init: git all the things!

AUTONOMOUS-CODEX.md

@@ -0,0 +1,52 @@
+# Autonomous Codex
+
+Use the project launcher to run Codex with the `azi4a2-autonomous` permission
+profile:
+
+```sh
+./codex-auto
+```
+
+For a non-interactive task:
+
+```sh
+./codex-auto exec "Continue the Astro migration, verify the build and audits, and document unresolved issues."
+```
+
+The launcher automatically permits non-interactive runs in this mounted
+workspace even when Codex cannot discover its Git metadata.
+
+The profile:
+
+- never pauses for approval
+- limits filesystem access to minimal runtime files plus this project
+- allows writes in this project
+- keeps `.codex` and `www.azinstitute4autism.com` read-only
+- permits normal Git operations, including staging and committing
+- enables live web search and outbound network retrievals
+
+Outbound network access is domain-unrestricted because package installation and
+retrieval sources vary. The sandbox cannot distinguish a retrieval from another
+outbound request, so do not place secrets in project files or task prompts.
+
+The profile is stored outside the workspace at:
+
+```txt
+~/.codex/azi4a2-autonomous.config.toml
+```
+
+Do not add `--sandbox`; legacy sandbox flags override the custom permission
+profile. Do not use `--dangerously-bypass-approvals-and-sandbox`.
+
+## Verification
+
+The nested setup smoke test confirmed that the project is readable and
+`~/.codex/auth.json` is not readable. In the current host session, sandboxed
+shell retrievals resolved domains but were reset by the beta network proxy.
+After launching `./codex-auto` directly, verify shell retrievals with:
+
+```sh
+curl -fsS https://registry.npmjs.org/astro >/dev/null
+```
+
+Live web search is separate from shell network access and remains enabled.