mirror of
https://github.com/openai/codex.git
synced 2026-04-26 23:55:25 +00:00
73bbb07ba8
- add `PreToolUse` hook for bash-like tool execution only at first - block shell execution before dispatch with deny-only hook behavior - introduces common.rs matcher framework for matching when hooks are run example run: ``` › run three parallel echo commands, and the second one should echo "[block-pre-tool-use]" as a test • Running the three echo commands in parallel now and I’ll report the output directly. • Running PreToolUse hook: name for demo pre tool use hook • Running PreToolUse hook: name for demo pre tool use hook • Running PreToolUse hook: name for demo pre tool use hook PreToolUse hook (completed) warning: wizard-tower PreToolUse demo inspected Bash: echo "first parallel echo" PreToolUse hook (blocked) warning: wizard-tower PreToolUse demo blocked a Bash command on purpose. feedback: PreToolUse demo blocked the command. Remove [block-pre-tool-use] to continue. PreToolUse hook (completed) warning: wizard-tower PreToolUse demo inspected Bash: echo "third parallel echo" • Ran echo "first parallel echo" └ first parallel echo • Ran echo "third parallel echo" └ third parallel echo • Three little waves went out in parallel. 1. printed first parallel echo 2. was blocked before execution because it contained the exact test string [block-pre-tool-use] 3. printed third parallel echo There was also an unrelated macOS defaults warning around the successful commands, but the echoes themselves worked fine. If you want, I can rerun the second one with a slightly modified string so it passes cleanly. ```
80 lines
1.5 KiB
JSON
80 lines
1.5 KiB
JSON
{
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"additionalProperties": false,
|
|
"definitions": {
|
|
"NullableString": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
]
|
|
},
|
|
"PreToolUseToolInput": {
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"command": {
|
|
"type": "string"
|
|
}
|
|
},
|
|
"required": [
|
|
"command"
|
|
],
|
|
"type": "object"
|
|
}
|
|
},
|
|
"properties": {
|
|
"cwd": {
|
|
"type": "string"
|
|
},
|
|
"hook_event_name": {
|
|
"const": "PreToolUse",
|
|
"type": "string"
|
|
},
|
|
"model": {
|
|
"type": "string"
|
|
},
|
|
"permission_mode": {
|
|
"enum": [
|
|
"default",
|
|
"acceptEdits",
|
|
"plan",
|
|
"dontAsk",
|
|
"bypassPermissions"
|
|
],
|
|
"type": "string"
|
|
},
|
|
"session_id": {
|
|
"type": "string"
|
|
},
|
|
"tool_input": {
|
|
"$ref": "#/definitions/PreToolUseToolInput"
|
|
},
|
|
"tool_name": {
|
|
"const": "Bash",
|
|
"type": "string"
|
|
},
|
|
"tool_use_id": {
|
|
"type": "string"
|
|
},
|
|
"transcript_path": {
|
|
"$ref": "#/definitions/NullableString"
|
|
},
|
|
"turn_id": {
|
|
"description": "Codex extension: expose the active turn id to internal turn-scoped hooks.",
|
|
"type": "string"
|
|
}
|
|
},
|
|
"required": [
|
|
"cwd",
|
|
"hook_event_name",
|
|
"model",
|
|
"permission_mode",
|
|
"session_id",
|
|
"tool_input",
|
|
"tool_name",
|
|
"tool_use_id",
|
|
"transcript_path",
|
|
"turn_id"
|
|
],
|
|
"title": "pre-tool-use.command.input",
|
|
"type": "object"
|
|
} |