NightPilot / 夜航员
A lightweight Codex autonomy layer for long-running, low-interruption development.
English · 简体中文 · Quickstart · Architecture · FAQ
NightPilot helps Codex stay useful during long development runs. It turns a rough product goal into a durable local workflow with state files, task queues, retry classification, worktree isolation, context handoffs, verification evidence, resource guards, and release privacy checks.
It does not replace Codex. It does not bypass Codex internals, OAuth, payment, missing secrets, CAPTCHA, powered-off machines, or platform outages.
Long Codex sessions often fail for operational reasons rather than coding reasons:
- approval prompts interrupt unattended work;
- network timeouts or package registry failures stop the whole run;
- long conversations drift or lose important decisions;
- multiple tasks collide in the same working tree;
- logs, caches, and run artifacts grow without bounds;
- old conversations need a low-cost way to adopt the workflow;
- release packages can accidentally include private local state.
NightPilot adds an operating layer around the original Codex mechanics instead of pretending to change the model or the Codex platform.
Use this in any Codex conversation inside a project:
Use NightPilot / 夜航员 ($codex-autonomous-dev) to take over this project in full-auto unattended development mode. Goal: <your goal>. Execute directly; do not only give steps.
Chinese version:
使用 NightPilot / 夜航员($codex-autonomous-dev)接管当前项目,进入全自动无人开发模式。目标是:<你的目标>。请直接执行,不要只给步骤。
When loaded, the skill should run the low-cost activation path:
python <controller> activate --goal "<your goal>"When the user explicitly wants the machine to keep running unattended:
python <controller> activate --goal "<your goal>" --start-loop| Capability | What NightPilot does |
|---|---|
| Low-cost old conversation takeover | One sentence can trigger project inspection, state initialization, hardening, goal adoption, readiness audit, and optional run loop start. |
| Old workflow retrofit | retrofit-state writes the latest runtime guardrails into queued task prompts so older loops can pass them to future workers. |
| Permission hardening | Adds non-interactive Codex child-process settings where Codex supports them; future Codex defaults are hardened only when --harden-global is used. |
| Honest authorization handling | Parks real login/OAuth/payment/secret blockers instead of pretending to bypass them. |
| Network resilience | Classifies transient network failures, retries with bounded backoff and jitter, then parks only the affected task if needed. |
| Anti-hallucination recovery guard | Network failures must not rewrite OS networking, restart/reinstall Codex, reopen the parent Codex app, or create a replacement Codex. |
| Durable task queue | Stores queue, runs, blockers, and conversation summaries in .codex-autonomous/. |
| Worktree isolation | Uses branch/worktree lanes for implementation tasks when the target project is a Git repository. |
| Long-context management | Logs decisions, compacts noisy conversations, recalls state, and exports handoff packages. |
| Resource guard | Checks memory, disk, and active worker pressure before long loops. |
| Retention cleanup | Bounds run directories and log size so long runs do not become cache/log leaks. |
| Privacy gate | Scans release packages for local paths, runtime state, caches, logs, and secret-like content before publishing. |
flowchart LR
A["User goal"] --> B["NightPilot skill trigger"]
B --> C["activate"]
C --> D[".codex-autonomous state"]
D --> E["Task queue"]
E --> F["Git worktree when safe"]
F --> G["codex exec worker"]
G --> H["Verification"]
H --> I{"Result"}
I -->|passed| J["verified"]
I -->|missing evidence| K["needs_verification"]
I -->|network retryable| L["retry_wait"]
I -->|network exhausted| O["blocked_network"]
I -->|auth required| M["blocked_auth"]
I -->|resource pressure| N["retry_wait / pause"]
git clone https://github.com/Dear-Ded/nightpilot-codex <plugins-dir>/codex-autonomous-dev
codex plugin add codex-autonomous-dev@personalThis fallback is important for old conversations and local experiments:
mkdir -Force ~/.codex/skills/codex-autonomous-dev
Copy-Item ./skills/codex-autonomous-dev/* ~/.codex/skills/codex-autonomous-dev/ -Recurse -Forcepython <controller> activate --goal "Build the requested product"
python <controller> activate --goal "Build the requested product" --start-loop
python <controller> activate --goal "Build the requested product" --harden-global
python <controller> sleep-ready
python <controller> retrofit-state
python <controller> audit-permissions
python <controller> status
python <controller> doctor
python <controller> cleanup --dry-run
python <controller> privacy-scan --path <publish-dir> --fail
python <controller> recall-context
python <controller> export-context-handoff
python <controller> run-loop --max-cycles 0NightPilot can reduce interruptions, recover state, and continue independent work. It cannot make unsafe or impossible guarantees.
It can:
- reduce approval prompts for Codex child processes it owns;
- set future Codex defaults when the user explicitly uses global hardening;
- retry transient network failures with bounded backoff;
- park real authorization blockers and continue unrelated work;
- keep long-running state outside the chat context;
- pause when the device is under resource pressure.
It cannot:
- change an already-running parent Codex turn's approval policy;
- bypass real login, OAuth, payment, CAPTCHA, missing secrets, or external account permissions;
- keep a sleeping or powered-off machine running;
- guarantee external platform availability;
- safely publish, pay, broadly delete, reset, or enter credentials without explicit user intent;
- recover from network failures by rewriting OS network settings or Codex itself.
.codex-plugin/
plugin.json
assets/
docs/
scripts/
autonomous_dev.py
autonomous_dev_selftest.py
skills/
codex-autonomous-dev/
SKILL.md
NIGHTPILOT_REQUIREMENTS_LOCK.md
references/
python scripts/autonomous_dev_selftest.py
python scripts/autonomous_dev.py doctor
python scripts/autonomous_dev.py privacy-scan --path . --failMIT