Codex Guardrails
Enforces Codex-specific CI safety standards. Validates that Codex CLI invocations do not use dangerous flags and use structured JSON output.
codex to your lunar-config.yml:uses: github://earthly/lunar-lib/policies/codex@v1.0.5
Included Guardrails
This policy includes 2 guardrails that enforce standards for your devex build and ci.
cli-safe-flags
Ensures Codex CLI invocations in CI do not use dangerous permission-bypassing flags. Flags like --full-auto remove safety guardrails that prevent the AI from executing arbitrary code without human approval.
cli-structured-output
Ensures Codex CLI invocations in CI use structured JSON output instead of plain text. JSON output makes AI automation deterministic and parseable.
How Guardrails Fit into Lunar
Lunar guardrails define your engineering standards as code. They evaluate data collected by integrations and produce pass/fail checks with actionable feedback.
Policies support gradual enforcement—from silent scoring to blocking PRs or deployments—letting you roll out standards at your own pace without disrupting existing workflows.
Learn How Lunar Works →Example Evaluated Data
This policy evaluates structured metadata from the Component JSON. Here's an example of the data it checks:
{
"ai": {
"native": {
"codex": {
"cicd": {
"cmds": [
{
"cmd": "codex exec --json 'review this PR'",
"tool": "codex",
"version": "0.1.0"
}
]
}
}
}
}
}Required Integrations
This policy evaluates data gathered by one or more of the following integration(s).
Make sure to enable them in your lunar-config.yml.
Configuration
Configure this policy in your lunar-config.yml.
Inputs
| Input | Required | Default | Description |
|---|---|---|---|
dangerous_flags
|
Optional |
--dangerously-bypass-approvals-and-sandbox,--yolo,--full-auto
|
Comma-separated dangerous flags for Codex CLI |
Documentation
View on GitHubCodex Guardrails
Codex-specific CI safety and conventions guardrails.
Overview
This policy enforces Codex-specific CI standards. It validates that Codex CLI invocations in CI pipelines do not use dangerous permission-bypassing flags and use structured JSON output for deterministic automation.
Policies
| Policy | Severity | Description |
|---|---|---|
cli-safe-flags |
error | Codex CLI must not use --full-auto or similar flags |
cli-structured-output |
warning | Codex CLI in CI should use structured JSON output |
Required Data
| Path | Provided By | Description |
|---|---|---|
.ai.native.codex.cicd.cmds[] |
codex collector |
Codex CLI invocations captured in CI |
Installation
collectors:
- uses: github://earthly/lunar-lib/collectors/codex@main
on: ["domain:your-domain"]
policies:
- uses: github://earthly/lunar-lib/policies/codex@main
enforcement: report-pr
Examples
Passing
Codex CLI using safe flags and structured output:
{
"ai": {
"native": {
"codex": {
"cicd": {
"cmds": [
{
"cmd": "codex exec --json 'review this PR'",
"tool": "codex"
}
]
}
}
}
}
}
Failing
Codex CLI using dangerous flag:
{
"ai": {
"native": {
"codex": {
"cicd": {
"cmds": [
{
"cmd": "codex --full-auto 'deploy to prod'",
"tool": "codex"
}
]
}
}
}
}
}
Remediation
- cli-safe-flags: Remove
--full-autofrom Codex CI invocations. Use scoped permissions instead. - cli-structured-output: Add
--jsonor equivalent structured output flag to Codex CLI invocations in CI.
Open Source
This policy is open source and available on GitHub. Contribute improvements, report issues, or fork it for your own use.
Common Use Cases
Explore how individual guardrails work with specific integrations.
Ready to Automate Your Standards?
See how Lunar can turn your AGENTS.md, engineering wiki, compliance docs, or postmortem action items into automated guardrails with our 100+ built-in guardrails.
AI agent rules & prompt files
Post-mortem action items
Security & compliance policies
Testing & quality requirements