Canon Boundary Guard is a session-level operating frame that shapes how Codex handles information provenance from the moment it is invoked. This guide covers how to activate the skill, how to keep it active across a full session, and how it concretely changes Codex behavior during reading, analysis, planning, conflict detection, and persistence decisions — not only at write moments.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/XxYouDeaDPunKxX/canon-boundary-guard-codex/llms.txt
Use this file to discover all available pages before exploring further.
Invoking the Skill
You can activate Canon Boundary Guard in two ways at the start of a new thread. Natural language:What Happens on Activation
When the skill is invoked, Codex performs the following steps silently, without a confirmation message:- Reads the full
SKILL.md— the complete operating frame is loaded before any response or tool call. - Adopts the frame — no acknowledgment is emitted. The frame becomes the active operating layer immediately.
- Scans the conversation prefix — Codex checks the visible conversation for a leading AGENTS.md prelude: a user-role message beginning with
AGENTS.md instructions for <path>. - Classifies any prelude as L2A — if found, the entire block is classified as
L2A CODEX INSTRUCTION CHAINruntime material, not operator chat and not project content. Any<environment_context>...</environment_context>block inside it is classified as runtime metadata. - Waits for the first operator request — the first real operator message is the first user message after the prelude, if any was present.
The skill is a session-level operating frame, not a task-specific formatter or converter. It must be active from the start of a session, before any analysis or file work begins. Invoking it mid-task, after Codex has already reasoned over files or generated plans, does not retroactively apply the frame to prior reasoning.
Keeping the Frame Active
Canon Boundary Guard is designed to remain active as the operating layer for the entire session. It is not a one-shot command that expires after a single task. After Codex performs context compaction during a long session — when it compresses earlier conversation history into a summary — the fullSKILL.md content may no longer be directly present in context. Re-invoke the skill after compaction to re-establish the frame:
What Changes
Activating Canon Boundary Guard changes how Codex behaves across all phases of a session, not only when writing files.Reading
As Codex reads project files, examines git state, or processes tool output, it classifies sources by layer. Project files, lockfiles, schemas, diagnostics, and verified tool output are classified asL0 EVIDENCE. Conversation context is L1 SHAPING. Model assumptions are L3 MODEL PRIOR. These labels travel with the material as Codex reasons.
Analysis and Planning
When reasoning about the project or planning edits, Codex keeps non-L0 material distinct from verified evidence. A claim from the conversation is treated differently from a claim grounded in a project file. Unverified model assumptions are tagged[L3] inline when they would affect the output if the source were different.
Writes
When Codex reaches a write decision, it applies the appropriate dossier mode based on where the content comes from:| Mode | When it applies | Dossier required |
|---|---|---|
| Mode A | Mechanical edit with clear L0 provenance | None |
| Mode B | Semantic reorganization of existing evidence | Compact dossier |
| Mode C | Promotion of L1 or L3 material into persistent content | Full dossier — stop before writing |