@guilz-dev/belay 0.1.0

package/dist/adapters/claude/runtime-entry.js

@@ -0,0 +1,260 @@
+import process from 'node:process';
+import { unnormalizedGateVerdict } from '../../core/gate-contract.js';
+import { claudeLayout } from '../layouts/claude.js';
+import { appendObservedAudit, createDefaultGateRuntimeDeps, evaluateGatedAction, gateVerdictToClaudePreToolUseResponse, gateVerdictToClaudeUserPromptResponse, processApprovalPrompt, resolveGateConfig, } from '../shared/gate-runtime.js';
+import { findRepoRoot } from '../shared/repo-root.js';
+async function readStdinJson() {
+    const chunks = [];
+    for await (const chunk of process.stdin) {
+        chunks.push(typeof chunk === 'string' ? chunk : chunk.toString('utf8'));
+    }
+    const raw = chunks.join('').trim();
+    if (!raw) {
+        return {};
+    }
+    try {
+        return JSON.parse(raw);
+    }
+    catch {
+        return {};
+    }
+}
+function jsonResponse(value) {
+    process.stdout.write(`${JSON.stringify(value)}\n`);
+}
+async function loadRuntimeContext(cwd) {
+    const repoRoot = findRepoRoot(cwd, claudeLayout);
+    const configPath = claudeLayout.configPath(repoRoot);
+    const deps = createDefaultGateRuntimeDeps();
+    const config = await resolveGateConfig({ layout: claudeLayout, repoRoot, configPath }, deps);
+    return { layout: claudeLayout, repoRoot, config, configPath };
+}
+function mapClaudeToolName(toolName) {
+    if (toolName === 'Bash') {
+        return 'shell';
+    }
+    if (toolName === 'Task') {
+        return 'subagent';
+    }
+    if (toolName === 'Write' ||
+        toolName === 'Edit' ||
+        toolName === 'Delete' ||
+        toolName === 'NotebookEdit' ||
+        toolName === 'MultiEdit') {
+        return 'tool';
+    }
+    if (toolName.startsWith('mcp__')) {
+        return 'mcp';
+    }
+    return null;
+}
+function normalizeClaudeToolPayload(toolName, payload) {
+    if (toolName === 'Bash') {
+        const toolInput = payload.tool_input;
+        const command = toolInput && typeof toolInput === 'object'
+            ? String(toolInput.command ?? '')
+            : '';
+        return {
+            tool_name: 'Shell',
+            tool_input: { command },
+        };
+    }
+    if (toolName === 'Task') {
+        return payload;
+    }
+    if (toolName === 'Edit') {
+        const toolInput = payload.tool_input;
+        const filePath = toolInput && typeof toolInput === 'object'
+            ? String(toolInput.file_path ?? '')
+            : '';
+        return {
+            tool_name: 'StrReplace',
+            tool_input: { path: filePath },
+        };
+    }
+    if (toolName === 'Write') {
+        const toolInput = payload.tool_input;
+        const filePath = toolInput && typeof toolInput === 'object'
+            ? String(toolInput.file_path ?? '')
+            : '';
+        return {
+            tool_name: 'Write',
+            tool_input: { path: filePath },
+        };
+    }
+    if (toolName === 'Delete') {
+        const toolInput = payload.tool_input;
+        const filePath = toolInput && typeof toolInput === 'object'
+            ? String(toolInput.path ?? '')
+            : '';
+        return {
+            tool_name: 'Delete',
+            tool_input: { path: filePath },
+        };
+    }
+    if (toolName === 'NotebookEdit' || toolName === 'MultiEdit') {
+        const toolInput = payload.tool_input;
+        const input = toolInput && typeof toolInput === 'object' ? toolInput : null;
+        const directPath = typeof input?.file_path === 'string'
+            ? input.file_path
+            : typeof input?.path === 'string'
+                ? input.path
+                : null;
+        if (!directPath) {
+            return null;
+        }
+        return {
+            tool_name: toolName === 'NotebookEdit' ? 'Write' : 'StrReplace',
+            tool_input: { path: directPath },
+        };
+    }
+    return null;
+}
+export async function runBeforeSubmitPromptHook() {
+    try {
+        const payload = await readStdinJson();
+        const prompt = String(payload.prompt ?? process.env.CLAUDE_USER_PROMPT ?? '');
+        const ctx = await loadRuntimeContext(process.cwd());
+        const deps = createDefaultGateRuntimeDeps();
+        const result = await processApprovalPrompt(ctx, deps, prompt);
+        jsonResponse(gateVerdictToClaudeUserPromptResponse(result));
+    }
+    catch {
+        jsonResponse({
+            hookSpecificOutput: {
+                hookEventName: 'UserPromptSubmit',
+                continue: false,
+                user_message: 'belay failed while processing approval state. Run belay doctor, then retry.',
+            },
+        });
+    }
+}
+export async function runShellGateHook() {
+    try {
+        const payload = await readStdinJson();
+        const toolInput = payload.tool_input;
+        const command = toolInput && typeof toolInput === 'object'
+            ? String(toolInput.command ?? '')
+            : String(payload.command ?? '');
+        const cwd = process.cwd();
+        const ctx = await loadRuntimeContext(cwd);
+        const deps = createDefaultGateRuntimeDeps();
+        const verdict = await evaluateGatedAction(ctx, deps, {
+            kind: 'shell',
+            cwd,
+            command,
+            payload,
+            toolName: 'Bash',
+        });
+        jsonResponse(gateVerdictToClaudePreToolUseResponse(verdict));
+    }
+    catch {
+        jsonResponse({
+            hookSpecificOutput: {
+                hookEventName: 'PreToolUse',
+                permissionDecision: 'deny',
+                permissionDecisionReason: 'belay failed while classifying this shell command. Run belay doctor, then retry.',
+            },
+        });
+    }
+}
+export async function runToolGateHook(_eventName) {
+    try {
+        const payload = await readStdinJson();
+        const cwd = process.cwd();
+        const ctx = await loadRuntimeContext(cwd);
+        const deps = createDefaultGateRuntimeDeps();
+        const toolName = String(payload.tool_name ?? '');
+        const mappedKind = mapClaudeToolName(toolName);
+        if (mappedKind === 'mcp') {
+            await deps.appendAudit(ctx, {
+                event: 'preToolUse',
+                kind: 'tool',
+                verdict: 'deny_pending_approval',
+                reason: 'unsupported_mcp_tool',
+                mode: ctx.config.mode,
+                wouldBlock: true,
+                permission: 'deny',
+                summary: toolName,
+            });
+            const verdict = unnormalizedGateVerdict({
+                reason: 'unsupported_mcp_tool',
+                mode: ctx.config.mode,
+                user_message: 'belay blocked this MCP tool because Claude MCP payloads are not normalized safely yet.',
+                agent_message: 'Belay denied this MCP tool because its payload shape is unsupported.',
+            });
+            jsonResponse(gateVerdictToClaudePreToolUseResponse(verdict));
+            return;
+        }
+        if (!mappedKind) {
+            await deps.appendAudit(ctx, {
+                event: 'preToolUse',
+                kind: 'tool',
+                verdict: 'deny_pending_approval',
+                reason: 'unmapped_tool',
+                mode: ctx.config.mode,
+                wouldBlock: true,
+                permission: 'deny',
+                summary: toolName,
+            });
+            const verdict = unnormalizedGateVerdict({
+                reason: 'unmapped_tool',
+                mode: ctx.config.mode,
+                user_message: 'belay does not recognize this tool action. Run belay doctor, then retry.',
+                agent_message: 'Belay denied this action because the tool could not be normalized.',
+            });
+            jsonResponse(gateVerdictToClaudePreToolUseResponse(verdict));
+            return;
+        }
+        const normalizedPayload = normalizeClaudeToolPayload(toolName, payload);
+        if (!normalizedPayload) {
+            await deps.appendAudit(ctx, {
+                event: 'preToolUse',
+                kind: 'tool',
+                verdict: 'deny_pending_approval',
+                reason: 'normalization_failed',
+                mode: ctx.config.mode,
+                wouldBlock: true,
+                permission: 'deny',
+                summary: toolName,
+            });
+            const verdict = unnormalizedGateVerdict({
+                reason: 'normalization_failed',
+                mode: ctx.config.mode,
+                user_message: 'belay could not normalize this Claude tool payload. Run belay doctor, then retry.',
+                agent_message: 'Belay denied this action because the Claude tool payload could not be normalized.',
+            });
+            jsonResponse(gateVerdictToClaudePreToolUseResponse(verdict));
+            return;
+        }
+        const verdict = await evaluateGatedAction(ctx, deps, {
+            kind: mappedKind,
+            cwd,
+            payload: normalizedPayload,
+            toolName,
+        });
+        jsonResponse(gateVerdictToClaudePreToolUseResponse(verdict));
+    }
+    catch {
+        jsonResponse({
+            hookSpecificOutput: {
+                hookEventName: 'PreToolUse',
+                permissionDecision: 'deny',
+                permissionDecisionReason: 'belay failed while classifying this tool action. Run belay doctor, then retry.',
+            },
+        });
+    }
+}
+export async function runAuditHook(eventName) {
+    try {
+        const payload = await readStdinJson();
+        const ctx = await loadRuntimeContext(process.cwd());
+        const deps = createDefaultGateRuntimeDeps();
+        await appendObservedAudit(ctx, deps, eventName, payload);
+        jsonResponse({});
+    }
+    catch (error) {
+        console.error('belay audit hook failed:', error instanceof Error ? error.message : String(error));
+        jsonResponse({});
+    }
+}

package/dist/adapters/codex/adapter.d.ts

@@ -0,0 +1,7 @@
+import type { BelayAdapter } from '../types.js';
+export declare const codexAdapter: BelayAdapter;
+export declare function codexPaths(repoRoot: string): {
+    config: string;
+    hooks: string;
+    runtime: string;
+};

package/dist/adapters/codex/adapter.js

@@ -0,0 +1,73 @@
+import { existsSync } from 'node:fs';
+import { mkdir, readFile, writeFile } from 'node:fs/promises';
+import path from 'node:path';
+import { doctorProject } from '../../commands/doctor.js';
+import { mergeAndWriteConfig } from '../../config-io.js';
+import { runtimeIntegrityFiles, writeIntegrityManifest } from '../../core/integrity.js';
+import { bootstrapStateFiles, writeSkillArtifacts } from '../../installer/bootstrap.js';
+import { writeRuntimeArtifacts } from '../../installer/runtime-artifacts.js';
+import { applyInstallScope, resolveOperationScope } from '../../installer/scope-config.js';
+import { codexLayout } from '../layouts/codex.js';
+import { resolveScopedPaths } from '../layouts/scope.js';
+import { getCodexManagedHookEntries, mergeCodexHooksToml } from './hooks.js';
+async function loadCodexConfigToml(configTomlPath) {
+    if (!existsSync(configTomlPath)) {
+        return '';
+    }
+    return readFile(configTomlPath, 'utf8');
+}
+async function writeCodexHooksConfig(paths, repoRoot) {
+    const configTomlPath = paths.hooksSettingsPath;
+    const existing = await loadCodexConfigToml(configTomlPath);
+    const merged = mergeCodexHooksToml(existing, process.platform, paths.hooksDir, repoRoot);
+    await mkdir(path.dirname(configTomlPath), { recursive: true });
+    await writeFile(configTomlPath, merged, 'utf8');
+}
+async function installCodexBase(repoRoot, options) {
+    const scope = await resolveOperationScope(repoRoot, 'codex', options);
+    const paths = resolveScopedPaths(codexLayout, scope, repoRoot);
+    const config = await mergeAndWriteConfig(repoRoot, 'codex');
+    await applyInstallScope(repoRoot, 'codex', scope, config);
+    await writeRuntimeArtifacts('codex', paths);
+    await bootstrapStateFiles(repoRoot, config, paths);
+    if (options.withSkill) {
+        await writeSkillArtifacts('codex', paths);
+    }
+    await writeCodexHooksConfig(paths, repoRoot);
+    await writeIntegrityManifest(repoRoot, codexLayout, runtimeIntegrityFiles(codexLayout, paths));
+}
+export const codexAdapter = {
+    name: 'codex',
+    layout: codexLayout,
+    async install(repoRoot, options = {}) {
+        await installCodexBase(repoRoot, options);
+        return { repoRoot, withSkill: options.withSkill === true };
+    },
+    async upgrade(repoRoot, options = {}) {
+        const scope = await resolveOperationScope(repoRoot, 'codex', options);
+        const paths = resolveScopedPaths(codexLayout, scope, repoRoot);
+        const config = await mergeAndWriteConfig(repoRoot, 'codex');
+        await applyInstallScope(repoRoot, 'codex', scope, config);
+        await writeRuntimeArtifacts('codex', paths);
+        await writeCodexHooksConfig(paths, repoRoot);
+        if (options.withSkill) {
+            await writeSkillArtifacts('codex', paths);
+        }
+        await writeIntegrityManifest(repoRoot, codexLayout, runtimeIntegrityFiles(codexLayout, paths));
+        return { repoRoot };
+    },
+    async doctor(options = {}) {
+        return doctorProject({ ...options, adapter: 'codex' });
+    },
+    hookEvents() {
+        return getCodexManagedHookEntries(process.platform);
+    },
+};
+export function codexPaths(repoRoot) {
+    const resolved = path.resolve(repoRoot);
+    return {
+        config: codexLayout.configPath(resolved),
+        hooks: codexLayout.hooksSettingsPath(resolved),
+        runtime: path.join(codexLayout.runtimeDir(resolved), 'core.mjs'),
+    };
+}

package/dist/adapters/codex/hooks.d.ts

@@ -0,0 +1,21 @@
+export declare const CODEX_HOOKS_BEGIN = "# --- BELAY MANAGED HOOKS BEGIN (managed by belay; do not edit) ---";
+export declare const CODEX_HOOKS_END = "# --- BELAY MANAGED HOOKS END ---";
+/**
+ * Render belay's Codex lifecycle hooks as a marker-delimited TOML block for `.codex/config.toml`.
+ * The block is replaced wholesale on re-init/upgrade (see mergeCodexHooksToml), so we avoid a
+ * full TOML parser while staying idempotent.
+ */
+export declare function renderCodexHooksToml(platform: NodeJS.Platform, hooksDir: string, repoRoot: string): string;
+/**
+ * Merge belay's managed hooks block into an existing `.codex/config.toml` body idempotently:
+ * strip any prior BELAY MANAGED HOOKS block, then append the freshly rendered one.
+ */
+export declare function mergeCodexHooksToml(existing: string, platform: NodeJS.Platform, hooksDir: string, repoRoot: string): string;
+export declare function getCodexManagedHookEntries(platform?: NodeJS.Platform, hooksDir?: string, repoRoot?: string): Array<{
+    event: string;
+    definition: {
+        command: string;
+        placement: 'prepend';
+        matcher?: string;
+    };
+}>;

package/dist/adapters/codex/hooks.js

@@ -0,0 +1,78 @@
+import path from 'node:path';
+import { buildRunnerInvocation } from '../layouts/scope.js';
+export const CODEX_HOOKS_BEGIN = '# --- BELAY MANAGED HOOKS BEGIN (managed by belay; do not edit) ---';
+export const CODEX_HOOKS_END = '# --- BELAY MANAGED HOOKS END ---';
+const HOOK_TIMEOUT_SECONDS = 30;
+const CODEX_HOOK_SPECS = [
+    { event: 'PreToolUse', matcher: '.*', runnerArgs: ['belay-tool-gate', 'PreToolUse'] },
+    { event: 'SubagentStart', runnerArgs: ['belay-tool-gate', 'SubagentStart'] },
+    { event: 'UserPromptSubmit', runnerArgs: ['belay-before-submit'] },
+    { event: 'PostToolUse', runnerArgs: ['belay-audit', 'PostToolUse'] },
+];
+function tomlString(value) {
+    return `"${value.replaceAll('\\', '\\\\').replaceAll('"', '\\"')}"`;
+}
+function runnerCommand(platform, hooksDir, repoRoot, hookName, ...args) {
+    return buildRunnerInvocation(platform, hooksDir, repoRoot, hookName, ...args);
+}
+/**
+ * Render belay's Codex lifecycle hooks as a marker-delimited TOML block for `.codex/config.toml`.
+ * The block is replaced wholesale on re-init/upgrade (see mergeCodexHooksToml), so we avoid a
+ * full TOML parser while staying idempotent.
+ */
+export function renderCodexHooksToml(platform, hooksDir, repoRoot) {
+    const lines = [CODEX_HOOKS_BEGIN];
+    for (const spec of CODEX_HOOK_SPECS) {
+        const command = runnerCommand(platform, hooksDir, repoRoot, spec.runnerArgs[0], ...spec.runnerArgs.slice(1));
+        lines.push('');
+        lines.push(`[[hooks.${spec.event}]]`);
+        if (spec.matcher !== undefined) {
+            lines.push(`matcher = ${tomlString(spec.matcher)}`);
+        }
+        lines.push(`[[hooks.${spec.event}.hooks]]`);
+        lines.push('type = "command"');
+        lines.push(`command = ${tomlString(command)}`);
+        lines.push(`timeout = ${HOOK_TIMEOUT_SECONDS}`);
+    }
+    lines.push('');
+    lines.push(CODEX_HOOKS_END);
+    return `${lines.join('\n')}\n`;
+}
+/**
+ * Merge belay's managed hooks block into an existing `.codex/config.toml` body idempotently:
+ * strip any prior BELAY MANAGED HOOKS block, then append the freshly rendered one.
+ */
+export function mergeCodexHooksToml(existing, platform, hooksDir, repoRoot) {
+    const block = renderCodexHooksToml(platform, hooksDir, repoRoot);
+    const stripped = stripManagedBlock(existing);
+    const base = stripped.replace(/\s*$/, '');
+    if (base.length === 0) {
+        return block;
+    }
+    return `${base}\n\n${block}`;
+}
+function stripManagedBlock(content) {
+    const begin = content.indexOf(CODEX_HOOKS_BEGIN);
+    if (begin === -1) {
+        return content;
+    }
+    const endMarker = content.indexOf(CODEX_HOOKS_END, begin);
+    if (endMarker === -1) {
+        // Malformed (begin without end): drop from begin to EOF to avoid leaving a broken block.
+        return content.slice(0, begin);
+    }
+    return content.slice(0, begin) + content.slice(endMarker + CODEX_HOOKS_END.length);
+}
+// Used by adapter.hookEvents() for diagnostics/parity with other adapters.
+export function getCodexManagedHookEntries(platform = process.platform, hooksDir, repoRoot) {
+    const resolvedRepo = path.resolve(repoRoot ?? process.cwd());
+    const resolvedHooksDir = hooksDir ?? path.join(resolvedRepo, '.codex', 'hooks');
+    return CODEX_HOOK_SPECS.map((spec) => ({
+        event: spec.event,
+        definition: {
+            command: runnerCommand(platform, resolvedHooksDir, resolvedRepo, spec.runnerArgs[0], ...spec.runnerArgs.slice(1)),
+            placement: 'prepend',
+            matcher: spec.matcher,
+        },
+    }));
+}

package/dist/adapters/codex/runtime-entry.d.ts

@@ -0,0 +1,4 @@
+export declare function runBeforeSubmitPromptHook(): Promise<void>;
+export declare function runToolGateHook(eventName: string): Promise<void>;
+export declare function runShellGateHook(): Promise<void>;
+export declare function runAuditHook(eventName: string): Promise<void>;

package/dist/adapters/codex/runtime-entry.js

@@ -0,0 +1,237 @@
+import process from 'node:process';
+import { codexLayout } from '../layouts/codex.js';
+import { appendObservedAudit, createDefaultGateRuntimeDeps, evaluateGatedAction, gateUnmappedToolVerdict, gateVerdictToCodexPreToolUseResponse, gateVerdictToCodexUserPromptResponse, processApprovalPrompt, resolveGateConfig, } from '../shared/gate-runtime.js';
+import { findRepoRoot } from '../shared/repo-root.js';
+async function readStdinJson() {
+    const chunks = [];
+    for await (const chunk of process.stdin) {
+        chunks.push(typeof chunk === 'string' ? chunk : chunk.toString('utf8'));
+    }
+    const raw = chunks.join('').trim();
+    if (!raw) {
+        return {};
+    }
+    try {
+        return JSON.parse(raw);
+    }
+    catch {
+        return {};
+    }
+}
+function jsonResponse(value) {
+    process.stdout.write(`${JSON.stringify(value)}\n`);
+}
+async function loadRuntimeContext(cwd) {
+    const repoRoot = findRepoRoot(cwd, codexLayout);
+    const configPath = codexLayout.configPath(repoRoot);
+    const deps = createDefaultGateRuntimeDeps();
+    const config = await resolveGateConfig({ layout: codexLayout, repoRoot, configPath }, deps);
+    return { layout: codexLayout, repoRoot, config, configPath };
+}
+// shell is confirmed as tool_name:"Bash" / tool_input:{command} (TUI smoke).
+// Non-shell names (apply_patch / read-family / subagent variants) are still best-guess pending
+// the belay-adapter TUI smoke (G-B2). Unknown names ask with pending approval (R39).
+function mapCodexToolName(toolName) {
+    const name = toolName.toLowerCase();
+    if (name === 'shell' ||
+        name === 'bash' ||
+        name === 'local_shell' ||
+        name === 'exec_command' ||
+        name === 'unified_exec') {
+        return 'shell';
+    }
+    if (name === 'task' || name === 'spawn' || name === 'subagent') {
+        return 'subagent';
+    }
+    if (name === 'read' ||
+        name === 'grep' ||
+        name === 'glob' ||
+        name === 'ls' ||
+        name === 'view' ||
+        name === 'search' ||
+        name === 'apply_patch' ||
+        name === 'write' ||
+        name === 'edit' ||
+        name === 'multiedit' ||
+        name === 'patch' ||
+        name === 'delete' ||
+        name === 'strreplace' ||
+        name === 'str_replace') {
+        return 'tool';
+    }
+    return null;
+}
+function resolveCodexGateKind(eventName, toolName) {
+    if (eventName === 'SubagentStart') {
+        return 'subagent';
+    }
+    return mapCodexToolName(toolName);
+}
+function extractString(value, ...keys) {
+    if (!value || typeof value !== 'object') {
+        return '';
+    }
+    const record = value;
+    for (const key of keys) {
+        if (typeof record[key] === 'string') {
+            return record[key];
+        }
+    }
+    return '';
+}
+function normalizeCodexToolPayload(kind, payload) {
+    const toolInput = payload.tool_input;
+    if (kind === 'shell') {
+        return {
+            tool_name: 'Shell',
+            tool_input: { command: extractString(toolInput, 'command', 'cmd') },
+        };
+    }
+    if (kind === 'tool') {
+        const toolName = String(payload.tool_name ?? payload.toolName ?? '');
+        const lowered = toolName.toLowerCase();
+        if (lowered === 'write') {
+            return {
+                tool_name: 'Write',
+                tool_input: {
+                    path: extractString(toolInput, 'path', 'file_path', 'filename'),
+                },
+            };
+        }
+        if (lowered === 'delete') {
+            return {
+                tool_name: 'Delete',
+                tool_input: {
+                    path: extractString(toolInput, 'path', 'file_path', 'filename'),
+                },
+            };
+        }
+        if (lowered === 'edit' ||
+            lowered === 'multiedit' ||
+            lowered === 'patch' ||
+            lowered === 'strreplace' ||
+            lowered === 'str_replace') {
+            return {
+                tool_name: 'StrReplace',
+                tool_input: {
+                    path: extractString(toolInput, 'path', 'file_path', 'filename'),
+                },
+            };
+        }
+        if (lowered === 'apply_patch') {
+            return {
+                tool_name: 'ApplyPatch',
+                tool_input: {
+                    patch: extractString(toolInput, 'patch', 'input', 'text'),
+                },
+            };
+        }
+        return {
+            tool_name: toolName,
+            tool_input: typeof toolInput === 'object' && toolInput ? toolInput : {},
+        };
+    }
+    return payload;
+}
+export async function runBeforeSubmitPromptHook() {
+    try {
+        const payload = await readStdinJson();
+        const prompt = String(payload.prompt ?? payload.user_message ?? '');
+        const ctx = await loadRuntimeContext(process.cwd());
+        const deps = createDefaultGateRuntimeDeps();
+        const result = await processApprovalPrompt(ctx, deps, prompt);
+        jsonResponse(gateVerdictToCodexUserPromptResponse(result));
+    }
+    catch {
+        jsonResponse({
+            decision: 'block',
+            reason: 'belay failed while processing approval state. Run belay doctor, then retry.',
+        });
+    }
+}
+// Codex routes all PreToolUse through this unified handler (matcher ".*"), since the exact
+// shell tool name is not yet confirmed. SubagentStart is also routed to this handler.
+// Unmapped tools/events ask with pending approval (R39) to avoid silent bypass without hard block.
+export async function runToolGateHook(eventName) {
+    try {
+        const payload = await readStdinJson();
+        const cwd = process.cwd();
+        const toolName = String(payload.tool_name ?? payload.toolName ?? '');
+        const kind = resolveCodexGateKind(eventName, toolName);
+        const ctx = await loadRuntimeContext(cwd);
+        const deps = createDefaultGateRuntimeDeps();
+        if (!kind) {
+            // Unmapped Codex tool. Policy-driven: default 'deny' asks with pending approval (R39).
+            // 'allow' is the opt-out — pass the tool but record it to audit for vocabulary learning.
+            const policy = ctx.config.policy?.codexUnmappedTool ?? 'deny';
+            if (policy === 'allow') {
+                await appendObservedAudit(ctx, deps, eventName, payload);
+                jsonResponse({});
+                return;
+            }
+            const verdict = await gateUnmappedToolVerdict(ctx, deps, toolName, payload);
+            jsonResponse(gateVerdictToCodexPreToolUseResponse(verdict));
+            return;
+        }
+        const normalizedPayload = normalizeCodexToolPayload(kind, payload);
+        const verdict = await evaluateGatedAction(ctx, deps, {
+            kind,
+            cwd,
+            command: kind === 'shell' ? extractString(normalizedPayload.tool_input, 'command') : undefined,
+            payload: normalizedPayload,
+            toolName,
+        });
+        jsonResponse(gateVerdictToCodexPreToolUseResponse(verdict));
+    }
+    catch {
+        // Fail-closed: deny on classifier failure (belay is a floor).
+        jsonResponse({
+            hookSpecificOutput: {
+                hookEventName: 'PreToolUse',
+                permissionDecision: 'deny',
+                permissionDecisionReason: 'belay failed while classifying this tool action. Run belay doctor, then retry.',
+            },
+        });
+    }
+}
+// Provided for symmetry with the shared templates; not wired by default (Codex routes shell
+// through the unified PreToolUse handler above).
+export async function runShellGateHook() {
+    try {
+        const payload = await readStdinJson();
+        const command = extractString(payload.tool_input, 'command') || String(payload.command ?? '');
+        const cwd = process.cwd();
+        const ctx = await loadRuntimeContext(cwd);
+        const deps = createDefaultGateRuntimeDeps();
+        const verdict = await evaluateGatedAction(ctx, deps, {
+            kind: 'shell',
+            cwd,
+            command,
+            payload,
+            toolName: 'Shell',
+        });
+        jsonResponse(gateVerdictToCodexPreToolUseResponse(verdict));
+    }
+    catch {
+        jsonResponse({
+            hookSpecificOutput: {
+                hookEventName: 'PreToolUse',
+                permissionDecision: 'deny',
+                permissionDecisionReason: 'belay failed while classifying this shell command. Run belay doctor, then retry.',
+            },
+        });
+    }
+}
+export async function runAuditHook(eventName) {
+    try {
+        const payload = await readStdinJson();
+        const ctx = await loadRuntimeContext(process.cwd());
+        const deps = createDefaultGateRuntimeDeps();
+        await appendObservedAudit(ctx, deps, eventName, payload);
+        jsonResponse({});
+    }
+    catch (error) {
+        console.error('belay audit hook failed:', error instanceof Error ? error.message : String(error));
+        jsonResponse({});
+    }
+}