codex-permission-request-guard
Deny high-risk Codex permission requests and otherwise preserve the normal approval flow.
hook
PermissionRequest
codex
mode: enforce
config/hook-registry.json (entry) hooks/wagents-hook.py (policy)
Deny high-risk Codex permission requests and otherwise preserve the normal approval flow.
Registry Entry
Section titled “Registry Entry”| Field | Value |
|---|---|
| id | codex-permission-request-guard |
| status_message | Checking approval request safety |
| mode | enforce |
| logical_event | PermissionRequest |
| command | python3 {repo_root}/hooks/wagents-hook.py codex-permission-request-guard --harness {harness} |
| timeout | 5 |
| harnesses | ["codex"] |
Full hook config + command reference
{ "id": "codex-permission-request-guard", "description": "Deny high-risk Codex permission requests and otherwise preserve the normal approval flow.", "status_message": "Checking approval request safety", "mode": "enforce", "logical_event": "PermissionRequest", "command": "python3 {repo_root}/hooks/wagents-hook.py codex-permission-request-guard --harness {harness}", "timeout": 5, "harnesses": [ "codex" ]}def _policy_codex_permission_request_guard(payload: NormalizedPayload) -> int: reason = _destructive_shell_reason(payload.command) or _protected_payload_reason(payload) if reason: return _codex_permission_deny(payload, reason, "codex-permission-request-guard") return 0Command: python3 .../wagents-hook.py codex-permission-request-guard --harness codex
Resources
Section titled “Resources” Hooks Hub All repo-managed lifecycle hooks.
wagents hooks Inspect and validate hooks via CLI.