diff --git a/.codex/config.toml b/.codex/config.toml
new file mode 100644
index 000000000..52b92e442
--- /dev/null
+++ b/.codex/config.toml
@@ -0,0 +1,3 @@
+# Project-local Codex configuration.
+#
+# Command safety policy lives in .codex/rules/git-state.rules.
diff --git a/.codex/rules/git-state.rules b/.codex/rules/git-state.rules
new file mode 100644
index 000000000..918087f85
--- /dev/null
+++ b/.codex/rules/git-state.rules
@@ -0,0 +1,90 @@
+# Forbid Codex from changing Git repository state in this project.
+#
+# Read-only Git inspection, such as `git status`, `git diff`, `git log`, and
+# `git show`, is intentionally not matched by this policy.
+
+prefix_rule(
+    pattern = ["git", [
+        "add",
+        "am",
+        "apply",
+        "bisect",
+        "branch",
+        "checkout",
+        "cherry-pick",
+        "clean",
+        "commit",
+        "fetch",
+        "merge",
+        "mv",
+        "notes",
+        "pull",
+        "push",
+        "rebase",
+        "reflog",
+        "replace",
+        "reset",
+        "restore",
+        "revert",
+        "rm",
+        "stash",
+        "submodule",
+        "switch",
+        "tag",
+        "update-index",
+        "update-ref",
+        "worktree",
+    ]],
+    decision = "forbidden",
+    justification = "Git commands that change the index, refs, branches, remotes, commits, or working tree are reserved for the user.",
+    match = [
+        "git add .",
+        "git commit -m test",
+        "git pull --rebase",
+        "git reset --hard HEAD",
+        "git restore --staged AGENTS.md",
+    ],
+    not_match = [
+        "git diff -- AGENTS.md",
+        "git log --oneline -5",
+        "git show HEAD",
+        "git status --short",
+    ],
+)
+
+prefix_rule(
+    pattern = ["git", [
+        "-C",
+        "-c",
+        "--bare",
+        "--config-env",
+        "--exec-path",
+        "--git-dir",
+        "--git-dir=.git",
+        "--git-dir=/home/w0rp/ale/.git",
+        "--namespace",
+        "--no-optional-locks",
+        "--no-pager",
+        "--paginate",
+        "-P",
+        "--super-prefix",
+        "--work-tree",
+        "--work-tree=.",
+        "--work-tree=/home/w0rp/ale",
+    ]],
+    decision = "forbidden",
+    justification = "Git global options can obscure or bypass repository state changes; run read-only Git commands from the repository root instead.",
+    match = [
+        "git -C /home/w0rp/ale status --short",
+        "git --git-dir .git status",
+        "git --git-dir=.git status",
+        "git --no-pager add .",
+        "git --work-tree . status",
+    ],
+    not_match = [
+        "git diff -- AGENTS.md",
+        "git log --oneline -5",
+        "git show HEAD",
+        "git status --short",
+    ],
+)