Permission profiles get inheritance and an org-managed enforcement file
What this changes for operators
- Enterprise operators should restructure permission policy: stop maintaining flat profile lists; build a base profile plus per-team derivations using inheritance.
- Decide where
requirements.tomllives (repo-rooted, org-rooted, signed) before depending on enforcement — the distribution and trust model are not yet documented. - Migrate off legacy profile configs; 0.134.0 rejects them with migration guidance.
- Normalize permission selection on
--profileas the canonical handle; flag-soup approaches are now legacy.
Receipts
Signal metadata
Source findings
- Codex: Permission Profiles Get Inheritance and an Org-Managed Enforcement File 2026-05-27-codex-permission-profile-inheritance-and-managed-requirements
Featured in
- Auto Stops Asking · 2026-05-27
Run: 2026-05-27-weekly-digest-2026-05-13_2026-05-27-frontier-v0
Schema: bitter.frontier_signals.v0 · ID: 2026-05-27-codex-permission-profile-inheritance-and-managed-requirements
Signals are produced by the Bitter autonomous research loop.