agent-blocked 0.1.5 → 0.1.9

package/README.md

@@ -16,7 +16,9 @@ Report a blocker manually:
 npx agent-blocked@latest report --event=needs_direction --severity=medium --reason="Need human direction"
 ```
 
-The installer adds a small `.agent-blocked/` directory plus tool-specific config or instruction files for the selected agent tools. Those files tell the agent when to escalate during goal mode, autonomous mode, background execution, hook-driven automation, CI-style runs, or another CLI-specific automated mode. They also provide a local reporter command that sends blocker events to your Agent Blocked alert profile.
+The installer adds a small `.agent-blocked/` directory plus tool-specific config, hooks, or instruction files for the selected agent tools. Those files tell the agent when to escalate during goal mode, autonomous mode, background execution, hook-driven automation, CI-style runs, or another CLI-specific automated mode. They also provide a local reporter command that sends blocker events to your Agent Blocked alert profile.
+
+For tools with native hooks, such as Claude Code and Codex, installing the adapter turns the hook on for that project. Make sure `AGENT_BLOCKED_AGENT_TOKEN` is available in the shell or secret store used by the agent.
 
 Agents should not notify during normal interactive paired work when the human is already present and responding in the current conversation. In automated modes, agents should notify when continuing would waste time, create risk, or require a decision only the human can make:
 
@@ -39,7 +41,21 @@ Agents can report through the installed local reporter:
 node .agent-blocked/report.mjs --event=needs_credentials --severity=critical --reason="Missing deploy credentials"
 ```
 
-Codex can also be run through the wrapper so hard stops are reported automatically:
+Codex hook reporting is installed by `npx agent-blocked@latest install --tool=codex`. Restart Codex or start a new Codex session after installation so the hook config is loaded.
+
+If you already had a Codex session open in that repo, exit the old session and choose the session to resume with:
+
+```bash
+npx agent-blocked@latest restart --tool=codex
+```
+
+To skip the picker and resume the most recent session:
+
+```bash
+npx agent-blocked@latest restart --tool=codex --last
+```
+
+Codex can also be run through the wrapper when you want hard process exits reported:
 
 ```bash
 npx agent-blocked@latest codex -- codex "implement the requested change"

package/bin/agent-blocked.mjs

@@ -154,6 +154,119 @@ try {
 }
 `;
 
+const codexHookScript = `#!/usr/bin/env node
+
+let input = "";
+process.stdin.setEncoding("utf8");
+for await (const chunk of process.stdin) input += chunk;
+
+let event = {};
+try {
+  event = input ? JSON.parse(input) : {};
+} catch {
+  event = {};
+}
+
+const webhookUrl = process.env.AGENT_BLOCKED_WEBHOOK_URL || "https://agentblocked.com/api/agent-blocked";
+const token = process.env.AGENT_BLOCKED_AGENT_TOKEN;
+const agentId = process.env.AGENT_NAME || "codex";
+
+if (!token) process.exit(0);
+
+function pick(...values) {
+  return values.find((value) => value !== undefined && value !== null && value !== "");
+}
+
+function hookEventName(payload) {
+  return pick(payload.hook_event_name, payload.hookEventName, payload.event_name, payload.eventName, payload.event, payload.type, "");
+}
+
+function toolName(payload) {
+  return pick(payload.tool_name, payload.toolName, payload.tool, payload.tool_call?.name, payload.toolCall?.name, "");
+}
+
+function exitCode(payload) {
+  return pick(
+    payload.exit_code,
+    payload.exitCode,
+    payload.result?.exit_code,
+    payload.result?.exitCode,
+    payload.tool_result?.exit_code,
+    payload.toolResult?.exitCode
+  );
+}
+
+function failed(payload) {
+  if (payload.success === false || payload.ok === false) return true;
+  if (payload.error || payload.error_message || payload.errorMessage) return true;
+  const code = exitCode(payload);
+  return code !== undefined && code !== null && Number(code) !== 0;
+}
+
+function commandText(payload) {
+  return pick(
+    payload.command,
+    payload.cmd,
+    payload.tool_input?.cmd,
+    payload.toolInput?.cmd,
+    payload.tool_input?.command,
+    payload.toolInput?.command,
+    ""
+  );
+}
+
+const eventName = hookEventName(event);
+const tool = toolName(event);
+let payload = null;
+
+if (eventName === "PermissionRequest" || /permission/i.test(eventName)) {
+  payload = {
+    eventType: "approval_required",
+    severity: "medium",
+    reason: \`Codex requested approval\${tool ? \` for \${tool}\` : ""}.\`
+  };
+} else if ((eventName === "PostToolUse" || /post.*tool/i.test(eventName)) && failed(event)) {
+  const code = exitCode(event);
+  payload = {
+    eventType: "tool_failure",
+    severity: "medium",
+    reason: \`Codex tool failed\${tool ? \` during \${tool}\` : ""}\${code !== undefined ? \` with exit code \${code}\` : ""}.\`
+  };
+}
+
+if (!payload) process.exit(0);
+
+const details = {
+  hookEventName: eventName || "unknown",
+  toolName: tool || undefined,
+  command: commandText(event) || undefined,
+  cwd: event.cwd,
+  sessionId: event.session_id || event.sessionId,
+  threadId: event.thread_id || event.threadId,
+  exitCode: exitCode(event)
+};
+
+try {
+  await fetch(webhookUrl, {
+    method: "POST",
+    headers: {
+      authorization: \`Bearer \${token}\`,
+      "content-type": "application/json"
+    },
+    body: JSON.stringify({
+      agentId,
+      ...payload,
+      details: JSON.stringify(details),
+      provider: "openai",
+      model: "codex",
+      runId: details.sessionId || details.threadId
+    })
+  });
+} catch {
+  // Hooks should not break Codex when notification delivery fails.
+}
+`;
+
 const instructions = `# Agent Blocked instructions for coding agents
 
 Use Agent Blocked only when this agent is running without an actively engaged human in the loop, such as goal mode, autonomous mode, background execution, hook-driven automation, CI-style runs, or another CLI-specific automated mode.
@@ -176,6 +289,14 @@ Environment expected by the report command:
 export AGENT_BLOCKED_AGENT_TOKEN="your-scoped-token"
 \`\`\`
 
+For Codex hook-based automatic reporting, install the Codex adapter and restart Codex or start a new Codex session so the hook config is loaded:
+
+\`\`\`bash
+npx agent-blocked@latest install --tool=codex
+\`\`\`
+
+The hook only reports matching hook events such as approval requests and failed tool calls.
+
 Event types:
 
 - hard_blocked: no productive path remains without human input.
@@ -250,6 +371,37 @@ function mergeClaudeSettings(path, settings) {
   console.log(`Updated ${path} with Agent Blocked hooks.`);
 }
 
+function mergeCodexHooks(path, config) {
+  let currentConfig = {};
+  let currentHooks = {};
+
+  if (existsSync(path)) {
+    const existingRaw = readFileSync(path, "utf8");
+    try {
+      const parsed = JSON.parse(existingRaw);
+      currentConfig = parsed && typeof parsed === "object" ? parsed : {};
+      currentHooks = currentConfig.hooks && typeof currentConfig.hooks === "object" ? currentConfig.hooks : {};
+    } catch {
+      console.log(`Could not parse ${path}. Wrote example file for manual merge instead.`);
+      writeFileIfMissing(join(root, ".codex", "hooks.agent-blocked.example.json"), `${JSON.stringify(config, null, 2)}\n`);
+      return;
+    }
+  }
+
+  const mergedHooks = { ...currentHooks };
+  for (const [eventName, hooks] of Object.entries(config.hooks || {})) {
+    mergedHooks[eventName] = mergeHookEntries(
+      Array.isArray(mergedHooks[eventName]) ? mergedHooks[eventName] : [],
+      hooks || []
+    );
+  }
+
+  currentConfig.hooks = mergedHooks;
+  mkdirSync(dirname(path), { recursive: true });
+  writeFileSync(path, `${JSON.stringify(currentConfig, null, 2)}\n`);
+  console.log(`Updated ${path} with Agent Blocked hooks.`);
+}
+
 function upsertMarkedSection(path, title) {
   const section = `${markerStart}
 ## ${title}
@@ -295,6 +447,26 @@ function installClaude() {
 }
 
 function installCodex() {
+  writeFileIfMissing(join(root, ".agent-blocked", "codex-hook.mjs"), codexHookScript);
+  const hooks = {
+    hooks: {
+      PermissionRequest: [
+        {
+          matcher: "*",
+          hooks: [{ type: "command", command: "node \"$(git rev-parse --show-toplevel 2>/dev/null || pwd)/.agent-blocked/codex-hook.mjs\"" }]
+        }
+      ],
+      PostToolUse: [
+        {
+          matcher: "*",
+          hooks: [{ type: "command", command: "node \"$(git rev-parse --show-toplevel 2>/dev/null || pwd)/.agent-blocked/codex-hook.mjs\"" }]
+        }
+      ]
+    }
+  };
+
+  writeFileIfMissing(join(root, ".codex", "hooks.agent-blocked.example.json"), `${JSON.stringify(hooks, null, 2)}\n`);
+  mergeCodexHooks(join(root, ".codex", "hooks.json"), hooks);
   upsertMarkedSection(join(root, "AGENTS.md"), "Codex Agent Blocked setup");
 }
 
@@ -328,6 +500,10 @@ function install() {
   }
 
   console.log("\nNext: set AGENT_BLOCKED_AGENT_TOKEN in the shell or secret store where your agent runs.");
+  if (selected.includes("codex")) {
+    console.log("Codex hook reporting is installed. Restart Codex or start a new Codex session if it was already running.");
+    console.log("To choose an existing Codex session with hooks loaded, run: npx agent-blocked@latest restart --tool=codex");
+  }
   console.log("Manual report command: node .agent-blocked/report.mjs --event=needs_direction --severity=medium --reason=\"Need human direction\"");
 }
 
@@ -374,7 +550,11 @@ async function codex() {
   const command = args[0] || "codex";
   const commandArgs = args[0] ? args.slice(1) : [];
 
-  const child = spawn(command, commandArgs, { stdio: "inherit", shell: false });
+  const child = spawn(command, commandArgs, {
+    stdio: "inherit",
+    shell: false,
+    env: process.env
+  });
   const code = await new Promise((resolve) => child.on("close", resolve));
 
   if (code && process.env.AGENT_BLOCKED_AGENT_TOKEN) {
@@ -393,6 +573,30 @@ async function codex() {
   process.exit(code || 0);
 }
 
+async function restart() {
+  const tool = arg("tool", "codex").toLowerCase();
+  if (tool !== "codex") {
+    console.error("Restart helper currently supports --tool=codex.");
+    process.exit(1);
+  }
+
+  const resumeArgs = hasFlag("last") ? ["resume", "--last"] : ["resume"];
+  console.log(
+    hasFlag("last")
+      ? "Starting a fresh Codex process with the most recent session. Exit the old Codex session first if it is still open."
+      : "Starting a fresh Codex process with the session picker. Exit the old Codex session first if it is still open."
+  );
+  process.argv = [
+    process.argv[0],
+    process.argv[1],
+    "codex",
+    "--",
+    "codex",
+    ...resumeArgs
+  ];
+  await codex();
+}
+
 function help() {
   console.log(`Agent Blocked CLI
 
@@ -400,9 +604,12 @@ Usage:
   agent-blocked install --tool=claude|codex|gemini|aider|all
   agent-blocked report --event=needs_direction --severity=medium --reason="Need human help"
   agent-blocked codex -- codex "your task"
+  agent-blocked restart --tool=codex [--last]
 
 Examples:
   npx agent-blocked@latest install --tool=all
+  npx agent-blocked@latest restart --tool=codex
+  npx agent-blocked@latest restart --tool=codex --last
   npx agent-blocked@latest report --event=needs_credentials --severity=critical --reason="Missing AWS credentials"
 `);
 }
@@ -417,6 +624,9 @@ switch (commandName()) {
   case "codex":
     await codex();
     break;
+  case "restart":
+    await restart();
+    break;
   default:
     help();
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agent-blocked",
-  "version": "0.1.5",
+  "version": "0.1.9",
   "description": "CLI installer and reporter for Agent Blocked AI agent escalation alerts.",
   "type": "module",
   "bin": {