Add guardian review context to PermissionRequest hooks

Run guardian before Bash PermissionRequest hooks when approvals are already routed to guardian, pass the review into the hook input as advisory context, and reuse the guardian decision when hooks stay quiet. Co-authored-by: Codex <noreply@openai.com>
2026-04-26 15:45:02 +00:00 · 2026-04-10 16:35:49 -07:00
parent 07896f7f2e
commit a05fe33cc9
12 changed files with 721 additions and 65 deletions
--- a/codex-rs/hooks/schema/generated/permission-request.command.input.schema.json
+++ b/codex-rs/hooks/schema/generated/permission-request.command.input.schema.json
@@ -8,6 +8,98 @@
        "null"
      ]
    },
+    "PermissionRequestApprovalReviewDecisionWire": {
+      "enum": [
+        "allow",
+        "deny"
+      ],
+      "type": "string"
+    },
+    "PermissionRequestApprovalReviewRiskLevelWire": {
+      "enum": [
+        "low",
+        "medium",
+        "high",
+        "critical"
+      ],
+      "type": "string"
+    },
+    "PermissionRequestApprovalReviewStatusWire": {
+      "enum": [
+        "approved",
+        "denied",
+        "aborted",
+        "failed",
+        "timed_out"
+      ],
+      "type": "string"
+    },
+    "PermissionRequestApprovalReviewUserAuthorizationWire": {
+      "enum": [
+        "unknown",
+        "low",
+        "medium",
+        "high"
+      ],
+      "type": "string"
+    },
+    "PermissionRequestApprovalReviewWire": {
+      "additionalProperties": false,
+      "properties": {
+        "decision": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/PermissionRequestApprovalReviewDecisionWire"
+            },
+            {
+              "type": "null"
+            }
+          ]
+        },
+        "rationale": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "risk_level": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/PermissionRequestApprovalReviewRiskLevelWire"
+            },
+            {
+              "type": "null"
+            }
+          ]
+        },
+        "source": {
+          "const": "guardian",
+          "type": "string"
+        },
+        "status": {
+          "$ref": "#/definitions/PermissionRequestApprovalReviewStatusWire"
+        },
+        "user_authorization": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/PermissionRequestApprovalReviewUserAuthorizationWire"
+            },
+            {
+              "type": "null"
+            }
+          ]
+        }
+      },
+      "required": [
+        "decision",
+        "rationale",
+        "risk_level",
+        "source",
+        "status",
+        "user_authorization"
+      ],
+      "type": "object"
+    },
    "PermissionRequestToolInput": {
      "additionalProperties": false,
      "properties": {
@@ -22,6 +114,16 @@
    }
  },
  "properties": {
+    "approval_review": {
+      "anyOf": [
+        {
+          "$ref": "#/definitions/PermissionRequestApprovalReviewWire"
+        },
+        {
+          "type": "null"
+        }
+      ]
+    },
    "cwd": {
      "type": "string"
    },
@@ -61,6 +163,7 @@
    }
  },
  "required": [
+    "approval_review",
    "cwd",
    "hook_event_name",
    "model",