npm - failproofai - Versions diffs - 0.0.7 → 0.0.9-beta.0 - Mend

failproofai 0.0.7 → 0.0.9-beta.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (130) hide show

package/src/hooks/manager.ts CHANGED Viewed

@@ -1,19 +1,20 @@
 /**
- * Install/remove/list failproofai hooks in Claude Code's settings.
+ * Install/remove/list failproofai hooks for one or more agent CLIs.
+ *
+ * Per-CLI path resolution and settings I/O live in `./integrations` (one
+ * `Integration` impl per CLI). This module orchestrates: validation, policy
+ * selection, telemetry, multi-scope warnings, and console output.
  */
 import { execSync } from "node:child_process";
-import { readFileSync, writeFileSync, existsSync, mkdirSync } from "node:fs";
-import { resolve, dirname, basename } from "node:path";
+import { existsSync } from "node:fs";
+import { resolve, basename } from "node:path";
 import { homedir, platform, arch, release, hostname } from "node:os";
 import {
-  HOOK_EVENT_TYPES,
   HOOK_SCOPES,
-  FAILPROOFAI_HOOK_MARKER,
   type HookScope,
-  type ClaudeHookEntry,
-  type ClaudeHookMatcher,
-  type ClaudeSettings,
+  type IntegrationType,
 } from "./types";
+import { claudeCode, getIntegration } from "./integrations";
 import { promptPolicySelection } from "./install-prompt";
 import { readMergedHooksConfig, readScopedHooksConfig, writeScopedHooksConfig } from "./hooks-config";
 import type { HooksConfig } from "./policy-types";
@@ -25,16 +26,9 @@ import { CliError } from "../cli-error";
 const VALID_POLICY_NAMES = new Set(BUILTIN_POLICIES.map((p) => p.name));
+/** Settings path for the Claude Code integration. Kept as a public export for `app/actions/get-hooks-config.ts`. */
 export function getSettingsPath(scope: HookScope, cwd?: string): string {
-  const base = cwd ? resolve(cwd) : process.cwd();
-  switch (scope) {
-    case "user":
-      return resolve(homedir(), ".claude", "settings.json");
-    case "project":
-      return resolve(base, ".claude", "settings.json");
-    case "local":
-      return resolve(base, ".claude", "settings.local.json");
-  }
+  return claudeCode.getSettingsPath(scope, cwd);
 }
 function scopeLabel(scope: HookScope): string {
@@ -48,20 +42,11 @@ function scopeLabel(scope: HookScope): string {
   }
 }
-function readSettings(settingsPath: string): ClaudeSettings {
-  if (!existsSync(settingsPath)) {
-    return {};
-  }
-  const raw = readFileSync(settingsPath, "utf8");
-  return JSON.parse(raw) as ClaudeSettings;
-}
-function writeSettings(settingsPath: string, settings: ClaudeSettings): void {
-  mkdirSync(dirname(settingsPath), { recursive: true });
-  writeFileSync(settingsPath, JSON.stringify(settings, null, 2) + "\n", "utf8");
-}
 function resolveFailproofaiBinary(): string {
+  // Test/CI override: lets E2E tests point at the in-tree bin/failproofai.mjs
+  // without requiring `npm install -g` or `bun link`.
+  const override = process.env.FAILPROOFAI_BINARY_OVERRIDE;
+  if (override && override.trim()) return override.trim();
   try {
     const cmd = process.platform === "win32" ? "where failproofai" : "which failproofai";
     const result = execSync(cmd, { encoding: "utf8" }).trim();
@@ -75,13 +60,6 @@ function resolveFailproofaiBinary(): string {
   }
 }
-function isFailproofaiHook(hook: Record<string, unknown>): boolean {
-  if (hook[FAILPROOFAI_HOOK_MARKER] === true) return true;
-  // Fallback for legacy installs that predate the marker
-  const cmd = typeof hook.command === "string" ? hook.command : "";
-  return cmd.includes("failproofai") && cmd.includes("--hook");
-}
 function validatePolicyNames(names: string[]): void {
   const invalid = names.filter((n) => !VALID_POLICY_NAMES.has(n));
   if (invalid.length > 0) {
@@ -105,67 +83,7 @@ function deduplicateScopes(scopes: readonly HookScope[], cwd?: string): HookScop
 }
 export function hooksInstalledInSettings(scope: HookScope, cwd?: string): boolean {
-  const settingsPath = getSettingsPath(scope, cwd);
-  if (!existsSync(settingsPath)) return false;
-  try {
-    const settings = readSettings(settingsPath);
-    if (!settings.hooks) return false;
-    for (const matchers of Object.values(settings.hooks)) {
-      if (!Array.isArray(matchers)) continue;
-      for (const matcher of matchers) {
-        if (!matcher.hooks) continue;
-        if (matcher.hooks.some((h) => isFailproofaiHook(h as Record<string, unknown>))) {
-          return true;
-        }
-      }
-    }
-  } catch {
-    // Corrupted settings — treat as not installed
-  }
-  return false;
-}
-function removeHooksFromSettingsFile(settingsPath: string): number {
-  const settings = readSettings(settingsPath);
-  if (!settings.hooks) return 0;
-  let removed = 0;
-  for (const eventType of Object.keys(settings.hooks)) {
-    const matchers = settings.hooks[eventType];
-    if (!Array.isArray(matchers)) continue;
-    for (let i = matchers.length - 1; i >= 0; i--) {
-      const matcher = matchers[i];
-      if (!matcher.hooks) continue;
-      const before = matcher.hooks.length;
-      matcher.hooks = matcher.hooks.filter(
-        (h) => !isFailproofaiHook(h as Record<string, unknown>)
-      );
-      removed += before - matcher.hooks.length;
-      // Remove empty matchers
-      if (matcher.hooks.length === 0) {
-        matchers.splice(i, 1);
-      }
-    }
-    // Remove empty event type arrays
-    if (matchers.length === 0) {
-      delete settings.hooks[eventType];
-    }
-  }
-  // Remove empty hooks object
-  if (Object.keys(settings.hooks).length === 0) {
-    delete settings.hooks;
-  }
-  writeSettings(settingsPath, settings);
-  return removed;
+  return claudeCode.hooksInstalledInSettings(scope, cwd);
 }
 /**
@@ -185,6 +103,7 @@ export async function installHooks(
   source?: string,
   customPoliciesPath?: string,
   removeCustomHooks = false,
+  cli?: IntegrationType[],
 ): Promise<void> {
   // Validate user input first before any system checks
   if (policyNames !== undefined && policyNames.length > 0) {
@@ -200,6 +119,21 @@ export async function installHooks(
     }
   }
+  // Back-compat default: ["claude"]. Callers (bin/failproofai.mjs) prompt
+  // the user for multi-CLI selection before reaching here when --cli is omitted.
+  const selectedClis: IntegrationType[] = cli && cli.length > 0 ? [...new Set(cli)] : ["claude"];
+  // Per-CLI scope validation: Codex doesn't have a "local" scope.
+  for (const cliId of selectedClis) {
+    const integration = getIntegration(cliId);
+    if (!integration.scopes.includes(scope)) {
+      throw new CliError(
+        `Scope "${scope}" is not supported by ${integration.displayName}. ` +
+          `Valid scopes: ${integration.scopes.join(", ")}`
+      );
+    }
+  }
   const binaryPath = resolveFailproofaiBinary();
   // Capture existing config before overwriting (used for telemetry diff)
@@ -259,52 +193,17 @@ export async function installHooks(
     console.log(`Custom hooks path: ${configToWrite.customPoliciesPath}`);
   }
-  const settingsPath = getSettingsPath(scope, cwd);
-  const settings = readSettings(settingsPath);
-  if (!settings.hooks) {
-    settings.hooks = {};
+  // Write hooks for each selected CLI
+  const writtenSettingsPaths: { cli: IntegrationType; path: string }[] = [];
+  for (const cliId of selectedClis) {
+    const integration = getIntegration(cliId);
+    const settingsPath = integration.getSettingsPath(scope, cwd);
+    const settings = integration.readSettings(settingsPath);
+    integration.writeHookEntries(settings, binaryPath, scope);
+    integration.writeSettings(settingsPath, settings);
+    writtenSettingsPaths.push({ cli: cliId, path: settingsPath });
   }
-  for (const eventType of HOOK_EVENT_TYPES) {
-    const command = scope === "project"
-      ? `npx -y failproofai --hook ${eventType}`
-      : `"${binaryPath}" --hook ${eventType}`;
-    const hookEntry: ClaudeHookEntry = {
-      type: "command",
-      command,
-      timeout: 60_000,
-      [FAILPROOFAI_HOOK_MARKER]: true,
-    };
-    if (!settings.hooks[eventType]) {
-      settings.hooks[eventType] = [];
-    }
-    const matchers: ClaudeHookMatcher[] = settings.hooks[eventType];
-    // Find existing failproofai matcher
-    let found = false;
-    for (const matcher of matchers) {
-      if (!matcher.hooks) continue;
-      const failproofaiIdx = matcher.hooks.findIndex((h: ClaudeHookEntry | Record<string, unknown>) =>
-        isFailproofaiHook(h as Record<string, unknown>)
-      );
-      if (failproofaiIdx >= 0) {
-        matcher.hooks[failproofaiIdx] = hookEntry;
-        found = true;
-        break;
-      }
-    }
-    if (!found) {
-      // Append a new matcher with the failproofai hook
-      matchers.push({ hooks: [hookEntry] });
-    }
-  }
-  writeSettings(settingsPath, settings);
   // Telemetry: track successful hook installation (with diff vs previous config)
   try {
     const newSet = new Set(selectedPolicies);
@@ -313,6 +212,8 @@ export async function installHooks(
     const distinctId = getInstanceId();
     await trackHookEvent(distinctId, "hooks_installed", {
       scope,
+      cli: selectedClis,
+      cli_count: selectedClis.length,
       policies: selectedPolicies,
       policy_count: selectedPolicies.length,
       policies_added: policiesAdded,
@@ -331,8 +232,14 @@ export async function installHooks(
     // Telemetry is best-effort — never block the operation
   }
-  console.log(`Failproof AI hooks installed for all ${HOOK_EVENT_TYPES.length} event types (scope: ${scope}).`);
-  console.log(`Settings: ${settingsPath}`);
+  for (const { cli: cliId, path } of writtenSettingsPaths) {
+    const integration = getIntegration(cliId);
+    console.log(
+      `Failproof AI hooks installed for ${integration.displayName} ` +
+        `(${integration.eventTypes.length} event types, scope: ${scope}).`
+    );
+    console.log(`Settings: ${path}`);
+  }
   if (scope === "project") {
     console.log(`Command:  npx -y failproofai`);
     console.log(`\nThis file can be committed to git — no machine-specific paths.`);
@@ -340,7 +247,7 @@ export async function installHooks(
     console.log(`Binary:   ${binaryPath}`);
   }
-  // Warn about duplicate-scope installations
+  // Warn about duplicate-scope installations (Claude Code only — uses HOOK_SCOPES)
   const otherScopes = deduplicateScopes(HOOK_SCOPES, cwd).filter((s) => s !== scope);
   const duplicates = otherScopes.filter((s) => hooksInstalledInSettings(s, cwd));
   if (duplicates.length > 0) {
@@ -362,9 +269,13 @@ export async function installHooks(
  * @param scope — settings scope to remove from (default: "user"), or "all" to remove from all scopes
  * @param opts.betaOnly — set to true when removing only beta policies (adds beta_only flag to telemetry)
  */
-export async function removeHooks(policyNames?: string[], scope: HookScope | "all" = "user", cwd?: string, opts?: { betaOnly?: boolean; source?: string; removeCustomHooks?: boolean }): Promise<void> {
+export async function removeHooks(policyNames?: string[], scope: HookScope | "all" = "user", cwd?: string, opts?: { betaOnly?: boolean; source?: string; removeCustomHooks?: boolean; cli?: IntegrationType[] }): Promise<void> {
   // Resolve the effective config scope ("all" falls back to "user" for config reads/writes)
   const configScope: HookScope = scope === "all" ? "user" : scope;
+  // Back-compat default: ["claude"]. The bin layer prompts for CLI selection
+  // when --cli is omitted and an interactive TTY is attached.
+  const selectedClis: IntegrationType[] =
+    opts?.cli && opts.cli.length > 0 ? [...new Set(opts.cli)] : ["claude"];
   // Clear custom hooks path if requested
   if (opts?.removeCustomHooks) {
@@ -401,6 +312,7 @@ export async function removeHooks(policyNames?: string[], scope: HookScope | "al
       const actuallyRemoved = policyNames.filter((p) => config.enabledPolicies.includes(p));
       await trackHookEvent(distinctId, "hooks_removed", {
         scope,
+        cli: selectedClis,
         removal_mode: opts?.betaOnly ? "beta_policies" : "policies",
         beta_only: opts?.betaOnly ?? false,
         policies_removed: actuallyRemoved,
@@ -423,44 +335,56 @@ export async function removeHooks(policyNames?: string[], scope: HookScope | "al
   // Capture enabled policies before clearing (used for accurate telemetry below)
   const configBeforeRemoval = readScopedHooksConfig(configScope, cwd);
-  // Remove all failproofai hooks from Claude Code settings
-  const scopesToRemove: HookScope[] = scope === "all" ? [...HOOK_SCOPES] : [scope];
+  // Remove failproofai hooks from each selected CLI's settings file(s)
   let totalRemoved = 0;
+  let nothingToReport = false;
+  for (const cliId of selectedClis) {
+    const integration = getIntegration(cliId);
+    // For "all" scope, iterate over the integration's scopes; otherwise, only
+    // touch the single scope (skipping CLIs that don't support it).
+    const scopesToRemove: HookScope[] =
+      scope === "all"
+        ? [...integration.scopes]
+        : integration.scopes.includes(scope)
+          ? [scope]
+          : [];
-  for (const s of scopesToRemove) {
-    const settingsPath = getSettingsPath(s, cwd);
+    for (const s of scopesToRemove) {
+      const settingsPath = integration.getSettingsPath(s, cwd);
-    if (!existsSync(settingsPath)) {
-      if (scope !== "all") {
-        console.log("No settings file found. Nothing to remove.");
-        return;
+      if (!existsSync(settingsPath)) {
+        if (scope !== "all" && selectedClis.length === 1) {
+          console.log("No settings file found. Nothing to remove.");
+          nothingToReport = true;
+        }
+        continue;
       }
-      continue;
-    }
-    const settings = readSettings(settingsPath);
-    if (!settings.hooks) {
-      if (scope !== "all") {
+      const removed = integration.removeHooksFromFile(settingsPath);
+      if (removed === 0 && scope !== "all" && selectedClis.length === 1) {
         console.log("No hooks found in settings. Nothing to remove.");
-        return;
+        nothingToReport = true;
+        continue;
       }
-      continue;
-    }
+      totalRemoved += removed;
-    const removed = removeHooksFromSettingsFile(settingsPath);
-    totalRemoved += removed;
-    if (scope !== "all") {
-      console.log(`Removed ${removed} failproofai hook(s) from settings.`);
-      console.log(`Settings: ${settingsPath}`);
+      if (scope !== "all") {
+        console.log(`Removed ${removed} failproofai hook(s) from ${integration.displayName} settings.`);
+        console.log(`Settings: ${settingsPath}`);
+      }
     }
   }
+  if (nothingToReport && totalRemoved === 0) return;
   if (scope === "all") {
     console.log(`Removed ${totalRemoved} failproofai hook(s) from all scopes.`);
-    for (const s of scopesToRemove) {
-      console.log(`  ${s}: ${getSettingsPath(s, cwd)}`);
+    for (const cliId of selectedClis) {
+      const integration = getIntegration(cliId);
+      for (const s of integration.scopes) {
+        console.log(`  ${integration.displayName} / ${s}: ${integration.getSettingsPath(s, cwd)}`);
+      }
     }
   }
@@ -469,6 +393,7 @@ export async function removeHooks(policyNames?: string[], scope: HookScope | "al
     const distinctId = getInstanceId();
     await trackHookEvent(distinctId, "hooks_removed", {
       scope,
+      cli: selectedClis,
       removal_mode: "hooks",
       policies_removed: configBeforeRemoval.enabledPolicies,
       removed_count: totalRemoved,

package/src/hooks/policy-evaluator.ts CHANGED Viewed

@@ -76,6 +76,7 @@ export async function evaluatePolicies(
     toolName,
     toolInput,
     session,
+    cli: session?.cli,
   };
   // Track all instruct results (accumulated, does not short-circuit)
@@ -137,6 +138,28 @@ export async function evaluatePolicies(
         };
       }
+      if (eventType === "PermissionRequest") {
+        // Codex-only: hookSpecificOutput.decision.behavior = "allow" | "deny"
+        // (per https://developers.openai.com/codex/hooks#permissionrequest).
+        const response = {
+          hookSpecificOutput: {
+            hookEventName: eventType,
+            decision: {
+              behavior: "deny",
+              message: `Blocked ${displayTool} by failproofai because: ${reason}, as per the policy configured by the user`,
+            },
+          },
+        };
+        return {
+          exitCode: 0,
+          stdout: JSON.stringify(response),
+          stderr: "",
+          policyName: policy.name,
+          reason,
+          decision: "deny",
+        };
+      }
       if (eventType === "PostToolUse") {
         const response = {
           hookSpecificOutput: {
@@ -235,7 +258,11 @@ export async function evaluatePolicies(
   if (allowEntries.length > 0) {
     const combined = allowEntries.map((e) => e.reason).join("\n");
     const policyNames = allowEntries.map((e) => e.policyName);
-    const supportsHookSpecificOutput = eventType === "PreToolUse" || eventType === "PostToolUse" || eventType === "UserPromptSubmit";
+    const supportsHookSpecificOutput =
+      eventType === "PreToolUse" ||
+      eventType === "PostToolUse" ||
+      eventType === "UserPromptSubmit" ||
+      eventType === "PermissionRequest";
     const response = supportsHookSpecificOutput
       ? { hookSpecificOutput: { hookEventName: eventType, additionalContext: `Note from failproofai: ${combined}` } }
       : { reason: combined };

package/src/hooks/policy-types.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 /**
  * Types for the hook policy system.
  */
-import type { HookEventType, SessionMetadata } from "./types";
+import type { HookEventType, IntegrationType, SessionMetadata } from "./types";
 export type PolicyDecision = "allow" | "deny" | "instruct";
@@ -12,6 +12,8 @@ export interface PolicyContext {
   toolInput?: Record<string, unknown>;
   session?: SessionMetadata;
   params?: Record<string, unknown>;
+  /** Which agent CLI fired this hook. Mirrors session.cli; exposed at the top level for ergonomics. */
+  cli?: IntegrationType;
 }
 export interface PolicyResult {

package/src/hooks/resolve-permission-mode.ts ADDED Viewed

@@ -0,0 +1,147 @@
+/**
+ * Per-CLI permission mode resolver.
+ *
+ *   • Claude Code: reads `permission_mode` directly from the hook stdin payload.
+ *     Possible values per `claude --help`: acceptEdits, auto, bypassPermissions,
+ *     default, dontAsk, plan.
+ *
+ *   • Codex: stdin doesn't carry the permission mode. We walk
+ *     ~/.codex/sessions/<YYYY>/<MM>/<DD>/<file containing sessionId>.jsonl
+ *     looking for a `turn_context` record whose payload has `approval_policy`,
+ *     and map: never → full-auto, on-request → default. Other values pass
+ *     through. If the transcript can't be read, falls back to "default".
+ *
+ *     Hot-path note: handleHookEvent calls this for every Codex tool use. To
+ *     avoid an O(history-size) tree scan, we (1) try today + yesterday's date
+ *     directories first (transcripts for an active session live there in the
+ *     common case), (2) cache the resolved transcript path to disk keyed by
+ *     sessionId so subsequent hooks in the same session skip the walk entirely.
+ */
+import { readFileSync, readdirSync, existsSync, writeFileSync, mkdirSync } from "node:fs";
+import { dirname, join } from "node:path";
+import { homedir } from "node:os";
+import type { IntegrationType } from "./types";
+export function resolvePermissionMode(
+  integration: IntegrationType,
+  parsed: Record<string, unknown>,
+  sessionId: string | undefined,
+): string {
+  if (integration === "claude") {
+    return (parsed.permission_mode as string | undefined) ?? "default";
+  }
+  if (integration === "codex" && sessionId) {
+    return resolveCodexMode(sessionId) ?? "default";
+  }
+  return "default";
+}
+const CACHE_PATH = join(homedir(), ".failproofai", "cache", "codex-session-paths.json");
+function readCache(): Record<string, string> {
+  try {
+    if (!existsSync(CACHE_PATH)) return {};
+    return JSON.parse(readFileSync(CACHE_PATH, "utf-8")) as Record<string, string>;
+  } catch {
+    return {};
+  }
+}
+function writeCacheEntry(sessionId: string, path: string): void {
+  try {
+    mkdirSync(dirname(CACHE_PATH), { recursive: true });
+    const cache = readCache();
+    cache[sessionId] = path;
+    writeFileSync(CACHE_PATH, JSON.stringify(cache), "utf-8");
+  } catch {
+    // Cache is best-effort — never block the hook on a write failure.
+  }
+}
+function dirSearch(dir: string, sessionId: string): string | null {
+  try {
+    for (const f of readdirSync(dir, { withFileTypes: true })) {
+      if (f.isFile() && f.name.includes(sessionId) && f.name.endsWith(".jsonl")) {
+        return join(dir, f.name);
+      }
+    }
+  } catch {
+    // dir doesn't exist or unreadable
+  }
+  return null;
+}
+function findCodexTranscriptSync(sessionId: string): string | null {
+  // 1) Cache hit — fastest path, O(1).
+  const cache = readCache();
+  const cached = cache[sessionId];
+  if (cached && existsSync(cached)) return cached;
+  const root = join(homedir(), ".codex", "sessions");
+  // 2) Today + yesterday (covers the active-session common case).
+  const today = new Date();
+  const yesterday = new Date(today.getTime() - 24 * 60 * 60 * 1000);
+  const datedDirs = [today, yesterday].map((d) => {
+    const y = String(d.getUTCFullYear());
+    const m = String(d.getUTCMonth() + 1).padStart(2, "0");
+    const day = String(d.getUTCDate()).padStart(2, "0");
+    return join(root, y, m, day);
+  });
+  for (const dir of datedDirs) {
+    const hit = dirSearch(dir, sessionId);
+    if (hit) {
+      writeCacheEntry(sessionId, hit);
+      return hit;
+    }
+  }
+  // 3) Fallback — full tree scan (rare; older or out-of-clock-skew sessions).
+  try {
+    for (const y of readdirSync(root, { withFileTypes: true })) {
+      if (!y.isDirectory()) continue;
+      for (const m of readdirSync(join(root, y.name), { withFileTypes: true })) {
+        if (!m.isDirectory()) continue;
+        for (const d of readdirSync(join(root, y.name, m.name), { withFileTypes: true })) {
+          if (!d.isDirectory()) continue;
+          const hit = dirSearch(join(root, y.name, m.name, d.name), sessionId);
+          if (hit) {
+            writeCacheEntry(sessionId, hit);
+            return hit;
+          }
+        }
+      }
+    }
+  } catch {
+    // Session may not have flushed yet; or path doesn't exist.
+  }
+  return null;
+}
+function resolveCodexMode(sessionId: string): string | undefined {
+  try {
+    const path = findCodexTranscriptSync(sessionId);
+    if (!path) return undefined;
+    for (const line of readFileSync(path, "utf-8").split("\n")) {
+      if (!line.includes("turn_context")) continue;
+      try {
+        const obj = JSON.parse(line) as Record<string, unknown>;
+        if (obj.type === "turn_context") {
+          const policy = (obj.payload as Record<string, unknown> | undefined)?.approval_policy as
+            | string
+            | undefined;
+          if (policy === "never") return "full-auto";
+          if (policy === "on-request") return "default";
+          if (policy) return policy;
+        }
+      } catch {
+        // skip malformed line
+      }
+    }
+  } catch {
+    // file vanished or permission denied — fall through to undefined
+  }
+  return undefined;
+}

package/src/hooks/types.ts CHANGED Viewed

@@ -1,10 +1,35 @@
 /**
- * Constants and interfaces for Claude Code hooks integration.
+ * Constants and interfaces for agent CLI hooks integrations (Claude Code, OpenAI Codex, …).
  */
 export const HOOK_SCOPES = ["user", "project", "local"] as const;
 export type HookScope = (typeof HOOK_SCOPES)[number];
+export const INTEGRATION_TYPES = ["claude", "codex"] as const;
+export type IntegrationType = (typeof INTEGRATION_TYPES)[number];
+export const CODEX_HOOK_SCOPES = ["user", "project"] as const;
+export type CodexHookScope = (typeof CODEX_HOOK_SCOPES)[number];
+export const CODEX_HOOK_EVENT_TYPES = [
+  "session_start",
+  "pre_tool_use",
+  "permission_request",
+  "post_tool_use",
+  "user_prompt_submit",
+  "stop",
+] as const;
+export type CodexHookEventType = (typeof CODEX_HOOK_EVENT_TYPES)[number];
+export const CODEX_EVENT_MAP: Record<CodexHookEventType, HookEventType> = {
+  session_start: "SessionStart",
+  pre_tool_use: "PreToolUse",
+  permission_request: "PermissionRequest",
+  post_tool_use: "PostToolUse",
+  user_prompt_submit: "UserPromptSubmit",
+  stop: "Stop",
+};
 export const HOOK_EVENT_TYPES = [
   "SessionStart",
   "SessionEnd",
@@ -32,6 +57,8 @@ export const HOOK_EVENT_TYPES = [
   "PostCompact",
   "Elicitation",
   "ElicitationResult",
+  "UserPromptExpansion",
+  "PostToolBatch",
 ] as const;
 export type HookEventType = (typeof HOOK_EVENT_TYPES)[number];
@@ -55,6 +82,8 @@ export interface SessionMetadata {
   cwd?: string;
   permissionMode?: string;
   hookEventName?: string;
+  /** Which agent CLI fired this hook (claude | codex). Set by handler.ts from --cli. */
+  cli?: IntegrationType;
 }
 export interface ClaudeSettings {