Skip to content

Load app-bundled internal hooks from Codex Desktop#27953

Open
abhinav-oai wants to merge 1 commit into
codex/desktop-distribution-discoveryfrom
codex/minimal-app-bundled-hooks
Open

Load app-bundled internal hooks from Codex Desktop#27953
abhinav-oai wants to merge 1 commit into
codex/desktop-distribution-discoveryfrom
codex/minimal-app-bundled-hooks

Conversation

@abhinav-oai

@abhinav-oai abhinav-oai commented Jun 12, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

Why

App-bundled internal hooks need to execute the bytes shipped with verified Codex Desktop installations, not mutable copies from the plugin cache. This preserves the cache for ordinary plugin capabilities without letting it become a trust source for internal hooks.

What changed

  • load hooks for explicitly opted-in openai-bundled plugins from the trusted Codex Desktop resource tree
  • treat those hooks as app-bundled internals: always enabled, trusted, and hidden from hook listings and lifecycle notifications
  • keep skills, apps, MCP configuration, metadata, and other non-hook plugin capabilities cache-backed
  • fail closed when the Desktop installation or requested resource is unavailable, invalid, or escapes containment

Stack

  1. openai/codex#28253 — trusted Desktop installation discovery and validation
  2. This PR — app-bundled internal hook loading and policy

@abhinav-oai abhinav-oai force-pushed the codex/minimal-app-bundled-hooks branch from d37a18e to 12e33bb Compare June 12, 2026 22:23
@abhinav-oai abhinav-oai changed the title Load trusted internal hooks from Codex Desktop Load app-bundled internal hooks from Codex Desktop Jun 12, 2026
@abhinav-oai abhinav-oai force-pushed the codex/minimal-app-bundled-hooks branch 7 times, most recently from 76ad450 to e43bbf0 Compare June 13, 2026 01:01
abhinav-oai added a commit that referenced this pull request Jun 13, 2026
@abhinav-oai
codex: fix CI failure on PR #27953
87352a1
This was referenced Jun 14, 2026
Open
Open
@abhinav-oai abhinav-oai marked this pull request as ready for review June 14, 2026 18:54
@abhinav-oai abhinav-oai requested a review from a team as a code owner June 14, 2026 18:54
chatgpt-codex-connector[bot]
chatgpt-codex-connector Bot reviewed Jun 14, 2026
View reviewed changes

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: aaa37a6218

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread codex-rs/Cargo.toml Outdated
Comment thread codex-rs/hooks/src/engine/mod.rs
Comment thread codex-rs/hooks/src/engine/mod_tests.rs Outdated
Comment thread codex-rs/Cargo.toml Outdated
@abhinav-oai abhinav-oai force-pushed the codex/minimal-app-bundled-hooks branch from aaa37a6 to 0b8aa16 Compare June 15, 2026 04:22
@abhinav-oai abhinav-oai mentioned this pull request Jun 15, 2026
Open
@abhinav-oai abhinav-oai changed the base branch from main to codex/desktop-distribution-discovery June 15, 2026 04:23
abhinav-oai
abhinav-oai commented Jun 15, 2026
View reviewed changes
Comment thread codex-rs/core/src/hook_runtime.rs
Comment on lines -697 to -721
let hook_name = match run.event_name {
HookEventName::PreToolUse => "PreToolUse",
HookEventName::PermissionRequest => "PermissionRequest",
HookEventName::PostToolUse => "PostToolUse",
HookEventName::PreCompact => "PreCompact",
HookEventName::PostCompact => "PostCompact",
HookEventName::SessionStart => "SessionStart",
HookEventName::UserPromptSubmit => "UserPromptSubmit",
HookEventName::SubagentStart => "SubagentStart",
HookEventName::SubagentStop => "SubagentStop",
HookEventName::Stop => "Stop",
};
let hook_source = match run.source {
HookSource::System => "system",
HookSource::User => "user",
HookSource::Project => "project",
HookSource::Mdm => "mdm",
HookSource::SessionFlags => "session_flags",
HookSource::Plugin => "plugin",
HookSource::CloudRequirements => "cloud_requirements",
HookSource::CloudManagedConfig => "cloud_managed_config",
HookSource::LegacyManagedConfigFile => "legacy_managed_config_file",
HookSource::LegacyManagedConfigMdm => "legacy_managed_config_mdm",
HookSource::Unknown => "unknown",
};

@abhinav-oai abhinav-oai Jun 15, 2026

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

threw this cleanup in here, can ignore for review

@abhinav-oai abhinav-oai force-pushed the codex/minimal-app-bundled-hooks branch from 0b8aa16 to 907bd32 Compare June 15, 2026 05:36
@github-actions github-actions Bot mentioned this pull request Jun 15, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

code-reviewed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@abhinav-oai