Agent repeatedly runs forbidden git commands despite explicit instructions ( doesn't follow agents.md) #6022
Description
What version of Codex is running?
0.53.0
What subscription do you have?
Pro
Which model were you using?
gpt-5-codex ( mostly medium)
What platform is your computer?
macOS Sonoma 14.5 (Apple Silicon) – Codex CLI running inside LocalWP environment
What issue are you seeing?
The automated agent repeatedly executed git checkout -- <file> on files owned by another teammate even after being instructed multiple times (and in writing) never to touch those files. Each attempt risked wiping active work; some earlier attempts already removed other agents' changes. The CLI log shows the agent trying to revert other agents, other codex cli taps, even though that file was out of scope. The behavior violates project safeguards and causes data loss/stress for the human operators.
Even if I mentioned "Never do that". but it's 4th time today.
What steps can reproduce the bug?
Uploaded thread: 019a26ad-8069-7dc2-bd61-2d28a51204a4
- Start a Codex CLI session .
- Provide clear repository rules (agents.md) : do not run
git checkout, do not revert other agents' work. ( no git checkout, reset, clean,rem, find..-delete) - Give the agent a task limited to map-list layout files.
- Observe the agent still running:
git statusgit diff inc/Modules/Payment/Admin/Views/membership-admin.phpgit checkout -- inc/Modules/Payment/Admin/Views/membership-admin.php
- Even after warnings, the agent repeats the same destructive commands multiple times.
It's 4th time today. It keeps reseting other agent's task or git status list.. ( I use 1~3 codex cli today and claude code too. )
What is the expected behavior?
The codex cli agent should obey repository rules, restrict actions to assigned files, and avoid any git commands that would revert or delete work by others unless explicitly authorized.
Additional information
No response