mirror of
https://github.com/openai/codex.git
synced 2026-05-15 08:42:34 +00:00
913aad4d3c
## Why Enterprise-managed hook policy needs a narrow way to require Codex to ignore user-controlled lifecycle hooks without adopting the broader trust-precedence model from earlier hook work. This keeps the policy anchored in `requirements.toml`, so admins can opt into managed hooks only while normal `config.toml` files cannot enable the restriction themselves. ## What changed - Added `allow_managed_hooks_only` to the requirements data flow and preserved explicit `false` values. - Also adds it to /debug-config - Marked MDM, system, and legacy managed config layers as managed for hook discovery. - Updated hook discovery so `allow_managed_hooks_only = true`: - keeps managed requirements hooks and managed config-layer hooks, - skips user/project/session `hooks.json` and `[hooks]` entries with concise startup warnings, - skips current unmanaged plugin hooks, - ignores any `allow_managed_hooks_only` key placed in ordinary `config.toml` layers.
16 lines
726 B
Markdown
16 lines
726 B
Markdown
# Configuration
|
|
|
|
For basic configuration instructions, see [this documentation](https://developers.openai.com/codex/config-basic).
|
|
|
|
For advanced configuration instructions, see [this documentation](https://developers.openai.com/codex/config-advanced).
|
|
|
|
For a full configuration reference, see [this documentation](https://developers.openai.com/codex/config-reference).
|
|
|
|
## Lifecycle hooks
|
|
|
|
Admins can set top-level `allow_managed_hooks_only = true` in
|
|
`requirements.toml` to ignore user, project, and session hook configs while
|
|
still allowing managed hooks from requirements and managed config layers. This
|
|
setting is only supported in `requirements.toml`; putting it in `config.toml`
|
|
does not enable managed-hooks-only mode.
|