From b36ed415594f1bcff5e44f9dc9ee74fe54e1a652 Mon Sep 17 00:00:00 2001
From: Peter Steinberger <steipete@gmail.com>
Date: Sun, 31 May 2026 09:48:50 -0400
Subject: [PATCH] docs: strengthen review dependency inspection rules

---
 AGENTS.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/AGENTS.md b/AGENTS.md
index 93d8aedca3c..413d2d02518 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -9,6 +9,8 @@ Skills own workflows; root owns hard policy and routing.
 - Replies: repo-root refs only: `extensions/telegram/src/index.ts:80`. No absolute paths, no `~/`.
 - Docs/user-visible work: `pnpm docs:list`, then read relevant docs only.
 - Fix/triage answers need source, tests, current/shipped behavior, and dependency contract proof.
+- Reviews/answers: high confidence required. Default to exhaustive relevant codebase search/read, including owners, callers, siblings, tests, docs, and upstream/dependency contracts before verdict. Diff-only review is insufficient.
+- Dependency-touching work: direct dependency inspection is mandatory when feasible; do not rely on assumptions, wrappers, or memory. Most dependencies are OSS, so read their source/docs/types. For any Codex-related code or protocol behavior, read sibling `../codex`; clone `https://github.com/openai/codex.git` there if missing, then verify against its source before verdict.
 - Dependency-backed behavior: read upstream docs/source/types first. No API/default/error/timing guesses.
 - Live-verify when feasible. Never print secrets.
 - Missing deps: `pnpm install`, retry once, then report first actionable error.