Codex agent commits unrelated files using git add -A despite explicit “commit only working changes” policy #8548
Description
What version of Codex is running?
codex-cli 0.77.0
What subscription do you have?
ChatGPT Plus
Which model were you using?
gpt-5.1-codex-mini (reasoning medium, summaries auto)
What platform is your computer?
Linux 6.12.48+deb13-amd64 x86_64 unknown
What issue are you seeing?
The Codex agent commits unrelated and unreviewed files by running git add -A, even when the repository explicitly defines a strict commit policy (“commit only working changes”) and the agent previously acknowledged that unrelated changes were present.
A generic user confirmation (“Let’s commit the changes”) is incorrectly interpreted as permission to stage and commit the entire working tree, resulting in unsafe and policy-violating commits.
What steps can reproduce the bug?
-
Prepare a Git repository with:
- multiple unrelated modified and/or untracked files;
- an
AGENTS.mdfile that explicitly states “commit only working changes”.
-
Ask the agent to perform a refactoring task affecting only a subset of files.
-
The agent detects unrelated changes and states it cannot safely commit without guidance.
-
User replies with a generic confirmation, e.g. “Let’s commit the changes”.
-
The agent executes:
git add -Agit commit …
-
The resulting commit includes unrelated files from the working tree.
What is the expected behavior?
What is the expected behavior?
When unrelated or untracked files are present, the agent should:
- never use
git add -Aby default; - treat generic confirmations as insufficient authorization;
- request an explicit file list or use constrained staging (explicit paths, whitelist, or
git add -p); - consistently enforce repository-defined commit policies, regardless of user confirmation phrasing.
Additional information
- The agent correctly stated the policy and risks during planning but failed to enforce them at execution time.
- This appears to be a guardrail or execution-layer issue rather than a misunderstanding of repository rules.
- From the user’s perspective, this behavior is unsafe and breaks trust in agent-driven Git operations, especially in professional workflows.
Commit AGENTS.md rules part:
Commit policy (mandatory)
- Commit only working changes. Do NOT commit WIP, broken builds, partially-applied patches, or “temporary” hacks.
- Each commit must leave the tree in a buildable state. If tests are expected for the change, they must pass before committing.
- Any debug/diagnostic logging added to library code must remain fully disable-able via conditional compilation
and must not change release behavior unless explicitly intended and documented. - Before committing, validate via the canonical scripts (or equivalent):
./project-tool.sh build,./project-tool.sh test, and./project-tool.sh coveragewhen applicable.
Commit messages (mandatory)
- Commit messages MUST be written in English.
- Messages must be sufficiently detailed to explain:
- What changed (key behavior and files/modules impacted),
- Why it changed (motivation / bug / requirement),
- How it was validated (tests/manual/hardware), including notable parameters or device info where relevant.
- Use a conventional format:
- Subject line: short, imperative, scoped (e.g.,
Fix ...,Add ...,Update ...), ideally ≤ 72 chars. - Blank line.
- Body: structured details (bullets preferred).
- Subject line: short, imperative, scoped (e.g.,