chore: AGENTS.md compliance and metyatech standard alignment#1
chore: AGENTS.md compliance and metyatech standard alignment#1
Conversation
Summary of changes: - Set up agent-ruleset.json and migrated manual rules to agent-rules-local/codex-rs.md. - Added SECURITY.md. - Updated README.md, package.json, and Cargo.toml branding and metadata to metyatech/codex. - Added root verify script for monorepo-wide checks. - Added CodeQL security scanning workflow.
|
Agent runner idle completed. Repo: metyatech/codex Summary: |
There was a problem hiding this comment.
Pull request overview
This PR aims to align the repository with AGENTS.md/metyatech standards by adding agent rule composition config/docs, updating branding/metadata to the metyatech/codex repo, introducing a repo-wide verification script, and enabling CodeQL security scanning.
Changes:
- Added agent ruleset composition (
agent-ruleset.json,agent-rules-local/, regeneratedAGENTS.md). - Updated repository branding/metadata across docs and package manifests (GitHub URLs, npm package name, Cargo metadata, README/CHANGELOG/install docs).
- Added security posture improvements (standard
SECURITY.md, new CodeQL workflow) and a rootverifyscript.
Reviewed changes
Copilot reviewed 15 out of 16 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| shell-tool-mcp/package.json | Updates repository URL metadata to metyatech/codex. |
| sdk/typescript/package.json | Updates repository URL metadata to metyatech/codex. |
| package.json | Adds repository metadata and a new verify script. |
| docs/install.md | Updates clone URL to metyatech/codex. |
| codex-rs/responses-api-proxy/npm/package.json | Updates repository URL metadata to metyatech/codex. |
| codex-rs/README.md | Updates GitHub Releases link (but still has conflicting npm install instructions). |
| codex-rs/Cargo.toml | Adds workspace-level repository and homepage metadata. |
| codex-cli/package.json | Renames published package to @metyatech/codex and updates repository URL. |
| agent-ruleset.json | Adds ruleset source reference and includes local codex-rs rules. |
| agent-rules-local/codex-rs.md | Introduces codex-rs local engineering/testing/API conventions for agent use. |
| SECURITY.md | Adds a standard security policy and contact. |
| README.md | Updates installation instructions/branding and adds links to CHANGELOG/SECURITY. |
| CHANGELOG.md | Updates releases page link to metyatech/codex. |
| AGENTS.md | Adds composed global rules + local codex-rs rules (large regenerated file). |
| .github/workflows/codeql.yml | Adds CodeQL scanning workflow for JavaScript and Rust. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| @@ -1,5 +1,5 @@ | |||
| { | |||
| "name": "@openai/codex", | |||
| "name": "@metyatech/codex", | |||
There was a problem hiding this comment.
Renaming the published package to @metyatech/codex likely requires updating the rest of the repo that still hard-codes @openai/codex (docs, release tooling, and runtime package resolution in codex-cli/bin/codex.js, etc.). As-is, this looks like a partial rename that could break installs/publishing unless those references and any platform package names are updated (or the package name change is reverted).
| "name": "@metyatech/codex", | |
| "name": "@openai/codex", |
| - Total ≤350 lines; per-module ≤30 (soft). Overage → extract procedural content to skills. | ||
| - **Rules** = invariants (always loaded, concise). **Skills** = procedures (on-demand, detailed). |
There was a problem hiding this comment.
The size budget states AGENTS.md should be ≤350 lines, but the generated file is currently 491 lines long. This makes the ruleset self-inconsistent; consider adjusting the composed modules or moving procedural content into skills so the generated AGENTS.md stays within the stated limit.
| - `Remove-Item` (aliases: `rm`, `ri`, `del`, `erase`) ↁEUse: `if ([IO.File]::Exists($p)) { [IO.File]::SetAttributes($p,[IO.FileAttributes]::Normal); [IO.File]::Delete($p) }` | ||
| - `Remove-Item -Recurse` (aliases: `rmdir`, `rd`) ↁEUse: `if ([IO.Directory]::Exists($d)) { [IO.File]::SetAttributes($d,[IO.FileAttributes]::Normal); foreach ($e in [IO.Directory]::EnumerateFileSystemEntries($d,'*',[IO.SearchOption]::AllDirectories)) { [IO.File]::SetAttributes($e,[IO.FileAttributes]::Normal) }; [IO.Directory]::Delete($d,$true) }` |
There was a problem hiding this comment.
The text "ↁEUse" looks like an encoding/typo corruption in these PowerShell safety bullets. Since AGENTS.md is generated, please fix this in the source rules (agent-rules module) so it regenerates cleanly (e.g., "Use:").
| "format": "prettier --check *.json *.md docs/*.md .github/workflows/*.yml **/*.js", | ||
| "format:fix": "prettier --write *.json *.md docs/*.md .github/workflows/*.yml **/*.js" | ||
| "format:fix": "prettier --write *.json *.md docs/*.md .github/workflows/*.yml **/*.js", | ||
| "verify": "npm run format && just clippy && just test" |
There was a problem hiding this comment.
The new verify script uses npm run format even though the repo is pinned to pnpm (see packageManager/CI). Also, it only runs formatting + Rust clippy/tests, so it isn’t actually “monorepo-wide” (it skips SDK/shell-tool-mcp checks that CI runs via pnpm). Consider switching to pnpm run format and either adding pnpm workspace checks (e.g., filtered build/lint/test) or renaming the script/PR description to match what it verifies.
| Today, the easiest way to install Codex is via `npm`: | ||
| ```shell | ||
| npm i -g @openai/codex |
There was a problem hiding this comment.
@openai/codex is still referenced in the Rust CLI install instructions, but the repo README and codex-cli/package.json now point to @metyatech/codex. To avoid conflicting installation guidance, update this install snippet (and any other references in this README) to the intended npm package name.
| npm i -g @openai/codex | |
| npm i -g @metyatech/codex |
This PR brings the repository into compliance with AGENTS.md and metyatech standards.
Changes: