@pushary/agent-hooks 0.12.0 → 0.14.0

package/dist/bin/pushary-clean.js

@@ -2,10 +2,11 @@
 import {
   removeClaudeMcpServers,
   removePusharySettings
-} from "../chunk-5GFUI5N6.js";
+} from "../chunk-5MA3CPZB.js";
 import {
-  execNpm
-} from "../chunk-RSHN2AQ7.js";
+  execNpm,
+  removeCodexHooks
+} from "../chunk-2HMNOZPY.js";
 
 // bin/pushary-clean.ts
 import { existsSync, readFileSync, writeFileSync, rmSync } from "fs";
@@ -121,6 +122,18 @@ var main = async () => {
   } catch {
     console.log(`  ${skip} Codex config ${dim("(not found)")}`);
   }
+  const codexHooksJson = join(homedir(), ".codex", "hooks.json");
+  const codexHooksData = readJson(codexHooksJson);
+  if (codexHooksData) {
+    if (removeCodexHooks(codexHooksData)) {
+      writeJson(codexHooksJson, codexHooksData);
+      console.log(`  ${check} Codex hooks ${dim("(removed from ~/.codex/hooks.json)")}`);
+    } else {
+      console.log(`  ${skip} Codex hooks ${dim("(no pushary entries)")}`);
+    }
+  } else {
+    console.log(`  ${skip} Codex hooks ${dim("(not found)")}`);
+  }
   for (const shellFile of SHELL_FILES) {
     try {
       const content = readFileSync(shellFile, "utf-8");

package/dist/bin/pushary-codex-hook.d.ts

@@ -0,0 +1 @@
+#!/usr/bin/env node

package/dist/bin/pushary-codex-hook.js

@@ -0,0 +1,298 @@
+#!/usr/bin/env node
+import {
+  handlePostToolUse,
+  handleStop,
+  handleUserPrompt,
+  reportEvent
+} from "../chunk-SH26ZOHU.js";
+import {
+  DEFAULT_SESSION,
+  askUser,
+  deriveToolTarget,
+  describeToolCall,
+  fetchModeState,
+  getMachineId,
+  getPolicy,
+  resolvePolicy,
+  savePendingQuestion,
+  sendNotification,
+  waitForAnswer
+} from "../chunk-QRXWPZKN.js";
+import "../chunk-22CV7V7A.js";
+import "../chunk-3MIR7ODJ.js";
+import {
+  getApiKey
+} from "../chunk-VUNL35KE.js";
+
+// bin/pushary-codex-hook.ts
+import { basename, join } from "path";
+import { tmpdir } from "os";
+import { existsSync, mkdirSync, statSync, unlinkSync, writeFileSync } from "fs";
+
+// src/codex-adapter.ts
+var CODEX_AGENT = { type: "codex", label: "Codex" };
+var codexAllow = () => ({ kind: "allow" });
+var codexDeny = (reason) => ({ kind: "deny", reason });
+var codexPass = () => ({ kind: "pass" });
+var toCodexWire = (event, decision) => {
+  if (event === "PermissionRequest") {
+    if (decision.kind === "allow") {
+      return {
+        hookSpecificOutput: {
+          hookEventName: "PermissionRequest",
+          decision: { behavior: "allow" }
+        }
+      };
+    }
+    if (decision.kind === "deny") {
+      return {
+        hookSpecificOutput: {
+          hookEventName: "PermissionRequest",
+          decision: { behavior: "deny", message: decision.reason }
+        }
+      };
+    }
+    return null;
+  }
+  if (event === "PreToolUse" && decision.kind === "deny") {
+    return {
+      hookSpecificOutput: {
+        hookEventName: "PreToolUse",
+        permissionDecision: "deny",
+        permissionDecisionReason: decision.reason
+      }
+    };
+  }
+  return null;
+};
+var toPolicyLookup = (toolName, toolInput) => {
+  if (toolName !== "apply_patch") return { tool: toolName, input: toolInput };
+  const command = toolInput.command;
+  return {
+    tool: "Edit",
+    input: typeof command === "string" ? { file_path: command } : {}
+  };
+};
+var permissionTimeoutDecision = (timeoutAction) => {
+  if (timeoutAction === "approve") return codexAllow();
+  if (timeoutAction === "deny") return codexDeny("No response within timeout");
+  return codexPass();
+};
+var preToolUseTimeoutDecision = (timeoutAction, denyReason = "No response within timeout") => timeoutAction === "deny" ? codexDeny(denyReason) : codexPass();
+
+// bin/pushary-codex-hook.ts
+var KILL_REASON = "Stopped by user: this agent was halted from Pushary";
+var MAX_WAIT_SECONDS = 170;
+var APPROVAL_DIR = join(tmpdir(), "pushary-codex-approvals");
+var APPROVAL_TTL_MS = 10 * 60 * 1e3;
+var sanitizeId = (value) => value.replace(/[^A-Za-z0-9_-]/g, "_").slice(0, 128);
+var markApproved = (toolUseId) => {
+  if (!toolUseId) return;
+  try {
+    if (!existsSync(APPROVAL_DIR)) mkdirSync(APPROVAL_DIR, { recursive: true });
+    writeFileSync(join(APPROVAL_DIR, sanitizeId(toolUseId)), "", "utf-8");
+  } catch {
+  }
+};
+var consumeApproval = (toolUseId) => {
+  if (!toolUseId) return false;
+  const path = join(APPROVAL_DIR, sanitizeId(toolUseId));
+  try {
+    const fresh = Date.now() - statSync(path).mtimeMs < APPROVAL_TTL_MS;
+    unlinkSync(path);
+    return fresh;
+  } catch {
+    return false;
+  }
+};
+var sleep = (ms) => new Promise((resolve) => setTimeout(resolve, ms));
+var pollForAnswer = async (apiKey, correlationId, deadlineMs, pollInterval = 2e3) => {
+  while (Date.now() < deadlineMs) {
+    const remaining = Math.min(Math.max(deadlineMs - Date.now(), 1e3), 3e4);
+    let answer;
+    try {
+      answer = await waitForAnswer(apiKey, correlationId, remaining);
+    } catch {
+      if (Date.now() + pollInterval >= deadlineMs) break;
+      await sleep(pollInterval);
+      continue;
+    }
+    if (answer.answered) return answer;
+    if (Date.now() + pollInterval >= deadlineMs) break;
+    await sleep(pollInterval);
+  }
+  return { answered: false };
+};
+var agentNameFor = (input) => `Codex - ${basename(input.cwd ?? process.cwd())}`;
+var pushQuestion = async (apiKey, input, waitSeconds) => {
+  const toolName = input.tool_name ?? "";
+  const toolInput = input.tool_input ?? {};
+  const projectName = basename(input.cwd ?? process.cwd());
+  const description = describeToolCall(toolName, toolInput, "hook");
+  const result = await askUser(apiKey, {
+    question: `Allow ${description}?`,
+    type: "confirm",
+    context: `Agent wants to run this in ${projectName}`,
+    agentName: agentNameFor(input),
+    sessionId: input.session_id,
+    machineId: getMachineId(),
+    toolName,
+    toolTarget: deriveToolTarget(toolName, toolInput)
+  });
+  const deadline = Date.now() + Math.min(waitSeconds, MAX_WAIT_SECONDS) * 1e3;
+  const answer = await pollForAnswer(apiKey, result.correlationId, deadline);
+  return { answer, correlationId: result.correlationId };
+};
+var notifyApprovalNeeded = async (apiKey, input) => {
+  try {
+    await sendNotification(apiKey, {
+      title: "Agent needs approval",
+      body: describeToolCall(input.tool_name ?? "", input.tool_input ?? {}, "hook"),
+      agentName: agentNameFor(input),
+      sessionId: input.session_id,
+      machineId: getMachineId()
+    });
+  } catch {
+  }
+};
+var decidePermissionRequest = async (input) => {
+  try {
+    const apiKey = getApiKey();
+    const modeState = await fetchModeState(apiKey, input.session_id);
+    if (modeState.kill) return codexDeny(KILL_REASON);
+    const lookup = toPolicyLookup(input.tool_name ?? "", input.tool_input ?? {});
+    const policy = await getPolicy(apiKey);
+    const toolPolicy = resolvePolicy(policy, lookup.tool, modeState.mode, lookup.input);
+    if (toolPolicy.timeoutSeconds === 0 && toolPolicy.timeoutAction === "approve") return codexAllow();
+    if (toolPolicy.timeoutSeconds === 0 && toolPolicy.timeoutAction === "deny") {
+      return codexDeny(`Denied by policy for ${toolPolicy.tool}`);
+    }
+    if (toolPolicy.mode === "terminal_only") return codexPass();
+    if (toolPolicy.mode === "notify_only") {
+      await notifyApprovalNeeded(apiKey, input);
+      return codexPass();
+    }
+    const waitSeconds = toolPolicy.mode === "push_first" ? toolPolicy.pushFirstSeconds : toolPolicy.timeoutSeconds;
+    const { answer, correlationId } = await pushQuestion(apiKey, input, waitSeconds);
+    if (answer.answered) {
+      if (answer.value === "yes") {
+        if (toolPolicy.mode === "push_only") markApproved(input.tool_use_id);
+        return codexAllow();
+      }
+      return codexDeny("Denied via push notification");
+    }
+    savePendingQuestion(input.session_id || DEFAULT_SESSION, correlationId);
+    if (toolPolicy.mode === "push_first") return codexPass();
+    const decision = permissionTimeoutDecision(toolPolicy.timeoutAction);
+    if (decision.kind === "allow") markApproved(input.tool_use_id);
+    return decision;
+  } catch {
+    return codexPass();
+  }
+};
+var decidePreToolUse = async (input) => {
+  try {
+    const apiKey = getApiKey();
+    const modeState = await fetchModeState(apiKey, input.session_id);
+    if (modeState.kill) return codexDeny(KILL_REASON);
+    const lookup = toPolicyLookup(input.tool_name ?? "", input.tool_input ?? {});
+    const policy = await getPolicy(apiKey);
+    const toolPolicy = resolvePolicy(policy, lookup.tool, modeState.mode, lookup.input);
+    if (toolPolicy.timeoutSeconds === 0 && toolPolicy.timeoutAction === "approve") return codexPass();
+    if (toolPolicy.timeoutSeconds === 0 && toolPolicy.timeoutAction === "deny") {
+      return codexDeny(`Denied by policy for ${toolPolicy.tool}`);
+    }
+    if (toolPolicy.mode === "push_only") {
+      if (consumeApproval(input.tool_use_id)) return codexPass();
+      let pushed;
+      try {
+        pushed = await pushQuestion(apiKey, input, toolPolicy.timeoutSeconds);
+      } catch {
+        return preToolUseTimeoutDecision(toolPolicy.timeoutAction, "Push notification failed, denying per policy");
+      }
+      const { answer, correlationId } = pushed;
+      if (answer.answered) {
+        return answer.value === "yes" ? codexPass() : codexDeny("Denied via push notification");
+      }
+      savePendingQuestion(input.session_id || DEFAULT_SESSION, correlationId);
+      return preToolUseTimeoutDecision(toolPolicy.timeoutAction);
+    }
+    if (toolPolicy.mode === "notify_only") {
+      await notifyApprovalNeeded(apiKey, input);
+      return codexPass();
+    }
+    return codexPass();
+  } catch {
+    return codexPass();
+  }
+};
+var reportSessionStart = async (input) => {
+  try {
+    await reportEvent({
+      event: "session_begin",
+      agentType: CODEX_AGENT.type,
+      agentName: agentNameFor(input),
+      action: "Session started",
+      sessionId: input.session_id
+    }, { maxAttempts: 1, timeoutMs: 5e3 });
+  } catch {
+  }
+};
+var asToolResult = (value) => value && typeof value === "object" && !Array.isArray(value) ? value : void 0;
+var emit = (wire) => {
+  if (wire) process.stdout.write(JSON.stringify(wire));
+};
+var main = async () => {
+  let rawInput = "";
+  for await (const chunk of process.stdin) {
+    rawInput += chunk;
+  }
+  if (!rawInput.trim()) {
+    process.exit(0);
+  }
+  let input;
+  try {
+    input = JSON.parse(rawInput);
+  } catch {
+    process.exit(0);
+  }
+  try {
+    switch (input.hook_event_name) {
+      case "PermissionRequest":
+        emit(toCodexWire("PermissionRequest", await decidePermissionRequest(input)));
+        break;
+      case "PreToolUse":
+        emit(toCodexWire("PreToolUse", await decidePreToolUse(input)));
+        break;
+      case "PostToolUse":
+        await handlePostToolUse({
+          tool_name: input.tool_name ?? "",
+          tool_input: input.tool_input ?? {},
+          tool_result: asToolResult(input.tool_response),
+          cwd: input.cwd,
+          session_id: input.session_id
+        }, CODEX_AGENT);
+        break;
+      case "UserPromptSubmit":
+        await handleUserPrompt({
+          prompt: input.prompt,
+          cwd: input.cwd,
+          session_id: input.session_id
+        }, CODEX_AGENT);
+        break;
+      case "Stop":
+        await handleStop({
+          cwd: input.cwd,
+          session_id: input.session_id
+        }, CODEX_AGENT);
+        break;
+      case "SessionStart":
+        await reportSessionStart(input);
+        break;
+      default:
+        break;
+    }
+  } catch {
+  }
+};
+main();

package/dist/bin/pushary-codex.js

@@ -1,12 +1,13 @@
 #!/usr/bin/env node
 import {
   reportEvent
-} from "../chunk-AB4KX4XT.js";
+} from "../chunk-SH26ZOHU.js";
 import {
   askUser,
   getMachineId,
   waitForAnswer
-} from "../chunk-OF5WIOYS.js";
+} from "../chunk-QRXWPZKN.js";
+import "../chunk-22CV7V7A.js";
 import "../chunk-3MIR7ODJ.js";
 import {
   getApiKey
@@ -14,18 +15,24 @@ import {
 
 // bin/pushary-codex.ts
 import { basename } from "path";
+var DEPRECATION_NOTICE = "[pushary-codex] Deprecated: this is the legacy Codex notify handler. Native Codex hooks via pushary-codex-hook replace it. Run npx @pushary/agent-hooks setup to migrate.\n";
 var readStdin = async () => {
   let raw = "";
   for await (const chunk of process.stdin) raw += chunk;
   return raw;
 };
 var main = async () => {
+  if (process.argv.includes("--help") || process.argv.includes("-h")) {
+    process.stderr.write(DEPRECATION_NOTICE);
+    process.exit(0);
+  }
   const argvPayload = process.argv.slice(2).find((a) => a.trim().startsWith("{"));
   let rawInput = argvPayload ?? "";
-  if (!rawInput.trim()) {
+  if (!rawInput.trim() && !process.stdin.isTTY) {
     rawInput = await readStdin();
   }
   if (!rawInput.trim()) {
+    if (process.stdin.isTTY) process.stderr.write(DEPRECATION_NOTICE);
     process.exit(0);
   }
   let event;

package/dist/bin/pushary-doctor.js

@@ -1,7 +1,9 @@
 #!/usr/bin/env node
 import {
-  execNpm
-} from "../chunk-RSHN2AQ7.js";
+  execNpm,
+  hasCodexHooks,
+  missingCodexHookEvents
+} from "../chunk-2HMNOZPY.js";
 import {
   callMcpTool,
   sendMcpRequest
@@ -14,6 +16,7 @@ import { join } from "path";
 import { homedir } from "os";
 import { execSync } from "child_process";
 import { confirm } from "@inquirer/prompts";
+import { parse as parseTOML } from "smol-toml";
 var dim = (s) => `\x1B[2m${s}\x1B[0m`;
 var bold = (s) => `\x1B[1m${s}\x1B[0m`;
 var green = (s) => `\x1B[32m${s}\x1B[0m`;
@@ -103,9 +106,11 @@ var main = async () => {
     const hasPreHook = JSON.stringify(hooks?.PreToolUse ?? []).includes("pushary-hook");
     const hasPostHook = JSON.stringify(hooks?.PostToolUse ?? []).includes("pushary-post-hook");
     const hasStopHook = JSON.stringify(hooks?.Stop ?? []).includes("pushary-stop-hook");
+    const hasPromptHook = JSON.stringify(hooks?.UserPromptSubmit ?? []).includes("pushary-prompt-hook");
     check(hasPreHook, "Claude Code: PreToolUse hook");
     check(hasPostHook, "Claude Code: PostToolUse hook");
     check(hasStopHook, "Claude Code: Stop hook");
+    check(hasPromptHook, "Claude Code: UserPromptSubmit hook", hasPromptHook ? void 0 : "missing, re-run setup to register it");
     const preHookCommand = extractHookCommand(hooks?.PreToolUse, "pushary-hook");
     if (preHookCommand) {
       const resolves = commandResolves(preHookCommand);
@@ -122,8 +127,10 @@ var main = async () => {
     check(false, "Claude Code: settings.json", "not found");
   }
   const codexConfigPath = join(homedir(), ".codex", "config.toml");
-  if (existsSync(codexConfigPath)) {
-    const codexConfig = readFileSync(codexConfigPath, "utf-8");
+  const codexHooksPath = join(homedir(), ".codex", "hooks.json");
+  const codexHooksJson = readJson(codexHooksPath);
+  if (existsSync(codexConfigPath) || codexHooksJson) {
+    const codexConfig = existsSync(codexConfigPath) ? readFileSync(codexConfigPath, "utf-8") : "";
     const hasPusharyMcp = codexConfig.includes("[mcp_servers.pushary]");
     check(hasPusharyMcp, "Codex: MCP server configured");
     if (hasPusharyMcp) {
@@ -135,10 +142,33 @@ var main = async () => {
       }
     }
     const codexNotifyPath = codexConfig.match(/["']([^"']*pushary-codex[^"']*)["']/)?.[1] ?? null;
-    check(!!codexNotifyPath, "Codex: notify handler configured");
-    if (codexNotifyPath) {
-      const resolves = commandResolves(codexNotifyPath);
-      check(resolves, "Codex: notify handler resolves", resolves ? codexNotifyPath : `not found \u2014 ${codexNotifyPath}`);
+    const hooksInstalled = !!codexHooksJson && hasCodexHooks(codexHooksJson);
+    if (hooksInstalled) {
+      const missingEvents = missingCodexHookEvents(codexHooksJson);
+      check(missingEvents.length === 0, "Codex: native hooks installed", missingEvents.length === 0 ? "all 6 events" : `missing ${missingEvents.join(", ")}, re-run setup`);
+      const hookCommand = extractHookCommand(codexHooksJson.hooks?.PreToolUse, "pushary-codex-hook") ?? extractHookCommand(codexHooksJson.hooks?.PermissionRequest, "pushary-codex-hook");
+      if (hookCommand) {
+        const resolves = commandResolves(hookCommand);
+        check(resolves, "Codex: hook command resolves", resolves ? hookCommand : `not on PATH: ${hookCommand}`);
+      }
+      let hooksFeatureDisabled = false;
+      try {
+        const parsed = parseTOML(codexConfig);
+        const features = parsed.features;
+        hooksFeatureDisabled = !!features && typeof features === "object" && features.hooks === false;
+      } catch {
+      }
+      check(!hooksFeatureDisabled, "Codex: hooks feature enabled", hooksFeatureDisabled ? "[features].hooks = false in config.toml" : void 0);
+      if (codexNotifyPath) {
+        console.log(`  ${warn} Codex: stale legacy notify entry ${dim("(double-push risk, re-run setup to remove it)")}`);
+      }
+      console.log(`  ${warn} Codex: hooks must be trusted inside Codex ${dim("(run /hooks in Codex, cannot be verified from here)")}`);
+    } else {
+      check(!!codexNotifyPath, "Codex: notify handler configured (deprecated)", codexNotifyPath ? "upgrade Codex and re-run setup for native hooks" : "missing, re-run setup");
+      if (codexNotifyPath) {
+        const resolves = commandResolves(codexNotifyPath);
+        check(resolves, "Codex: notify handler resolves", resolves ? codexNotifyPath : `not found: ${codexNotifyPath}`);
+      }
     }
     const codexSkillPath = join(homedir(), ".codex", "skills", "pushary", "SKILL.md");
     check(existsSync(codexSkillPath), "Codex: skill installed");

package/dist/bin/pushary-hook.js

@@ -1,9 +1,9 @@
 #!/usr/bin/env node
 import {
   handlePreToolUse
-} from "../chunk-W5KRWUNE.js";
-import "../chunk-IBWCHA5M.js";
-import "../chunk-OF5WIOYS.js";
+} from "../chunk-TRLBBLSS.js";
+import "../chunk-QRXWPZKN.js";
+import "../chunk-22CV7V7A.js";
 import "../chunk-3MIR7ODJ.js";
 import "../chunk-VUNL35KE.js";
 

package/dist/bin/pushary-post-hook.js

@@ -1,8 +1,9 @@
 #!/usr/bin/env node
 import {
   handlePostToolUse
-} from "../chunk-AB4KX4XT.js";
-import "../chunk-OF5WIOYS.js";
+} from "../chunk-SH26ZOHU.js";
+import "../chunk-QRXWPZKN.js";
+import "../chunk-22CV7V7A.js";
 import "../chunk-3MIR7ODJ.js";
 import "../chunk-VUNL35KE.js";
 

package/dist/bin/pushary-prompt-hook.d.ts

@@ -0,0 +1 @@
+#!/usr/bin/env node

package/dist/bin/pushary-prompt-hook.js

@@ -0,0 +1,25 @@
+#!/usr/bin/env node
+import {
+  handleUserPrompt
+} from "../chunk-SH26ZOHU.js";
+import "../chunk-QRXWPZKN.js";
+import "../chunk-22CV7V7A.js";
+import "../chunk-3MIR7ODJ.js";
+import "../chunk-VUNL35KE.js";
+
+// bin/pushary-prompt-hook.ts
+var main = async () => {
+  let rawInput = "";
+  for await (const chunk of process.stdin) {
+    rawInput += chunk;
+  }
+  if (!rawInput.trim()) {
+    process.exit(0);
+  }
+  try {
+    const input = JSON.parse(rawInput);
+    await handleUserPrompt(input);
+  } catch {
+  }
+};
+main();

package/dist/bin/pushary-setup.js

@@ -3,14 +3,15 @@ import {
   addClaudeMcpServer,
   addPusharyHooks,
   addPusharyToolPermissions
-} from "../chunk-5GFUI5N6.js";
+} from "../chunk-5MA3CPZB.js";
 import {
+  addCodexHooks,
   execNpm,
   npmErrorMessage
-} from "../chunk-RSHN2AQ7.js";
+} from "../chunk-2HMNOZPY.js";
 import {
   isValidApiKey
-} from "../chunk-IBWCHA5M.js";
+} from "../chunk-22CV7V7A.js";
 
 // bin/pushary-setup.ts
 import { existsSync, readFileSync, writeFileSync, appendFileSync, mkdirSync, cpSync, rmSync } from "fs";
@@ -310,7 +311,7 @@ var setupClaudeCode = async (apiKey) => {
     addPusharyToolPermissions(settings);
   });
   await installGlobally();
-  await spinner("Adding hooks (PreToolUse, PostToolUse, Stop)", async () => {
+  await spinner("Adding hooks (PreToolUse, PostToolUse, UserPromptSubmit, Stop)", async () => {
     let binDir;
     try {
       binDir = join(execNpm("prefix -g --no-workspaces", { timeout: 5e3 }).toString().trim(), "bin");
@@ -396,6 +397,63 @@ var setupHermes = async (_apiKey) => {
   console.log(`  ${dim2("\u2022")} Permission gating: set ${bold2("PUSHARY_GATE_TOOLS")} to require lock-screen approval for risky tools`);
   console.log(`  ${dim2("To re-enable terminal prompts:")} remove ${bold2("clarify")} from ${dim2("agent.disabled_toolsets")} in ~/.hermes/config.yaml`);
 };
+var CODEX_HOOKS_JSON = join(homedir(), ".codex", "hooks.json");
+var CODEX_HOOKS_MIN_VERSION = [0, 122, 0];
+var parseCodexVersion = (raw) => {
+  const match = raw.match(/(\d+)\.(\d+)\.(\d+)/);
+  if (!match) return null;
+  return [Number(match[1]), Number(match[2]), Number(match[3])];
+};
+var codexSupportsHooks = () => {
+  try {
+    const raw = execSync("codex --version", { encoding: "utf-8", stdio: "pipe", timeout: 1e4 });
+    const version = parseCodexVersion(raw);
+    if (!version) return false;
+    for (let i = 0; i < 3; i++) {
+      if (version[i] > CODEX_HOOKS_MIN_VERSION[i]) return true;
+      if (version[i] < CODEX_HOOKS_MIN_VERSION[i]) return false;
+    }
+    return true;
+  } catch {
+    return false;
+  }
+};
+var removeCodexNotifyEntry = (codexConfig) => {
+  let raw = "";
+  try {
+    raw = readFileSync(codexConfig, "utf-8");
+  } catch {
+    return;
+  }
+  if (!raw.includes("pushary-codex")) return;
+  const config = parseTOML(raw);
+  if (!Array.isArray(config.notify)) return;
+  const filtered = config.notify.filter((entry) => typeof entry !== "string" || !entry.includes("pushary-codex"));
+  if (filtered.length === config.notify.length) return;
+  if (filtered.length === 0) {
+    delete config.notify;
+  } else {
+    config.notify = filtered;
+  }
+  writeFileSync(codexConfig, stringifyTOML(config), "utf-8");
+};
+var addCodexNotifyEntry = (codexConfig) => {
+  const globalPrefix = execNpm("prefix -g --no-workspaces", { timeout: 5e3 }).toString().trim();
+  const pusharyCodexPath = join(globalPrefix, "bin", "pushary-codex");
+  if (!existsSync(pusharyCodexPath)) throw new Error("pushary-codex not found at " + pusharyCodexPath);
+  let raw = "";
+  try {
+    raw = readFileSync(codexConfig, "utf-8");
+  } catch {
+  }
+  const config = raw ? parseTOML(raw) : {};
+  const notify = Array.isArray(config.notify) ? config.notify : [];
+  if (!notify.some((n) => typeof n === "string" && n.includes("pushary-codex"))) {
+    notify.push(pusharyCodexPath);
+    config.notify = notify;
+    writeFileSync(codexConfig, stringifyTOML(config), "utf-8");
+  }
+};
 var setupCodex = async (_apiKey) => {
   console.log(`
   ${bold2("Setting up Codex")}
@@ -431,29 +489,42 @@ var setupCodex = async (_apiKey) => {
     config.mcp_servers = mcpServers;
     writeFileSync(codexConfig, stringifyTOML(config), "utf-8");
   });
-  await spinner("Adding notify handler for Codex events", async () => {
-    const globalPrefix = execNpm("prefix -g --no-workspaces", { timeout: 5e3 }).toString().trim();
-    const pusharyCodexPath = join(globalPrefix, "bin", "pushary-codex");
-    if (!existsSync(pusharyCodexPath)) throw new Error("pushary-codex not found at " + pusharyCodexPath);
-    let raw = "";
-    try {
-      raw = readFileSync(codexConfig, "utf-8");
-    } catch {
-    }
-    const config = raw ? parseTOML(raw) : {};
-    const notify = Array.isArray(config.notify) ? config.notify : [];
-    if (!notify.some((n) => typeof n === "string" && n.includes("pushary-codex"))) {
-      notify.push(pusharyCodexPath);
-      config.notify = notify;
-      writeFileSync(codexConfig, stringifyTOML(config), "utf-8");
-    }
-  });
+  const hooksSupported = codexSupportsHooks();
+  if (hooksSupported) {
+    await spinner("Adding native hooks (~/.codex/hooks.json)", async () => {
+      const globalPrefix = execNpm("prefix -g --no-workspaces", { timeout: 5e3 }).toString().trim();
+      const hookCommand = join(globalPrefix, "bin", "pushary-codex-hook");
+      if (!existsSync(hookCommand)) throw new Error("pushary-codex-hook not found at " + hookCommand);
+      const hooksConfig = readJson(CODEX_HOOKS_JSON);
+      addCodexHooks(hooksConfig, hookCommand);
+      writeJson(CODEX_HOOKS_JSON, hooksConfig);
+    });
+    await spinner("Removing legacy notify handler", async () => {
+      removeCodexNotifyEntry(codexConfig);
+    });
+  } else {
+    console.log(`  ${yellow2("!")} This Codex version predates native hooks (needs ${CODEX_HOOKS_MIN_VERSION.join(".")}+).`);
+    console.log(`  ${dim2("Installing the deprecated notify handler instead. Upgrade Codex and re-run setup")}`);
+    console.log(`  ${dim2("to get policy enforcement, phone approvals, and session tracking.")}`);
+    await spinner("Adding notify handler for Codex events (deprecated)", async () => {
+      addCodexNotifyEntry(codexConfig);
+    });
+  }
   await installSkillToDir(CODEX_SKILL_DIR, "Installing Pushary skill");
   console.log();
   console.log(`  ${dim2("What this configured:")}`);
   console.log(`  ${dim2("\u2022")} MCP server: Codex can send notifications and ask questions`);
   console.log(`  ${dim2("\u2022")} Auto-allowed tools: no permission prompts for Pushary MCP calls`);
-  console.log(`  ${dim2("\u2022")} Notify handler: captures turn completions and approval requests`);
+  if (hooksSupported) {
+    console.log(`  ${dim2("\u2022")} Native hooks: phone approvals, policy enforcement, kill switch, session tracking`);
+    console.log();
+    console.log(`  ${bold2("Trust step (required):")}`);
+    console.log(`  ${dim2("1.")} Open Codex and run ${cyan2("/hooks")}`);
+    console.log(`  ${dim2("2.")} Review the Pushary hooks and trust them`);
+    console.log(`  ${dim2("Hooks stay inactive until you trust them inside Codex.")}`);
+  } else {
+    console.log(`  ${dim2("\u2022")} Notify handler (deprecated): captures turn completions and approval requests`);
+  }
 };
 var resolveBundledPlugin = () => {
   const dir = dirname(fileURLToPath(import.meta.url));
@@ -568,7 +639,7 @@ var main = async () => {
     message: "Which agents do you use? " + dim2(hint),
     choices: [
       { name: `Claude Code  ${dim2("MCP + hooks + auto-allowed tools")}`, value: "claude_code", checked: detected.claude_code },
-      { name: `Codex        ${dim2("MCP + notify handler + auto-allowed tools")}`, value: "codex", checked: detected.codex },
+      { name: `Codex        ${dim2("MCP + native hooks + auto-allowed tools")}`, value: "codex", checked: detected.codex },
       { name: `Hermes       ${dim2("native plugin + auto-error notifications")}`, value: "hermes", checked: detected.hermes },
       { name: `Cursor       ${dim2("MCP server")}`, value: "cursor", checked: detected.cursor }
     ]