codex-destructive-shell-guard
Block critical destructive shell commands in Codex.
hook
PreToolUse
codex
mode: enforce
config/hook-registry.json (entry) hooks/wagents-hook.py (policy)
Block critical destructive shell commands in Codex.
Registry Entry
Section titled “Registry Entry”| Field | Value |
|---|---|
| id | codex-destructive-shell-guard |
| status_message | Checking shell safety |
| mode | enforce |
| logical_event | PreToolUse |
| matcher | Bash|bash|run_shell_command|shell|terminal |
| command | python3 {repo_root}/hooks/wagents-hook.py codex-destructive-shell-guard --harness {harness} |
| timeout | 5 |
| harnesses | ["codex"] |
Full hook config + command reference
{ "id": "codex-destructive-shell-guard", "description": "Block critical destructive shell commands in Codex.", "status_message": "Checking shell safety", "mode": "enforce", "logical_event": "PreToolUse", "matcher": "Bash|bash|run_shell_command|shell|terminal", "command": "python3 {repo_root}/hooks/wagents-hook.py codex-destructive-shell-guard --harness {harness}", "timeout": 5, "harnesses": [ "codex" ]}def _policy_codex_destructive_shell_guard(payload: NormalizedPayload) -> int: if _tool_name(payload) not in SHELL_TOOL_NAMES and not payload.command: return 0 reason = _destructive_shell_reason(payload.command) if reason: return _deny(payload, reason, policy_id="codex-destructive-shell-guard") return 0Command: python3 .../wagents-hook.py codex-destructive-shell-guard --harness codex
Resources
Section titled “Resources” Hooks Hub All repo-managed lifecycle hooks.
wagents hooks Inspect and validate hooks via CLI.