codex-agents-local is a local Codex hook helper. It runs with the same user permissions as Codex, so the safe operating model is intentionally narrow.

• Reads AGENTS.md and AGENTS.local.md files under the current workspace root.
• Writes generated AGENTS.override.md files only in directories that contain AGENTS.local.md.
• Writes hook state under ~/.codex/tmp/codex-agents-local/state.json.
• Updates ~/.codex/hooks.json during installation.
• Installs codex-agents-local into ~/.local/bin by default.

• It does not execute repository files.
• It does not use eval, source, sh -c, bash -c, sudo, or shell=True.
• It does not replace, wrap, alias, or move the official codex command.
• It does not overwrite an unmanaged AGENTS.override.md.
• It does not read or write secrets intentionally.
• It does not send workspace contents to a network service.

An existing AGENTS.override.md is updated only when it contains the managed marker:

<!-- Generated by codex-agents-local. Do not edit by hand. -->

If the file exists without this marker, it is treated as manually owned. The tool leaves it untouched and emits a warning that local append-only guidance should move into AGENTS.local.md.

Run the local audit gate before publishing changes:

make audit

The audit requires shellcheck, rg, git, and python3. It checks:

• shell syntax for install and hook scripts
• ShellCheck findings
• Python bytecode compilation
• absence of CJK project text
• dangerous shell patterns
• dangerous Python patterns
• temporary installation behavior
• SessionStart and UserPromptSubmit hook behavior