diff --git a/AGENTS.md b/AGENTS.md
new file mode 100644
index 0000000..f6a296d
--- /dev/null
+++ b/AGENTS.md
@@ -0,0 +1,15 @@
+# Agent Instructions
+
+These rules apply to all agent-driven work in this repository.
+
+## Git Workflow
+
+- Do not push directly to `main`.
+- Make every change on a small topic branch.
+- Open a pull request for every change, including documentation-only changes.
+- Keep PRs incremental and focused on one concern.
+- Run `bash scripts/publish-check.sh` before opening or updating a PR.
+- Do not merge automated dependency or security PRs without reviewing the diff.
+
+The only exception was the initial repository publication. Future Codex work
+should use pull requests.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 644cd78..6a60cd1 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -27,3 +27,16 @@ file-specific, and justified by tests or documentation examples.
 
 Use concise, human-readable commit messages. Do not include AI attribution
 footers or generated-by text in commits.
+
+## Pull Request Policy
+
+All changes should go through pull requests. Do not push directly to `main`.
+
+Keep PRs small:
+
+- one feature, fix, or documentation update per PR
+- clear title and summary
+- publish-check output included when relevant
+- no unrelated cleanup mixed into the same branch
+
+This policy applies to agent-authored work as well as human-authored work.
diff --git a/docs/PUBLICATION_CHECKLIST.md b/docs/PUBLICATION_CHECKLIST.md
index d8a5b0a..9352439 100644
--- a/docs/PUBLICATION_CHECKLIST.md
+++ b/docs/PUBLICATION_CHECKLIST.md
@@ -2,27 +2,35 @@
 
 Run these from the repository root before pushing publicly.
 
-1. Confirm there are no private staging folders:
+1. Create a topic branch. Do not push directly to `main`.
+
+```bash
+git checkout -b your-change-name
+```
+
+2. Confirm there are no private staging folders:
 
 ```bash
 find . -name .git -type d -prune -print
 find . -name '*.lock' -o -name '.DS_Store'
 ```
 
-2. Run the bundled publish check:
+3. Run the bundled publish check:
 
 ```bash
 bash scripts/publish-check.sh
 ```
 
-3. Check for personal identifiers:
+4. Check for personal identifiers:
 
 ```bash
 rg -n --hidden 'your-real-email@example.com|/Users/yourname|phone|token|password' .
 ```
 
-4. Review `.security-allowlist` manually. Every entry should be narrow and
+5. Review `.security-allowlist` manually. Every entry should be narrow and
 explainable.
 
-5. Confirm any `.env`, session, credential, backup, and local profile files are
+6. Confirm any `.env`, session, credential, backup, and local profile files are
 excluded by `.gitignore`.
+
+7. Open a pull request.