mirror of https://github.com/openai/codex.git synced 2026-05-14 08:12:36 +00:00

Files

Abhinav 0452dca986 hook trust metadata and enforcement (#20321 )

# Why

We want shared hook trust that both the app and the TUI can build on,
but the metadata is only useful if runtime behavior agrees with it. This
PR adds a single backend trust model for hooks so unmanaged hooks cannot
run until the current definition has been reviewed, while managed hooks
remain runnable and non-configurable.

# What

- persist `trusted_hash` alongside hook state in `config.toml`
- expose `currentHash` and derived `trustStatus` through `hooks/list`
- derive trust from normalized hook definitions so equivalent hooks from
`config.toml` and `hooks.json` share the same trust identity
- gate unmanaged hooks on trust before they enter the runnable handler
set

# Reviewer Notes

- key file to review is `codex-rs/hooks/src/engine/discovery.rs`
- the only **core** change is schema related

2026-05-05 19:13:55 +00:00

src

hook trust metadata and enforcement (#20321 )

2026-05-05 19:13:55 +00:00

BUILD.bazel

fix(core) Preserve base_instructions in SessionMeta (#9427 )

2026-01-19 21:59:36 -08:00

Cargo.toml

[codex] Move config loading into codex-config (#19487 )

2026-04-26 15:10:53 -07:00

README.md

fix: separate codex mcp into codex mcp-server and codex app-server (#4471 )

2025-09-30 07:06:18 +00:00

README.md

codex-protocol

This crate defines the "types" for the protocol used by Codex CLI, which includes both "internal types" for communication between codex-core and codex-tui, as well as "external types" used with codex app-server.

This crate should have minimal dependencies.

Ideally, we should avoid "material business logic" in this crate, as we can always introduce Ext-style traits to add functionality to types in other crates.