Skip to content

feat(hooks): add managed hooks #15937

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
viyatb-oai wants to merge 7 commits into
base: codex/viyatb/hooks-trust-precedence
Choose a base branch
from
Open

feat(hooks): add managed hooks #15937

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
b04edb1
feat: add managed hooks lockdown
viyatb-oai Mar 27, 2026
de886c5
style: format hook safety imports
viyatb-oai Apr 7, 2026
c5decba
fix: annotate managed hook test literal
viyatb-oai Apr 7, 2026
5ab034b
fix: complete managed hooks requirements tests
viyatb-oai Apr 7, 2026
9d16a0a
chore: merge hooks precedence into hook safety controls
viyatb-oai Apr 16, 2026
645f872
Merge branch 'codex/viyatb/hooks-trust-precedence' of github.com:open…
viyatb-oai Apr 16, 2026
9b4fdd5
Merge branch 'codex/viyatb/hooks-trust-precedence' of github.com:open…
viyatb-oai Apr 17, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.schemas.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6873,6 +6873,12 @@
},
"ConfigRequirements": {
"properties": {
"allowManagedHooksOnly": {
"type": [
"boolean",
"null"
]
},
"allowedApprovalPolicies": {
"items": {
"$ref": "#/definitions/v2/AskForApproval"
Expand Down
6 changes: 6 additions & 0 deletions codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.v2.schemas.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3490,6 +3490,12 @@
},
"ConfigRequirements": {
"properties": {
"allowManagedHooksOnly": {
"type": [
"boolean",
"null"
]
},
"allowedApprovalPolicies": {
"items": {
"$ref": "#/definitions/AskForApproval"
Expand Down
6 changes: 6 additions & 0 deletions codex-rs/app-server-protocol/schema/json/v2/ConfigRequirementsReadResponse.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,12 @@
},
"ConfigRequirements": {
"properties": {
"allowManagedHooksOnly": {
"type": [
"boolean",
"null"
]
},
"allowedApprovalPolicies": {
"items": {
"$ref": "#/definitions/AskForApproval"
Expand Down
2 changes: 1 addition & 1 deletion codex-rs/app-server-protocol/schema/typescript/v2/ConfigRequirements.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,4 +6,4 @@ import type { AskForApproval } from "./AskForApproval";
import type { ResidencyRequirement } from "./ResidencyRequirement";
import type { SandboxMode } from "./SandboxMode";

export type ConfigRequirements = {allowedApprovalPolicies: Array<AskForApproval> | null, allowedSandboxModes: Array<SandboxMode> | null, allowedWebSearchModes: Array<WebSearchMode> | null, featureRequirements: { [key in string]?: boolean } | null, enforceResidency: ResidencyRequirement | null};
export type ConfigRequirements = {allowedApprovalPolicies: Array<AskForApproval> | null, allowedSandboxModes: Array<SandboxMode> | null, allowedWebSearchModes: Array<WebSearchMode> | null, allowManagedHooksOnly: boolean | null, featureRequirements: { [key in string]?: boolean } | null, enforceResidency: ResidencyRequirement | null};
2 changes: 2 additions & 0 deletions codex-rs/app-server-protocol/src/protocol/v2.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -889,6 +889,7 @@ pub struct ConfigRequirements {
pub allowed_approvals_reviewers: Option<Vec<ApprovalsReviewer>>,
pub allowed_sandbox_modes: Option<Vec<SandboxMode>>,
pub allowed_web_search_modes: Option<Vec<WebSearchMode>>,
pub allow_managed_hooks_only: Option<bool>,
pub feature_requirements: Option<BTreeMap<String, bool>>,
pub enforce_residency: Option<ResidencyRequirement>,
#[experimental("configRequirements/read.network")]
Expand Down Expand Up @@ -7720,6 +7721,7 @@ mod tests {
allowed_approvals_reviewers: None,
allowed_sandbox_modes: None,
allowed_web_search_modes: None,
allow_managed_hooks_only: None,
feature_requirements: None,
enforce_residency: None,
network: None,
Expand Down
2 changes: 1 addition & 1 deletion codex-rs/app-server/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -204,7 +204,7 @@ Example with notification opt-out:
- `externalAgentConfig/import` — apply selected external-agent migration items by passing explicit `migrationItems` with `cwd` (`null` for home) and any plugin `details` returned by detect.
- `config/value/write` — write a single config key/value to the user's config.toml on disk.
- `config/batchWrite` — apply multiple config edits atomically to the user's config.toml on disk, with optional `reloadUserConfig: true` to hot-reload loaded threads.
- `configRequirements/read` — fetch loaded requirements constraints from `requirements.toml` and/or MDM (or `null` if none are configured), including allow-lists (`allowedApprovalPolicies`, `allowedSandboxModes`, `allowedWebSearchModes`), pinned feature values (`featureRequirements`), `enforceResidency`, and `network` constraints such as canonical domain/socket permissions plus `managedAllowedDomainsOnly`.
- `configRequirements/read` — fetch loaded requirements constraints from `requirements.toml` and/or MDM (or `null` if none are configured), including allow-lists (`allowedApprovalPolicies`, `allowedSandboxModes`, `allowedWebSearchModes`), `allowManagedHooksOnly`, pinned feature values (`featureRequirements`), `enforceResidency`, and `network` constraints such as canonical domain/socket permissions plus `managedAllowedDomainsOnly` and `dangerFullAccessDenylistOnly`.

### Example: Start or resume a thread

Expand Down
5 changes: 5 additions & 0 deletions codex-rs/app-server/src/config_api.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -391,6 +391,7 @@ fn map_requirements_toml_to_api(requirements: ConfigRequirementsToml) -> ConfigR
}
normalized
}),
allow_managed_hooks_only: requirements.allow_managed_hooks_only,
feature_requirements: requirements
.feature_requirements
.map(|requirements| requirements.entries),
Expand Down Expand Up @@ -566,6 +567,7 @@ mod tests {
allowed_web_search_modes: Some(vec![
codex_core::config_loader::WebSearchModeRequirement::Cached,
]),
allow_managed_hooks_only: Some(true),
guardian_policy_config: None,
feature_requirements: Some(codex_core::config_loader::FeatureRequirementsToml {
entries: std::collections::BTreeMap::from([
Expand Down Expand Up @@ -631,6 +633,7 @@ mod tests {
mapped.allowed_web_search_modes,
Some(vec![WebSearchMode::Cached, WebSearchMode::Disabled]),
);
assert_eq!(mapped.allow_managed_hooks_only, Some(true));
assert_eq!(
mapped.feature_requirements,
Some(std::collections::BTreeMap::from([
Expand Down Expand Up @@ -675,6 +678,7 @@ mod tests {
allowed_approvals_reviewers: None,
allowed_sandbox_modes: None,
allowed_web_search_modes: None,
allow_managed_hooks_only: None,
guardian_policy_config: None,
feature_requirements: None,
mcp_servers: None,
Expand Down Expand Up @@ -732,6 +736,7 @@ mod tests {
allowed_approvals_reviewers: None,
allowed_sandbox_modes: None,
allowed_web_search_modes: Some(Vec::new()),
allow_managed_hooks_only: None,
guardian_policy_config: None,
feature_requirements: None,
mcp_servers: None,
Expand Down
16 changes: 16 additions & 0 deletions codex-rs/cloud-requirements/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1165,6 +1165,7 @@ mod tests {
allowed_approvals_reviewers: None,
allowed_sandbox_modes: None,
allowed_web_search_modes: None,
allow_managed_hooks_only: None,
guardian_policy_config: None,
feature_requirements: None,
mcp_servers: None,
Expand Down Expand Up @@ -1194,6 +1195,7 @@ mod tests {
allowed_approvals_reviewers: None,
allowed_sandbox_modes: None,
allowed_web_search_modes: None,
allow_managed_hooks_only: None,
guardian_policy_config: None,
feature_requirements: None,
mcp_servers: None,
Expand Down Expand Up @@ -1223,6 +1225,7 @@ mod tests {
allowed_approvals_reviewers: None,
allowed_sandbox_modes: None,
allowed_web_search_modes: None,
allow_managed_hooks_only: None,
guardian_policy_config: None,
feature_requirements: None,
mcp_servers: None,
Expand Down Expand Up @@ -1269,6 +1272,7 @@ mod tests {
allowed_approvals_reviewers: None,
allowed_sandbox_modes: None,
allowed_web_search_modes: None,
allow_managed_hooks_only: None,
guardian_policy_config: None,
feature_requirements: None,
mcp_servers: None,
Expand Down Expand Up @@ -1351,6 +1355,7 @@ enabled = false
allowed_approvals_reviewers: None,
allowed_sandbox_modes: None,
allowed_web_search_modes: None,
allow_managed_hooks_only: None,
guardian_policy_config: None,
feature_requirements: None,
mcp_servers: None,
Expand Down Expand Up @@ -1423,6 +1428,7 @@ enabled = false
allowed_approvals_reviewers: None,
allowed_sandbox_modes: None,
allowed_web_search_modes: None,
allow_managed_hooks_only: None,
guardian_policy_config: None,
feature_requirements: None,
mcp_servers: None,
Expand Down Expand Up @@ -1493,6 +1499,7 @@ enabled = false
allowed_approvals_reviewers: None,
allowed_sandbox_modes: None,
allowed_web_search_modes: None,
allow_managed_hooks_only: None,
guardian_policy_config: None,
feature_requirements: None,
mcp_servers: None,
Expand Down Expand Up @@ -1690,6 +1697,7 @@ enabled = false
allowed_approvals_reviewers: None,
allowed_sandbox_modes: None,
allowed_web_search_modes: None,
allow_managed_hooks_only: None,
guardian_policy_config: None,
feature_requirements: None,
mcp_servers: None,
Expand Down Expand Up @@ -1725,6 +1733,7 @@ enabled = false
allowed_approvals_reviewers: None,
allowed_sandbox_modes: None,
allowed_web_search_modes: None,
allow_managed_hooks_only: None,
guardian_policy_config: None,
feature_requirements: None,
mcp_servers: None,
Expand Down Expand Up @@ -1780,6 +1789,7 @@ enabled = false
allowed_approvals_reviewers: None,
allowed_sandbox_modes: None,
allowed_web_search_modes: None,
allow_managed_hooks_only: None,
guardian_policy_config: None,
feature_requirements: None,
mcp_servers: None,
Expand Down Expand Up @@ -1830,6 +1840,7 @@ enabled = false
allowed_approvals_reviewers: None,
allowed_sandbox_modes: None,
allowed_web_search_modes: None,
allow_managed_hooks_only: None,
guardian_policy_config: None,
feature_requirements: None,
mcp_servers: None,
Expand Down Expand Up @@ -1884,6 +1895,7 @@ enabled = false
allowed_approvals_reviewers: None,
allowed_sandbox_modes: None,
allowed_web_search_modes: None,
allow_managed_hooks_only: None,
guardian_policy_config: None,
feature_requirements: None,
mcp_servers: None,
Expand Down Expand Up @@ -1939,6 +1951,7 @@ enabled = false
allowed_approvals_reviewers: None,
allowed_sandbox_modes: None,
allowed_web_search_modes: None,
allow_managed_hooks_only: None,
guardian_policy_config: None,
feature_requirements: None,
mcp_servers: None,
Expand Down Expand Up @@ -1994,6 +2007,7 @@ enabled = false
allowed_approvals_reviewers: None,
allowed_sandbox_modes: None,
allowed_web_search_modes: None,
allow_managed_hooks_only: None,
guardian_policy_config: None,
feature_requirements: None,
mcp_servers: None,
Expand Down Expand Up @@ -2082,6 +2096,7 @@ enabled = false
allowed_approvals_reviewers: None,
allowed_sandbox_modes: None,
allowed_web_search_modes: None,
allow_managed_hooks_only: None,
guardian_policy_config: None,
feature_requirements: None,
mcp_servers: None,
Expand Down Expand Up @@ -2109,6 +2124,7 @@ enabled = false
allowed_approvals_reviewers: None,
allowed_sandbox_modes: None,
allowed_web_search_modes: None,
allow_managed_hooks_only: None,
guardian_policy_config: None,
feature_requirements: None,
mcp_servers: None,
Expand Down
21 changes: 21 additions & 0 deletions codex-rs/config/src/config_requirements.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,7 @@ pub struct ConfigRequirements {
pub approvals_reviewer: ConstrainedWithSource<ApprovalsReviewer>,
pub sandbox_policy: ConstrainedWithSource<SandboxPolicy>,
pub web_search_mode: ConstrainedWithSource<WebSearchMode>,
pub allow_managed_hooks_only: Option<Sourced<bool>>,
pub feature_requirements: Option<Sourced<FeatureRequirementsToml>>,
pub mcp_servers: Option<Sourced<BTreeMap<String, McpServerRequirement>>>,
pub exec_policy: Option<Sourced<RequirementsExecPolicy>>,
Expand Down Expand Up @@ -109,6 +110,7 @@ impl Default for ConfigRequirements {
Constrained::allow_any(WebSearchMode::Cached),
/*source*/ None,
),
allow_managed_hooks_only: None,
feature_requirements: None,
mcp_servers: None,
exec_policy: None,
Expand Down Expand Up @@ -496,6 +498,7 @@ pub struct ConfigRequirementsToml {
pub allowed_approvals_reviewers: Option<Vec<ApprovalsReviewer>>,
pub allowed_sandbox_modes: Option<Vec<SandboxModeRequirement>>,
pub allowed_web_search_modes: Option<Vec<WebSearchModeRequirement>>,
pub allow_managed_hooks_only: Option<bool>,
#[serde(rename = "features", alias = "feature_requirements")]
pub feature_requirements: Option<FeatureRequirementsToml>,
pub mcp_servers: Option<BTreeMap<String, McpServerRequirement>>,
Expand Down Expand Up @@ -535,6 +538,7 @@ pub struct ConfigRequirementsWithSources {
pub allowed_approvals_reviewers: Option<Sourced<Vec<ApprovalsReviewer>>>,
pub allowed_sandbox_modes: Option<Sourced<Vec<SandboxModeRequirement>>>,
pub allowed_web_search_modes: Option<Sourced<Vec<WebSearchModeRequirement>>>,
pub allow_managed_hooks_only: Option<Sourced<bool>>,
pub feature_requirements: Option<Sourced<FeatureRequirementsToml>>,
pub mcp_servers: Option<Sourced<BTreeMap<String, McpServerRequirement>>>,
pub apps: Option<Sourced<AppsRequirementsToml>>,
Expand Down Expand Up @@ -567,6 +571,7 @@ impl ConfigRequirementsWithSources {
allowed_approvals_reviewers: _,
allowed_sandbox_modes: _,
allowed_web_search_modes: _,
allow_managed_hooks_only: _,
feature_requirements: _,
mcp_servers: _,
apps: _,
Expand All @@ -593,6 +598,7 @@ impl ConfigRequirementsWithSources {
allowed_approvals_reviewers,
allowed_sandbox_modes,
allowed_web_search_modes,
allow_managed_hooks_only,
feature_requirements,
mcp_servers,
rules,
Expand All @@ -617,6 +623,7 @@ impl ConfigRequirementsWithSources {
allowed_approvals_reviewers,
allowed_sandbox_modes,
allowed_web_search_modes,
allow_managed_hooks_only,
feature_requirements,
mcp_servers,
apps,
Expand All @@ -630,6 +637,7 @@ impl ConfigRequirementsWithSources {
allowed_approvals_reviewers: allowed_approvals_reviewers.map(|sourced| sourced.value),
allowed_sandbox_modes: allowed_sandbox_modes.map(|sourced| sourced.value),
allowed_web_search_modes: allowed_web_search_modes.map(|sourced| sourced.value),
allow_managed_hooks_only: allow_managed_hooks_only.map(|sourced| sourced.value),
feature_requirements: feature_requirements.map(|sourced| sourced.value),
mcp_servers: mcp_servers.map(|sourced| sourced.value),
apps: apps.map(|sourced| sourced.value),
Expand Down Expand Up @@ -680,6 +688,7 @@ impl ConfigRequirementsToml {
&& self.allowed_approvals_reviewers.is_none()
&& self.allowed_sandbox_modes.is_none()
&& self.allowed_web_search_modes.is_none()
&& self.allow_managed_hooks_only.is_none()
&& self
.feature_requirements
.as_ref()
Expand Down Expand Up @@ -708,6 +717,7 @@ impl TryFrom<ConfigRequirementsWithSources> for ConfigRequirements {
allowed_approvals_reviewers,
allowed_sandbox_modes,
allowed_web_search_modes,
allow_managed_hooks_only,
feature_requirements,
mcp_servers,
apps: _apps,
Expand Down Expand Up @@ -924,6 +934,7 @@ impl TryFrom<ConfigRequirementsWithSources> for ConfigRequirements {
approvals_reviewer,
sandbox_policy,
web_search_mode,
allow_managed_hooks_only,
feature_requirements,
mcp_servers,
exec_policy,
Expand Down Expand Up @@ -961,6 +972,7 @@ mod tests {
allowed_approvals_reviewers,
allowed_sandbox_modes,
allowed_web_search_modes,
allow_managed_hooks_only,
feature_requirements,
mcp_servers,
apps,
Expand All @@ -978,6 +990,8 @@ mod tests {
.map(|value| Sourced::new(value, RequirementSource::Unknown)),
allowed_web_search_modes: allowed_web_search_modes
.map(|value| Sourced::new(value, RequirementSource::Unknown)),
allow_managed_hooks_only: allow_managed_hooks_only
.map(|value| Sourced::new(value, RequirementSource::Unknown)),
feature_requirements: feature_requirements
.map(|value| Sourced::new(value, RequirementSource::Unknown)),
mcp_servers: mcp_servers.map(|value| Sourced::new(value, RequirementSource::Unknown)),
Expand Down Expand Up @@ -1021,6 +1035,7 @@ mod tests {
allowed_approvals_reviewers: Some(allowed_approvals_reviewers.clone()),
allowed_sandbox_modes: Some(allowed_sandbox_modes.clone()),
allowed_web_search_modes: Some(allowed_web_search_modes.clone()),
allow_managed_hooks_only: Some(true),
feature_requirements: Some(feature_requirements.clone()),
mcp_servers: None,
apps: None,
Expand Down Expand Up @@ -1048,6 +1063,10 @@ mod tests {
allowed_web_search_modes,
enforce_source.clone(),
)),
allow_managed_hooks_only: Some(Sourced::new(
/*value*/ true,
enforce_source.clone(),
)),
feature_requirements: Some(Sourced::new(
feature_requirements,
enforce_source.clone(),
Expand Down Expand Up @@ -1087,6 +1106,7 @@ mod tests {
allowed_approvals_reviewers: None,
allowed_sandbox_modes: None,
allowed_web_search_modes: None,
allow_managed_hooks_only: None,
feature_requirements: None,
mcp_servers: None,
apps: None,
Expand Down Expand Up @@ -1131,6 +1151,7 @@ mod tests {
allowed_approvals_reviewers: None,
allowed_sandbox_modes: None,
allowed_web_search_modes: None,
allow_managed_hooks_only: None,
feature_requirements: None,
mcp_servers: None,
apps: None,
Expand Down
11 changes: 11 additions & 0 deletions codex-rs/config/src/state.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,17 @@ impl ConfigLayerEntry {
self.disabled_reason.is_some()
}

/// Returns true for config layers controlled by managed policy sources.
pub fn is_managed(&self) -> bool {
matches!(
self.name,
ConfigLayerSource::Mdm { .. }
| ConfigLayerSource::System { .. }
| ConfigLayerSource::LegacyManagedConfigTomlFromFile { .. }
| ConfigLayerSource::LegacyManagedConfigTomlFromMdm
)
}

pub fn raw_toml(&self) -> Option<&str> {
self.raw_toml.as_deref()
}
Expand Down
Loading
Loading