Command Permission Control
About 5 minutes
Codex Rules classify commands requested outside the sandbox by command prefix. They turn guidance such as “production builds need approval” into an executable decision boundary.
Rules compared with AGENTS.md
Section titled “Rules compared with AGENTS.md”| Area | AGENTS.md | .rules |
|---|---|---|
| Purpose | Explain working policy | Enforce command decisions |
| Format | Markdown | prefix_rule(...) |
| Example | State that builds need approval | Mark npm run build as prompt |
Rules are experimental, so confirm the current syntax before deployment.
Create a rule
Section titled “Create a rule”Store user rules in ~/.codex/rules/default.rules or project rules in .codex/rules/*.rules for trusted projects.
prefix_rule(
pattern = ["npm", "run", "build"],
decision = "prompt",
justification = "Production builds require explicit approval",
match = ["npm run build"],
not_match = ["npm run dev"],
)pattern matches an argument prefix. match and not_match document examples that should or should not match.
- allow: low-impact, repeatable inspection commands
- prompt: external writes, publishing, dependencies, or broad network access
- forbidden: destructive actions or approval bypasses
Design Command Decisions
Section titled “Design Command Decisions”Avoid broad rules such as allowing every git command. Prefer narrow prefixes such as git status and git diff.
Policy in This Repository
Section titled “Policy in This Repository”This repository treats npm run dev and npm run harness:check as routine checks, while npm run build requires explicit approval. AGENTS.md explains that policy; Rules and approval settings reinforce it.
Rules cannot validate content quality or project structure. Hooks and CI handle those checks. Next, Commands and Workflows organizes reusable execution entry points.