NonDev Apps

Bonus 01 of 07

Safe automation in Codex - use repeatable commands, not mystery hooks

Goal: Current Codex docs emphasize clear rules, reusable skills, MCP, and helper commands - not hidden hook workflows. This bonus lesson teaches the safer automation building blocks a non-developer can actually understand and review.

What to do

01

Understand what this lesson uses instead of hooks

This course is not going to ask a beginner to rely on undocumented or version-specific hook behavior. In Codex, the safer automation primitives are: (1) clear AGENTS.md rules, (2) reusable skills from Day 15, (3) existing project scripts or helper commands, and (4) MCP connections when you truly need outside access. The common thread is that each one is inspectable. You can read it, review it, and explain it before you trust it.

02

List the commands and scripts your project already has

Before you invent anything new, inspect what already exists. Ask Codex to list the safe repeatable commands or scripts your project already exposes - package.json scripts, Makefile targets, documented npm commands, or helper scripts in the repo. The point is to reduce custom automation, not add it blindly.

03

Choose the right automation shape for one repeated task

Now pick one repeated task from your real workflow and classify it. If the task is "make Codex behave the same way every session," that belongs in AGENTS.md. If the task is "reuse the same job instructions," that belongs in a skill. If the task is "run the same local command every time," that belongs in an existing script or helper command. If the task needs outside data or outside actions, that may require MCP. You are choosing the smallest tool that solves the real problem.

04

If a command is missing, ask Codex for a proposal only

If your repeated task truly needs a one-command entry point and the project does not already have one, ask Codex for a proposal - not an implementation yet. The proposal must name the file it would change, the exact command you would run, and whether it installs anything, writes anything, or deletes anything. This is a review step only.

05

Write the decision into AGENTS.md

Record the result so future you does not have to re-decide it from scratch. Add a new section to AGENTS.md called ## Safe automation. Write: the repeated task, the mechanism you chose, why you chose it, and any mechanism you deliberately rejected for safety reasons. If you already have the right command or skill, note that too. Commit the note in GitHub Desktop after you review the diff.

Expected result

You know the safer automation primitives Codex actually supports well, you inspected the commands your project already has, you matched one repeated task to the smallest safe mechanism, and you recorded the decision in AGENTS.md.

Key takeaway

  • If you cannot read it, explain it, and review it, it is not safe automation for a non-developer. Prefer AGENTS.md rules, reusable skills, and visible commands before you reach for more powerful machinery.
Bonus 1 - Safe automation in Codex - use... - NonDev Apps