DEC-0014: Codex Hotfix Escalation Rule
Date: 2026-03-25 Status: Accepted Scope: Codex operational behavior, production incidents, branch promotion
Decision
When the human uses language such as HOTFIX, production hotfix, fix production,
site is broken in production, or otherwise clearly identifies a production incident,
Codex must treat the task as a production promotion path by default, not as routine
development work.
Codex will:
- implement the fix immediately
- push the fix to
mainwhen the change is ready - report only concrete status:
fixed,pushed to main, orblocked by X
Codex will not pause to ask whether the human wants the fix applied if the human has already made the production intent explicit.
Rationale
The repo already distinguishes development from main, and it already allows deploy
incidents to go directly to main when the human chooses that path. The failure mode was
not lack of branch policy but lack of behavioral discipline: Codex treated an explicit
production hotfix as if it were ordinary development work, asked unnecessary follow-up
questions, and slowed incident response.
This decision closes that gap by making the escalation path explicit for Codex.
Operational Implications
developmentremains the default branch for normal work.- Explicit production incidents are not normal work.
- For an explicit production incident, Codex should prefer the smallest safe fix and
promote it directly to
main. - If hooks fail because of unrelated files outside the hotfix scope, Codex should avoid editing those unrelated files and use the narrowest safe path to ship the isolated fix.
Follow-up
- Mirror this rule in
AGENTS.mdunder Codex execution discipline so it is part of the primary operating contract, not only the decision log.