Expand description
Guard hook evaluation.
Library logic behind the binary’s hidden guard subcommand: the CLI handler
reads the hook payload from stdin and the marker path from argv, calls
guard_decision, and writes any deny verdict to stdout. Both layers fail
open — a malformed payload or unreadable marker yields “allow”, so the guard
can never brick a session.
Functions§
- codex_
guard_ decision - Codex’s hook contract blocks by returning
{ "decision": "block", "reason": "..." }on stdout. Keep this separate from Claude Code’shookSpecificOutputshape so both harnesses use their native conventions. - guard_
decision - Evaluate a PreToolUse hook
payload(the JSON the harness sends on stdin) againstmarker. Returns the serialized deny verdict to print on stdout when the call is blocked, orNoneto allow (print nothing). An empty or malformed payload is treated as allow. - read_
marker - Read and parse the guard marker. Missing or unparseable →
None(the guard then allows everything — fail open).