setup-permissionslisted

# Set Up Codex Permissions Review the repo and propose narrow Codex permission/config guidance before the user hits repeated approval prompts. Treat permissions and sandbox settings as a security boundary. ## Targets Prefer the least invasive target: - **Project guidance in `AGENTS.md`**: default for documenting commands that should be run and which ones need care. - **Project trust in `~/.codex/config.toml`**: only if the user explicitly wants this repo trusted and understands it is personal machine config. - **Codex hooks or plugin config**: only for deterministic automation that should always run. - **Global config**: only for genuinely global, user-approved behavior. Do not silently edit `~/.codex/config.toml`; show the exact change first. ## Rule Of Thumb Propose narrow, frequent, low-risk operations. Do not propose broad or destructive allows. Good examples: - test commands from project manifests; - lint/format commands; - build/type-check commands; - read-only `gh` status and PR inspection; - scoped package manager commands that do not publish or mutate global state. Do not propose: - `rm`, `sudo`, force-push, destructive git reset/checkout, deploys, releases, publish commands, secret reads, `.env` reads, or `curl ... | sh`; - broad shell rules that would cover unrelated commands. ## Procedure ### 1. Orient - Read existing `AGENTS.md`, `.codex/`, `.agents/`, README, and manifests. - Check whether the repo is already trusted in `~/.codex/config.tom