Skip to main content

Module guard

Module guard 

Source
Expand description

Guard hook evaluation.

Library logic behind the binary’s hidden guard subcommand: the CLI handler reads the hook payload from stdin and the marker path from argv, calls guard_decision, and writes any deny verdict to stdout. Both layers fail open — a malformed payload or unreadable marker yields “allow”, so the guard can never brick a session.

Functions§

codex_guard_decision
Codex’s hook contract blocks by returning { "decision": "block", "reason": "..." } on stdout. Keep this separate from Claude Code’s hookSpecificOutput shape so both harnesses use their native conventions.
guard_decision
Evaluate a PreToolUse hook payload (the JSON the harness sends on stdin) against marker. Returns the serialized deny verdict to print on stdout when the call is blocked, or None to allow (print nothing). An empty or malformed payload is treated as allow.
read_marker
Read and parse the guard marker. Missing or unparseable → None (the guard then allows everything — fail open).