This repository is a template, not a deployed service, but it still contains policy files and shell scripts that teams may reuse in sensitive environments.

If you find a security issue in the template itself, report it privately to the maintainers before opening a public issue.

Security-sensitive areas in this repository include:

• the native .codex/ surface, especially .codex/config.toml, .codex/hooks.json, and the hook scripts under .codex/hooks/
• shell scripts under scripts/, including the optional Claude auth helper wrappers
• the optional Claude adapter files under .claude/ when that adapter is kept in a downstream repo
• bootstrap and verification workflows

The canonical security contract lives in AGENTS.md and the committed .codex/ files. The .claude/ directory is an adapter layer that may mirror those rules for Claude Code, but it is not the source of truth.

For Claude Code auth in this template:

• existing machine auth, such as a normal claude login, remains valid
• ANTHROPIC_API_KEY is also valid
• .claude/settings.local.json plus apiKeyHelper is supported as an optional local override, not a required baseline
• base .claude/settings.json must not require helper-only auth

Security-related changes should include:

• an explicit explanation of the risk being addressed
• updated verification where practical
• migration notes if downstream repos may need manual changes

When adopting Agent Spine downstream, review .codex/policy.json before enabling hooks in normal work.

Common examples:

• add deploy commands to dangerous_commands until release automation is reviewed
• add project-specific generated credential names to secret_path_patterns
• keep allow rules narrow and command-specific instead of disabling broad protection
• run python3 scripts/checks/check-policy.py in the template, or copy the equivalent validation into the downstream repo if policy becomes project-owned