codex-toolkit 0.4.1 → 0.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/installer.js +13 -0
- package/src/scope-guard.js +19 -1
package/package.json
CHANGED
package/src/installer.js
CHANGED
|
@@ -83,6 +83,19 @@ function copyHook(file) {
|
|
|
83
83
|
const dst = path.join(HOOKS_INSTALLED, file);
|
|
84
84
|
fs.copyFileSync(src, dst);
|
|
85
85
|
fs.chmodSync(dst, 0o755);
|
|
86
|
+
// Also copy the shared support modules so the installed hook can
|
|
87
|
+
// resolve its relative `import './hook-protocol.js'` etc. The hooks
|
|
88
|
+
// run from ~/.codex/hooks/ as a fresh subprocess, so they need their
|
|
89
|
+
// deps next to them — they cannot import from src/ inside the npm
|
|
90
|
+
// package because that path varies by install location.
|
|
91
|
+
for (const dep of ['hook-protocol.js', 'state-store.js']) {
|
|
92
|
+
const depSrc = path.join(HOOKS_DIR, dep);
|
|
93
|
+
const depDst = path.join(HOOKS_INSTALLED, dep);
|
|
94
|
+
if (fs.existsSync(depSrc)) {
|
|
95
|
+
fs.copyFileSync(depSrc, depDst);
|
|
96
|
+
fs.chmodSync(depDst, 0o644);
|
|
97
|
+
}
|
|
98
|
+
}
|
|
86
99
|
return dst;
|
|
87
100
|
}
|
|
88
101
|
|
package/src/scope-guard.js
CHANGED
|
@@ -33,8 +33,26 @@ import {
|
|
|
33
33
|
|
|
34
34
|
const DEFAULT_CONFIG = {
|
|
35
35
|
mode: 'enforce',
|
|
36
|
+
// Default allow: everything except the deny list. Users override this
|
|
37
|
+
// with their own scope-guard.json when they want a tighter scope.
|
|
36
38
|
allow: ['**/*'],
|
|
37
|
-
deny:
|
|
39
|
+
// Default deny: paths that almost never should be AI-edited, even when
|
|
40
|
+
// the user has not configured anything. v0.1.0–v0.4.1 had `deny: []`,
|
|
41
|
+
// which meant "default mode: enforce" was a no-op for users who never
|
|
42
|
+
// wrote a config. The P1 bug found in v0.4.1 dogfooding was that the
|
|
43
|
+
// installed hook also broke (couldn't find its deps), so users
|
|
44
|
+
// installed + doctor reported green even though real Codex sessions
|
|
45
|
+
// would never fire the guard. This default deny list means a brand
|
|
46
|
+
// new install now refuses the most common dangerous writes out of
|
|
47
|
+
// the box, which matches the README's "default mode: enforce" claim.
|
|
48
|
+
deny: [
|
|
49
|
+
'.env',
|
|
50
|
+
'.env.*',
|
|
51
|
+
'**/.env',
|
|
52
|
+
'**/.env.*',
|
|
53
|
+
'**/secrets/**',
|
|
54
|
+
'**/.git/**',
|
|
55
|
+
],
|
|
38
56
|
log: true,
|
|
39
57
|
};
|
|
40
58
|
|