Safer local Git autonomy for sandboxed Codex without broad .git write access

I’ve been working around a local Codex workflow issue: I want to keep Codex in a safer sandbox/approval posture, but local Git operations often need writes under .git. That can push you toward manual Git, repeated approvals, or broader permissions than you actually want.

I built a small local MCP server called codex-safe-git to explore a middle ground.

The idea is not to make .git broadly writable and not to expose arbitrary shell/Git access. Instead, Codex gets a narrow, auditable Git tool surface for local workflows: status, bounded diff summaries, branch prep, and exact-file commits. Remote operations are intentionally out of scope.

You can find it on GitHub by searching for K1-R1 codex-safe-git.

Install is via Go:

go install github.com/K1-R1/codex-safe-git/cmd/codex-safe-git-mcp@v0.4.3

Not claiming this replaces any upstream permission work, but it may help people who want Codex to stay sandboxed while still being able to handle local Git more autonomously.