Skip to content

Instantly share code, notes, and snippets.

@mberman84
Last active July 17, 2026 03:54
Show Gist options
  • Select an option

  • Save mberman84/b4e22cb3ac7782a1c43d5324a0413505 to your computer and use it in GitHub Desktop.

Select an option

Save mberman84/b4e22cb3ac7782a1c43d5324a0413505 to your computer and use it in GitHub Desktop.
hook prompt
Set up these as real Codex lifecycle hooks by following the official documentation:
https://learn.chatgpt.com/docs/hooks
Important: use ~/.codex/hooks.json and a PreToolUse command hook. Do not implement this only as a ~/.codex/rules/*.rules execution-policy file.
First inspect any existing hooks and preserve them. Then:
1. Create or merge ~/.codex/hooks.json with a PreToolUse matcher for Bash.
2. Create ~/.codex/hooks/destructive_commands.py.
3. The script must read the hook JSON payload from stdin and inspect tool_input.command.
4. Block these command prefixes with the listed reasons:
- rm -rf / — Never delete the root filesystem.
- rm -rf /* — Never delete the contents of the root filesystem.
- rm -rf ~ — Never delete the entire home directory.
- rm -rf $HOME — Never delete the entire home directory.
- rm -rf /Users — Never delete all user directories.
- rm -rf /System — Never delete macOS system files.
- diskutil eraseDisk — Never erase or repartition a disk.
- diskutil eraseVolume — Never erase or repartition a disk.
- diskutil partitionDisk — Never erase or repartition a disk.
- mkfs — Never format a filesystem.
The hook should return Codex’s documented PreToolUse denial shape:
{
"hookSpecificOutput": {
"hookEventName": "PreToolUse",
"permissionDecision": "deny",
"permissionDecisionReason": "..."
}
}
Handle shell command segments such as `echo ok; rm -rf /`, while avoiding actual execution of any destructive command. Preserve existing hooks, use portable Python invocation, and do not modify unrelated configuration.
Validate the result by:
- parsing hooks.json;
- compiling the Python script;
- feeding synthetic JSON fixtures for every blocked command;
- feeding safe commands and confirming they are allowed;
- confirming the hook appears through Codex’s `/hooks` command.
Tell me exactly which files changed and remind me that I must review/trust the non-managed hook in `/hooks`.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment