instar 1.2.76 → 1.2.77

package/dist/core/codexHookArm.js

@@ -0,0 +1,191 @@
+/**
+ * codexHookArm — arm instar's project-scoped Codex gate hooks so they actually run
+ * on a freshly-init'd agent without a human clicking "trust". P0 of codex-full-parity.
+ *
+ * G2 verdict (spec §P0): per-agent scoping comes from trust entries being keyed by the
+ * project hooks.json PATH, so arming only the agent's own project hooks never touches the
+ * operator's personal Codex. Mechanism: Codex's own trust flow (the "Trust all and continue"
+ * prompt), driven non-interactively — NOT the machine-wide managed-config (rejected, G1).
+ *
+ * Review gates baked in (spec §7 F1-F3):
+ *   F1 — manifest verify: only arm when the project hooks.json is exactly instar's own
+ *        (matches buildInstarCodexHookGroups); never blind-trust arbitrary on-disk hooks.
+ *        And the trust spawn runs WITHOUT the dangerous approvals/sandbox bypass flags.
+ *   F2 — idempotent + readback: skip the spawn entirely when already armed; after the spawn,
+ *        re-read config.toml and confirm the slots are now trusted (return armed=false if not).
+ *   F3 — never silently re-enable a user-disabled hook (enabled=false is left as the user set it).
+ *
+ * The fragile TUI keystroke step is injected (`trustDriver`) so the orchestration — the part
+ * that decides whether/what to arm and verifies the outcome — is unit-testable without a real
+ * codex. The default driver spawns interactive codex in tmux and sends the trust keystrokes;
+ * it is validated by test-as-self on a live agent, not by unit tests.
+ */
+import fs from 'node:fs';
+import path from 'node:path';
+import { execFileSync } from 'node:child_process';
+import { buildInstarCodexHookGroups, INSTAR_HOOK_PATH_MARKER } from './installCodexHooks.js';
+import { codexHooksArmingStatus, expectedHookSlots } from './codexHookTrust.js';
+function readConfigToml(codexHome) {
+    const p = path.join(codexHome, 'config.toml');
+    try {
+        return fs.readFileSync(p, 'utf-8');
+    }
+    catch {
+        return ''; // fresh agent — no config yet = nothing trusted
+    }
+}
+/**
+ * F1 manifest verify: is the project's `.codex/hooks.json` exactly instar's own set?
+ * We compare the instar-owned hook command paths the file declares against what
+ * buildInstarCodexHookGroups would produce. If the file is missing, malformed, or carries
+ * a hook command outside `.instar/hooks/instar/`, we refuse to arm (don't blind-trust).
+ */
+export function projectHooksAreInstarOwned(projectDir) {
+    const hooksPath = path.join(projectDir, '.codex', 'hooks.json');
+    let parsed;
+    try {
+        parsed = JSON.parse(fs.readFileSync(hooksPath, 'utf-8'));
+    }
+    catch {
+        return false;
+    }
+    const hooks = parsed.hooks ?? {};
+    const expected = buildInstarCodexHookGroups(projectDir);
+    // Every instar-owned command present must point under the instar hooks dir, and every
+    // event instar expects must be present with the expected command set.
+    for (const [event, groups] of Object.entries(expected)) {
+        const actualGroups = hooks[event] ?? [];
+        const expectedCmds = (groups[0]?.hooks ?? []).map((h) => h.command);
+        const actualCmds = (actualGroups[0]?.hooks ?? []).map((h) => h.command ?? '');
+        for (const cmd of expectedCmds) {
+            if (!actualCmds.includes(cmd))
+                return false; // expected instar hook missing
+        }
+    }
+    // No instar-owned command may live outside the instar hooks dir (anti-injection).
+    for (const groups of Object.values(hooks)) {
+        for (const group of groups ?? []) {
+            for (const h of group.hooks ?? []) {
+                const c = h.command ?? '';
+                if (c.includes(INSTAR_HOOK_PATH_MARKER)) {
+                    const abs = path.join(projectDir, INSTAR_HOOK_PATH_MARKER);
+                    if (!c.includes(abs))
+                        return false; // instar-marker path that isn't THIS project's
+                }
+            }
+        }
+    }
+    return true;
+}
+/**
+ * Arm the agent's project Codex hooks. Idempotent. Returns the outcome without throwing
+ * on a benign no-op; throws only on a programming error in the driver.
+ */
+export function armCodexHooks(opts) {
+    const codexHome = opts.codexHome || path.join(process.env.HOME || '', '.codex');
+    // Codex keys its [hooks.state] trust entries by the CANONICAL hooks.json path
+    // (it realpath-resolves the project dir — e.g. /tmp → /private/tmp on macOS). The
+    // readback must use the same canonical path or it false-negatives ("partial" when
+    // actually armed). Resolve the real project dir; fall back to the given path if it
+    // doesn't exist yet.
+    let realProjectDir = opts.projectDir;
+    try {
+        realProjectDir = fs.realpathSync(opts.projectDir);
+    }
+    catch { /* use as-is */ }
+    const hooksJsonPath = path.join(realProjectDir, '.codex', 'hooks.json');
+    const expectedSlots = expectedHookSlots(buildInstarCodexHookGroups(opts.projectDir));
+    // F2 — idempotency: already armed? skip the spawn entirely.
+    const before = codexHooksArmingStatus(readConfigToml(codexHome), hooksJsonPath, expectedSlots);
+    if (before.allArmed)
+        return { status: 'already-armed' };
+    // F1 — only arm instar's own verified hook set.
+    if (!projectHooksAreInstarOwned(opts.projectDir)) {
+        return { status: 'skipped', reason: 'project hooks.json is not instar-owned (manifest mismatch) — refusing to trust' };
+    }
+    // Drive Codex's trust flow (default = interactive tmux spawn + keystrokes; injected for tests).
+    const driver = opts.trustDriver ?? defaultTrustDriver;
+    driver({ projectDir: opts.projectDir, codexHome, hooksJsonPath });
+    // F2 — readback: confirm the slots are now trusted. F3 — surface (not silently fix) any that
+    // remain explicitly disabled (user choice; trust-all does not clear enabled=false).
+    const after = codexHooksArmingStatus(readConfigToml(codexHome), hooksJsonPath, expectedSlots);
+    if (after.allArmed)
+        return { status: 'armed' };
+    return { status: 'partial', untrusted: after.untrusted, disabled: after.disabled };
+}
+export function makeTmuxTrustDriver(deps) {
+    return function driveCodexTrustAll(ctx) {
+        const session = `instar-codex-arm-${Date.now().toString(36)}`;
+        const tmux = (args) => execFileSync(deps.tmuxPath, args, { encoding: 'utf-8', timeout: 10_000 });
+        // RULE 3.1 RATIONALE (state-detection): this capture-pane parse of Codex's TUI trust prompt is
+        // BEST-EFFORT and only gates WHEN to send the trust keystrokes — it never decides the
+        // outcome. The AUTHORITATIVE state detection is armCodexHooks' config.toml trust readback
+        // (codexHooksArmingStatus, robust line-based config parse, NOT TUI scraping). If the prompt
+        // wording drifts, this match fails → no keys sent → the readback reports not-armed
+        // (fail-safe, surfaced to the caller as `partial`) — never silent corruption. Drift
+        // detection for the prompt itself is the G5 runtime arming canary (spec §7, tracked).
+        // Registry: specs/provider-portability/06-state-detector-registry.md. <!-- tracked: codex-full-parity -->
+        const capture = () => {
+            try {
+                return tmux(['capture-pane', '-t', `${session}:`, '-p', '-S', '-60']);
+            }
+            catch {
+                return '';
+            }
+        };
+        try {
+            tmux(['new-session', '-d', '-s', session, '-c', ctx.projectDir, '-x', '200', '-y', '50',
+                '-e', `CODEX_HOME=${ctx.codexHome}`]);
+            // Launch interactive codex — NO --dangerously-bypass-* flags (F1).
+            const launch = `${deps.codexBinary}${deps.model ? ` -m ${deps.model}` : ''}`;
+            tmux(['send-keys', '-t', `${session}:`, launch, 'Enter']);
+            // A fresh project shows up to TWO prompts in sequence: (1) "Do you trust the contents
+            // of this directory?" (cursor on "Yes, continue") then (2) the hook-trust prompt
+            // ("1. Review / 2. Trust all and continue / 3. Continue without"). Production agent dirs
+            // are usually pre-trusted so (1) is skipped — but handle both so the driver is robust.
+            // State machine, bounded ~50s total (codex cold-start + two prompts).
+            let handledDirTrust = false;
+            let handledHookTrust = false;
+            const deadline = Date.now() + 50_000;
+            while (Date.now() < deadline && !handledHookTrust) {
+                const pane = capture();
+                if (!handledHookTrust && /Trust all and continue|Hooks need review|hook is new or changed/i.test(pane)) {
+                    // Hook-trust prompt: cursor on "1. Review hooks"; Down → "Trust all and continue", Enter.
+                    tmux(['send-keys', '-t', `${session}:`, 'Down']);
+                    execFileSync('sleep', ['1']);
+                    tmux(['send-keys', '-t', `${session}:`, 'Enter']);
+                    handledHookTrust = true;
+                    execFileSync('sleep', ['3']);
+                    break;
+                }
+                if (!handledDirTrust && /trust the contents of this directory|Do you trust/i.test(pane)) {
+                    // Dir-trust prompt: cursor on "1. Yes, continue" → Enter accepts (do NOT move down,
+                    // which would select "No, quit").
+                    tmux(['send-keys', '-t', `${session}:`, 'Enter']);
+                    handledDirTrust = true;
+                    execFileSync('sleep', ['2']);
+                    continue;
+                }
+                execFileSync('sleep', ['2']);
+            }
+            if (!handledHookTrust)
+                return; // readback will report not-armed; caller decides
+        }
+        finally {
+            // Exit codex + tear down the pane (best-effort).
+            try {
+                tmux(['send-keys', '-t', `${session}:`, 'C-c']);
+            }
+            catch { /* noop */ }
+            try {
+                tmux(['kill-session', '-t', session]);
+            }
+            catch { /* noop */ }
+        }
+    };
+}
+/** Placeholder default driver — real callers pass a configured driver via opts.trustDriver. */
+function defaultTrustDriver(_ctx) {
+    throw new Error('armCodexHooks: no trustDriver provided — pass makeTmuxTrustDriver({tmuxPath, codexBinary}) from the caller');
+}
+//# sourceMappingURL=codexHookArm.js.map

package/dist/core/codexHookArm.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"codexHookArm.js","sourceRoot":"","sources":["../../src/core/codexHookArm.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAEH,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,0BAA0B,EAAE,uBAAuB,EAAE,MAAM,wBAAwB,CAAC;AAC7F,OAAO,EAAE,sBAAsB,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAmBhF,SAAS,cAAc,CAAC,SAAiB;IACvC,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;IAC9C,IAAI,CAAC;QACH,OAAO,EAAE,CAAC,YAAY,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;IACrC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC,CAAC,gDAAgD;IAC7D,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,0BAA0B,CAAC,UAAkB;IAC3D,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,EAAE,YAAY,CAAC,CAAC;IAChE,IAAI,MAAkF,CAAC;IACvF,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC;IAC3D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC;IACjC,MAAM,QAAQ,GAAG,0BAA0B,CAAC,UAAU,CAAC,CAAC;IACxD,sFAAsF;IACtF,sEAAsE;IACtE,KAAK,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACvD,MAAM,YAAY,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;QACxC,MAAM,YAAY,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;QACpE,MAAM,UAAU,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC;QAC9E,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;YAC/B,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC;gBAAE,OAAO,KAAK,CAAC,CAAC,+BAA+B;QAC9E,CAAC;IACH,CAAC;IACD,kFAAkF;IAClF,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1C,KAAK,MAAM,KAAK,IAAI,MAAM,IAAI,EAAE,EAAE,CAAC;YACjC,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,KAAK,IAAI,EAAE,EAAE,CAAC;gBAClC,MAAM,CAAC,GAAG,CAAC,CAAC,OAAO,IAAI,EAAE,CAAC;gBAC1B,IAAI,CAAC,CAAC,QAAQ,CAAC,uBAAuB,CAAC,EAAE,CAAC;oBACxC,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,uBAAuB,CAAC,CAAC;oBAC3D,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC;wBAAE,OAAO,KAAK,CAAC,CAAC,+CAA+C;gBACrF,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,IAA0B;IACtD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,EAAE,QAAQ,CAAC,CAAC;IAChF,8EAA8E;IAC9E,kFAAkF;IAClF,kFAAkF;IAClF,mFAAmF;IACnF,qBAAqB;IACrB,IAAI,cAAc,GAAG,IAAI,CAAC,UAAU,CAAC;IACrC,IAAI,CAAC;QAAC,cAAc,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC;IACpF,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,QAAQ,EAAE,YAAY,CAAC,CAAC;IACxE,MAAM,aAAa,GAAG,iBAAiB,CAAC,0BAA0B,CAAC,IAAI,CAAC,UAAU,CAAQ,CAAC,CAAC;IAE5F,4DAA4D;IAC5D,MAAM,MAAM,GAAG,sBAAsB,CAAC,cAAc,CAAC,SAAS,CAAC,EAAE,aAAa,EAAE,aAAa,CAAC,CAAC;IAC/F,IAAI,MAAM,CAAC,QAAQ;QAAE,OAAO,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;IAExD,gDAAgD;IAChD,IAAI,CAAC,0BAA0B,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;QACjD,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,gFAAgF,EAAE,CAAC;IACzH,CAAC;IAED,gGAAgG;IAChG,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,IAAI,kBAAkB,CAAC;IACtD,MAAM,CAAC,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE,SAAS,EAAE,aAAa,EAAE,CAAC,CAAC;IAElE,6FAA6F;IAC7F,oFAAoF;IACpF,MAAM,KAAK,GAAG,sBAAsB,CAAC,cAAc,CAAC,SAAS,CAAC,EAAE,aAAa,EAAE,aAAa,CAAC,CAAC;IAC9F,IAAI,KAAK,CAAC,QAAQ;QAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IAC/C,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,QAAQ,EAAE,KAAK,CAAC,QAAQ,EAAE,CAAC;AACrF,CAAC;AAgBD,MAAM,UAAU,mBAAmB,CAAC,IAAqB;IACvD,OAAO,SAAS,kBAAkB,CAAC,GAAqE;QACtG,MAAM,OAAO,GAAG,oBAAoB,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;QAC9D,MAAM,IAAI,GAAG,CAAC,IAAc,EAAE,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;QAC3G,+FAA+F;QAC/F,sFAAsF;QACtF,0FAA0F;QAC1F,4FAA4F;QAC5F,mFAAmF;QACnF,oFAAoF;QACpF,sFAAsF;QACtF,0GAA0G;QAC1G,MAAM,OAAO,GAAG,GAAW,EAAE;YAC3B,IAAI,CAAC;gBAAC,OAAO,IAAI,CAAC,CAAC,cAAc,EAAE,IAAI,EAAE,GAAG,OAAO,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;YAAC,CAAC;YAAC,MAAM,CAAC;gBAAC,OAAO,EAAE,CAAC;YAAC,CAAC;QACrG,CAAC,CAAC;QACF,IAAI,CAAC;YACH,IAAI,CAAC,CAAC,aAAa,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC,UAAU,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI;gBACrF,IAAI,EAAE,cAAc,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;YACxC,mEAAmE;YACnE,MAAM,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;YAC7E,IAAI,CAAC,CAAC,WAAW,EAAE,IAAI,EAAE,GAAG,OAAO,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;YAC1D,sFAAsF;YACtF,iFAAiF;YACjF,yFAAyF;YACzF,uFAAuF;YACvF,sEAAsE;YACtE,IAAI,eAAe,GAAG,KAAK,CAAC;YAC5B,IAAI,gBAAgB,GAAG,KAAK,CAAC;YAC7B,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC;YACrC,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBAClD,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;gBACvB,IAAI,CAAC,gBAAgB,IAAI,kEAAkE,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBACvG,0FAA0F;oBAC1F,IAAI,CAAC,CAAC,WAAW,EAAE,IAAI,EAAE,GAAG,OAAO,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC;oBACjD,YAAY,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;oBAC7B,IAAI,CAAC,CAAC,WAAW,EAAE,IAAI,EAAE,GAAG,OAAO,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC;oBAClD,gBAAgB,GAAG,IAAI,CAAC;oBACxB,YAAY,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;oBAC7B,MAAM;gBACR,CAAC;gBACD,IAAI,CAAC,eAAe,IAAI,oDAAoD,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBACxF,oFAAoF;oBACpF,kCAAkC;oBAClC,IAAI,CAAC,CAAC,WAAW,EAAE,IAAI,EAAE,GAAG,OAAO,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC;oBAClD,eAAe,GAAG,IAAI,CAAC;oBACvB,YAAY,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;oBAC7B,SAAS;gBACX,CAAC;gBACD,YAAY,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;YAC/B,CAAC;YACD,IAAI,CAAC,gBAAgB;gBAAE,OAAO,CAAC,iDAAiD;QAClF,CAAC;gBAAS,CAAC;YACT,iDAAiD;YACjD,IAAI,CAAC;gBAAC,IAAI,CAAC,CAAC,WAAW,EAAE,IAAI,EAAE,GAAG,OAAO,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;YAAC,CAAC;YAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC;YAC7E,IAAI,CAAC;gBAAC,IAAI,CAAC,CAAC,cAAc,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC;YAAC,CAAC;YAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC;QACrE,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED,+FAA+F;AAC/F,SAAS,kBAAkB,CAAC,IAAsE;IAChG,MAAM,IAAI,KAAK,CAAC,4GAA4G,CAAC,CAAC;AAChI,CAAC"}

package/dist/core/codexHookTrust.d.ts

@@ -0,0 +1,52 @@
+/**
+ * codexHookTrust — read/verify Codex's per-hook trust state for instar's
+ * project-scoped gate hooks. P0 of the codex-full-parity spec.
+ *
+ * WHY: Codex 0.133 runs a hook only if its content hash matches a `trusted_hash`
+ * entry in `$CODEX_HOME/config.toml [hooks.state]`. instar writes its gates to the
+ * agent's PROJECT `.codex/hooks.json`; the trust entries are keyed by that file's
+ * path (`<hooks.json-path>:<event>:<group>:<idx>`), so arming them only affects
+ * that agent's project — the operator's personal Codex (run from another cwd) never
+ * loads them (G2 verdict, spec §P0). A freshly-init'd Codex agent has these UNtrusted
+ * → its safety guards are dark until armed. This module is the read/verify half
+ * (idempotency + post-arm readback); the arming spawn lives in codexHookArm.
+ *
+ * No TOML dependency (instar deliberately avoids one — see mcpToolRegistry). The
+ * `[hooks.state]` block is simple enough to parse line-based for the specific
+ * project-path-keyed entries we care about.
+ */
+export interface CodexHookTrustEntry {
+    /** The full state key: `<hooks.json-path>:<event>:<group>:<idx>`. */
+    key: string;
+    /** `<event>:<group>:<idx>` portion (path-stripped). */
+    slot: string;
+    trustedHash: string | null;
+    /** Codex omits `enabled` when true; an explicit `enabled = false` disables the hook. */
+    enabled: boolean;
+}
+/**
+ * Parse the `[hooks.state]` entries from a `config.toml` body that belong to a
+ * specific hooks.json path. Returns one entry per `<event>:<group>:<idx>` slot.
+ *
+ * Matches the on-disk shape:
+ *   [hooks.state."/abs/.codex/hooks.json:stop:0:0"]
+ *   trusted_hash = "sha256:..."
+ *   enabled = false        # only present when disabled
+ */
+export declare function parseCodexHookTrust(configTomlBody: string, hooksJsonPath: string): CodexHookTrustEntry[];
+/**
+ * Idempotency check (F2): are ALL of the agent's project hooks trusted + enabled?
+ * `expectedSlots` is the set of `<event>:<group>:<idx>` slots instar wrote into the
+ * project hooks.json (derived from buildInstarCodexHookGroups). Returns the slots
+ * that still need arming (untrusted) and the ones explicitly disabled (enabled=false,
+ * which "trust all" does NOT clear — F3: never silently re-enable a user-disabled hook).
+ */
+export declare function codexHooksArmingStatus(configTomlBody: string, hooksJsonPath: string, expectedSlots: string[]): {
+    untrusted: string[];
+    disabled: string[];
+    allArmed: boolean;
+};
+export declare function expectedHookSlots(hooks: Record<string, Array<{
+    hooks?: unknown[];
+}>>): string[];
+//# sourceMappingURL=codexHookTrust.d.ts.map

package/dist/core/codexHookTrust.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"codexHookTrust.d.ts","sourceRoot":"","sources":["../../src/core/codexHookTrust.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,MAAM,WAAW,mBAAmB;IAClC,qEAAqE;IACrE,GAAG,EAAE,MAAM,CAAC;IACZ,uDAAuD;IACvD,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,wFAAwF;IACxF,OAAO,EAAE,OAAO,CAAC;CAClB;AAED;;;;;;;;GAQG;AACH,wBAAgB,mBAAmB,CACjC,cAAc,EAAE,MAAM,EACtB,aAAa,EAAE,MAAM,GACpB,mBAAmB,EAAE,CA0BvB;AAED;;;;;;GAMG;AACH,wBAAgB,sBAAsB,CACpC,cAAc,EAAE,MAAM,EACtB,aAAa,EAAE,MAAM,EACrB,aAAa,EAAE,MAAM,EAAE,GACtB;IAAE,SAAS,EAAE,MAAM,EAAE,CAAC;IAAC,QAAQ,EAAE,MAAM,EAAE,CAAC;IAAC,QAAQ,EAAE,OAAO,CAAA;CAAE,CAchE;AAoBD,wBAAgB,iBAAiB,CAC/B,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC;IAAE,KAAK,CAAC,EAAE,OAAO,EAAE,CAAA;CAAE,CAAC,CAAC,GAClD,MAAM,EAAE,CAaV"}

package/dist/core/codexHookTrust.js

@@ -0,0 +1,114 @@
+/**
+ * codexHookTrust — read/verify Codex's per-hook trust state for instar's
+ * project-scoped gate hooks. P0 of the codex-full-parity spec.
+ *
+ * WHY: Codex 0.133 runs a hook only if its content hash matches a `trusted_hash`
+ * entry in `$CODEX_HOME/config.toml [hooks.state]`. instar writes its gates to the
+ * agent's PROJECT `.codex/hooks.json`; the trust entries are keyed by that file's
+ * path (`<hooks.json-path>:<event>:<group>:<idx>`), so arming them only affects
+ * that agent's project — the operator's personal Codex (run from another cwd) never
+ * loads them (G2 verdict, spec §P0). A freshly-init'd Codex agent has these UNtrusted
+ * → its safety guards are dark until armed. This module is the read/verify half
+ * (idempotency + post-arm readback); the arming spawn lives in codexHookArm.
+ *
+ * No TOML dependency (instar deliberately avoids one — see mcpToolRegistry). The
+ * `[hooks.state]` block is simple enough to parse line-based for the specific
+ * project-path-keyed entries we care about.
+ */
+/**
+ * Parse the `[hooks.state]` entries from a `config.toml` body that belong to a
+ * specific hooks.json path. Returns one entry per `<event>:<group>:<idx>` slot.
+ *
+ * Matches the on-disk shape:
+ *   [hooks.state."/abs/.codex/hooks.json:stop:0:0"]
+ *   trusted_hash = "sha256:..."
+ *   enabled = false        # only present when disabled
+ */
+export function parseCodexHookTrust(configTomlBody, hooksJsonPath) {
+    const entries = [];
+    const lines = configTomlBody.split('\n');
+    // A hooks.state header looks like: [hooks.state."<key>"]
+    const headerRe = /^\s*\[hooks\.state\."(.+)"\]\s*$/;
+    for (let i = 0; i < lines.length; i++) {
+        const m = lines[i].match(headerRe);
+        if (!m)
+            continue;
+        const key = m[1];
+        // Only entries for THIS project's hooks.json path.
+        if (!key.startsWith(hooksJsonPath + ':'))
+            continue;
+        const slot = key.slice(hooksJsonPath.length + 1);
+        let trustedHash = null;
+        let enabled = true; // default: Codex omits the field when trusted+enabled
+        // Scan the block body until the next header or blank-separated section.
+        for (let j = i + 1; j < lines.length; j++) {
+            const line = lines[j];
+            if (headerRe.test(line) || /^\s*\[/.test(line))
+                break; // next table
+            const th = line.match(/^\s*trusted_hash\s*=\s*"([^"]*)"\s*$/);
+            if (th)
+                trustedHash = th[1];
+            const en = line.match(/^\s*enabled\s*=\s*(true|false)\s*$/);
+            if (en)
+                enabled = en[1] === 'true';
+        }
+        entries.push({ key, slot, trustedHash, enabled });
+    }
+    return entries;
+}
+/**
+ * Idempotency check (F2): are ALL of the agent's project hooks trusted + enabled?
+ * `expectedSlots` is the set of `<event>:<group>:<idx>` slots instar wrote into the
+ * project hooks.json (derived from buildInstarCodexHookGroups). Returns the slots
+ * that still need arming (untrusted) and the ones explicitly disabled (enabled=false,
+ * which "trust all" does NOT clear — F3: never silently re-enable a user-disabled hook).
+ */
+export function codexHooksArmingStatus(configTomlBody, hooksJsonPath, expectedSlots) {
+    const entries = parseCodexHookTrust(configTomlBody, hooksJsonPath);
+    const bySlot = new Map(entries.map((e) => [e.slot, e]));
+    const untrusted = [];
+    const disabled = [];
+    for (const slot of expectedSlots) {
+        const e = bySlot.get(slot);
+        if (!e || !e.trustedHash) {
+            untrusted.push(slot);
+        }
+        else if (!e.enabled) {
+            disabled.push(slot);
+        }
+    }
+    return { untrusted, disabled, allArmed: untrusted.length === 0 && disabled.length === 0 };
+}
+/**
+ * Derive the `<event>:<group>:<idx>` slots from a Codex hooks.json config object
+ * (the shape buildInstarCodexHookGroups produces). Codex lowercases+snake_cases the
+ * event for the state key (PreToolUse → pre_tool_use, etc.).
+ */
+const EVENT_TO_STATE_KEY = {
+    PreToolUse: 'pre_tool_use',
+    PermissionRequest: 'permission_request',
+    PostToolUse: 'post_tool_use',
+    PreCompact: 'pre_compact',
+    PostCompact: 'post_compact',
+    SessionStart: 'session_start',
+    UserPromptSubmit: 'user_prompt_submit',
+    SubagentStart: 'subagent_start',
+    SubagentStop: 'subagent_stop',
+    Stop: 'stop',
+};
+export function expectedHookSlots(hooks) {
+    const slots = [];
+    for (const [event, groups] of Object.entries(hooks)) {
+        const stateEvent = EVENT_TO_STATE_KEY[event];
+        if (!stateEvent)
+            continue;
+        (groups ?? []).forEach((group, groupIdx) => {
+            const count = Array.isArray(group.hooks) ? group.hooks.length : 0;
+            for (let hookIdx = 0; hookIdx < count; hookIdx++) {
+                slots.push(`${stateEvent}:${groupIdx}:${hookIdx}`);
+            }
+        });
+    }
+    return slots;
+}
+//# sourceMappingURL=codexHookTrust.js.map

package/dist/core/codexHookTrust.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"codexHookTrust.js","sourceRoot":"","sources":["../../src/core/codexHookTrust.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAYH;;;;;;;;GAQG;AACH,MAAM,UAAU,mBAAmB,CACjC,cAAsB,EACtB,aAAqB;IAErB,MAAM,OAAO,GAA0B,EAAE,CAAC;IAC1C,MAAM,KAAK,GAAG,cAAc,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACzC,yDAAyD;IACzD,MAAM,QAAQ,GAAG,kCAAkC,CAAC;IACpD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QACnC,IAAI,CAAC,CAAC;YAAE,SAAS;QACjB,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACjB,mDAAmD;QACnD,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,aAAa,GAAG,GAAG,CAAC;YAAE,SAAS;QACnD,MAAM,IAAI,GAAG,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACjD,IAAI,WAAW,GAAkB,IAAI,CAAC;QACtC,IAAI,OAAO,GAAG,IAAI,CAAC,CAAC,sDAAsD;QAC1E,wEAAwE;QACxE,KAAK,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC1C,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,IAAI,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC;gBAAE,MAAM,CAAC,aAAa;YACpE,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAC;YAC9D,IAAI,EAAE;gBAAE,WAAW,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;YAC5B,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;YAC5D,IAAI,EAAE;gBAAE,OAAO,GAAG,EAAE,CAAC,CAAC,CAAC,KAAK,MAAM,CAAC;QACrC,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;IACpD,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,sBAAsB,CACpC,cAAsB,EACtB,aAAqB,EACrB,aAAuB;IAEvB,MAAM,OAAO,GAAG,mBAAmB,CAAC,cAAc,EAAE,aAAa,CAAC,CAAC;IACnE,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IACxD,MAAM,SAAS,GAAa,EAAE,CAAC;IAC/B,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;QACjC,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC3B,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;YACzB,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvB,CAAC;aAAM,IAAI,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;YACtB,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtB,CAAC;IACH,CAAC;IACD,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC,MAAM,KAAK,CAAC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;AAC5F,CAAC;AAED;;;;GAIG;AACH,MAAM,kBAAkB,GAA2B;IACjD,UAAU,EAAE,cAAc;IAC1B,iBAAiB,EAAE,oBAAoB;IACvC,WAAW,EAAE,eAAe;IAC5B,UAAU,EAAE,aAAa;IACzB,WAAW,EAAE,cAAc;IAC3B,YAAY,EAAE,eAAe;IAC7B,gBAAgB,EAAE,oBAAoB;IACtC,aAAa,EAAE,gBAAgB;IAC/B,YAAY,EAAE,eAAe;IAC7B,IAAI,EAAE,MAAM;CACb,CAAC;AAEF,MAAM,UAAU,iBAAiB,CAC/B,KAAmD;IAEnD,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACpD,MAAM,UAAU,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;QAC7C,IAAI,CAAC,UAAU;YAAE,SAAS;QAC1B,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,QAAQ,EAAE,EAAE;YACzC,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;YAClE,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,KAAK,EAAE,OAAO,EAAE,EAAE,CAAC;gBACjD,KAAK,CAAC,IAAI,CAAC,GAAG,UAAU,IAAI,QAAQ,IAAI,OAAO,EAAE,CAAC,CAAC;YACrD,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/core/installCodexHooks.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"installCodexHooks.d.ts","sourceRoot":"","sources":["../../src/core/installCodexHooks.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAKH,oFAAoF;AACpF,eAAO,MAAM,uBAAuB,0BAA0B,CAAC;AAE/D,UAAU,gBAAgB;IACxB,IAAI,EAAE,SAAS,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AACD,UAAU,cAAc;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,gBAAgB,EAAE,CAAC;CAC3B;AAMD,2FAA2F;AAC3F,wBAAgB,0BAA0B,CACxC,UAAU,EAAE,MAAM,GACjB,MAAM,CAAC,MAAM,EAAE,cAAc,EAAE,CAAC,CAiDlC;AAQD;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAwB5D"}
+{"version":3,"file":"installCodexHooks.d.ts","sourceRoot":"","sources":["../../src/core/installCodexHooks.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAKH,oFAAoF;AACpF,eAAO,MAAM,uBAAuB,0BAA0B,CAAC;AAE/D,UAAU,gBAAgB;IACxB,IAAI,EAAE,SAAS,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AACD,UAAU,cAAc;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,gBAAgB,EAAE,CAAC;CAC3B;AAMD,2FAA2F;AAC3F,wBAAgB,0BAA0B,CACxC,UAAU,EAAE,MAAM,GACjB,MAAM,CAAC,MAAM,EAAE,cAAc,EAAE,CAAC,CAwDlC;AAQD;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAwB5D"}

package/dist/core/installCodexHooks.js

@@ -54,26 +54,33 @@ export function buildInstarCodexHookGroups(projectDir) {
         // exec_command tool and blocks `rm -rf /`; with '*'/'' it did not fire at all).
         // Each script classifies and decides: dangerous-command-guard covers Codex's
         // native shell/exec_command (the main destructive surface); external-operation-gate
-        // covers mcp__* tools; grounding-before-messaging gates messaging commands. All
-        // read the command from Codex's stdin payload — Codex's exec_command puts it in
-        // tool_input.cmd (Claude uses tool_input.command); the scripts shim arg→stdin and
-        // accept both field names.
+        // covers mcp__* tools; grounding-before-messaging gates messaging commands;
+        // deferral-detector inspects messaging commands for false-blocker / orphan-TODO
+        // language (it is a PreToolUse hook on Claude too — NOT a Stop hook). All read the
+        // command from Codex's stdin payload — Codex's exec_command puts it in
+        // tool_input.cmd (Claude uses tool_input.command); the scripts accept both field
+        // names AND both tool names (Bash | exec_command).
         PreToolUse: [
-            { matcher: '.*', hooks: [sh('dangerous-command-guard.sh'), node('external-operation-gate.js'), sh('grounding-before-messaging.sh')] },
+            { matcher: '.*', hooks: [sh('dangerous-command-guard.sh'), node('external-operation-gate.js'), sh('grounding-before-messaging.sh'), node('deferral-detector.js')] },
         ],
         // Codex-only checkpoint. Routes to the same gate; the trust system
         // auto-decides (allow/deny) with NO human prompt so autonomy is preserved.
         PermissionRequest: [
             { matcher: '.*', hooks: [node('external-operation-gate.js')] },
         ],
-        // End-of-turn review: coherence/tone + deferral + scope-coherence checkpoint.
-        // All three are framework-neutral (read stdin, POST to the local server). Codex
-        // honors `{decision:"block", reason}` on Stop (verified in the 0.133 binary's
-        // StopCommandOutputWire) — the same grounding-pause semantics as Claude, NOT a
-        // hard termination. scope-coherence defaults to `approve` and self-throttles
-        // (depth threshold + 30-min cooldown), so it can't loop an autonomous Codex run.
+        // End-of-turn review trio — MUST MIRROR the Claude Stop trio
+        // (settings-template.json): response-review + claim-intercept-response +
+        // scope-coherence-checkpoint. (Earlier this wrongly substituted
+        // deferral-detector — a PreToolUse hook whose `tool_name==='Bash'` guard
+        // no-ops on a Stop payload; deferral-detector now lives on PreToolUse above,
+        // matching Claude.) All three are framework-neutral (read stdin, POST to the
+        // local server). Codex honors `{decision:"block", reason}` on Stop (verified
+        // in the 0.133 binary's StopCommandOutputWire) — the same grounding-pause
+        // semantics as Claude, NOT a hard termination. scope-coherence defaults to
+        // `approve` and self-throttles (depth threshold + 30-min cooldown), so it
+        // can't loop an autonomous Codex run.
         Stop: [
-            { matcher: '', hooks: [{ ...node('response-review.js'), timeout: 10000 }, node('deferral-detector.js'), node('scope-coherence-checkpoint.js')] },
+            { matcher: '', hooks: [{ ...node('response-review.js'), timeout: 10000 }, node('claim-intercept-response.js'), node('scope-coherence-checkpoint.js')] },
         ],
         // Identity/context injection.
         SessionStart: [

package/dist/core/installCodexHooks.js.map

@@ -1 +1 @@
-{"version":3,"file":"installCodexHooks.js","sourceRoot":"","sources":["../../src/core/installCodexHooks.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAEH,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,oFAAoF;AACpF,MAAM,CAAC,MAAM,uBAAuB,GAAG,uBAAuB,CAAC;AAgB/D,2FAA2F;AAC3F,MAAM,UAAU,0BAA0B,CACxC,UAAkB;IAElB,MAAM,IAAI,GAAG,CAAC,MAAc,EAAoB,EAAE,CAAC,CAAC;QAClD,IAAI,EAAE,SAAS;QACf,OAAO,EAAE,QAAQ,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,uBAAuB,EAAE,MAAM,CAAC,EAAE;QACzE,OAAO,EAAE,IAAI;KACd,CAAC,CAAC;IACH,MAAM,EAAE,GAAG,CAAC,MAAc,EAAoB,EAAE,CAAC,CAAC;QAChD,IAAI,EAAE,SAAS;QACf,OAAO,EAAE,QAAQ,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,uBAAuB,EAAE,MAAM,CAAC,EAAE;QACzE,OAAO,EAAE,IAAI;KACd,CAAC,CAAC;IAEH,OAAO;QACL,8EAA8E;QAC9E,0EAA0E;QAC1E,wEAAwE;QACxE,gFAAgF;QAChF,gFAAgF;QAChF,6EAA6E;QAC7E,oFAAoF;QACpF,gFAAgF;QAChF,gFAAgF;QAChF,kFAAkF;QAClF,2BAA2B;QAC3B,UAAU,EAAE;YACV,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,4BAA4B,CAAC,EAAE,IAAI,CAAC,4BAA4B,CAAC,EAAE,EAAE,CAAC,+BAA+B,CAAC,CAAC,EAAE;SACtI;QACD,mEAAmE;QACnE,2EAA2E;QAC3E,iBAAiB,EAAE;YACjB,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC,EAAE;SAC/D;QACD,8EAA8E;QAC9E,gFAAgF;QAChF,8EAA8E;QAC9E,+EAA+E;QAC/E,6EAA6E;QAC7E,iFAAiF;QACjF,IAAI,EAAE;YACJ,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,GAAG,IAAI,CAAC,oBAAoB,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,CAAC,sBAAsB,CAAC,EAAE,IAAI,CAAC,+BAA+B,CAAC,CAAC,EAAE;SACjJ;QACD,8BAA8B;QAC9B,YAAY,EAAE;YACZ,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,kBAAkB,CAAC,CAAC,EAAE;SACjD;QACD,gBAAgB,EAAE;YAChB,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,2BAA2B,CAAC,CAAC,EAAE;SAC1D;KACF,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CAAC,KAAqB;IAC/C,OAAO,CAAC,KAAK,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,CAC7B,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAC,CACpF,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAAC,UAAkB;IAClD,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IACjD,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC5C,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IAEpD,IAAI,MAAM,GAAqB,EAAE,CAAC;IAClC,IAAI,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC7B,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC;YAC/D,IAAI,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ;gBAAE,MAAM,GAAG,MAA0B,CAAC;QAChF,CAAC;QAAC,MAAM,CAAC;YACP,qDAAqD;QACvD,CAAC;IACH,CAAC;IACD,MAAM,KAAK,GAAG,CAAC,MAAM,CAAC,KAAK,KAAK,EAAE,CAAC,CAAC;IACpC,MAAM,OAAO,GAAG,0BAA0B,CAAC,UAAU,CAAC,CAAC;IAEvD,KAAK,MAAM,CAAC,KAAK,EAAE,YAAY,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5D,MAAM,UAAU,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9E,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,UAAU,EAAE,GAAG,YAAY,CAAC,CAAC;IAClD,CAAC;IAED,EAAE,CAAC,aAAa,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IACpE,OAAO,SAAS,CAAC;AACnB,CAAC"}
+{"version":3,"file":"installCodexHooks.js","sourceRoot":"","sources":["../../src/core/installCodexHooks.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAEH,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,oFAAoF;AACpF,MAAM,CAAC,MAAM,uBAAuB,GAAG,uBAAuB,CAAC;AAgB/D,2FAA2F;AAC3F,MAAM,UAAU,0BAA0B,CACxC,UAAkB;IAElB,MAAM,IAAI,GAAG,CAAC,MAAc,EAAoB,EAAE,CAAC,CAAC;QAClD,IAAI,EAAE,SAAS;QACf,OAAO,EAAE,QAAQ,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,uBAAuB,EAAE,MAAM,CAAC,EAAE;QACzE,OAAO,EAAE,IAAI;KACd,CAAC,CAAC;IACH,MAAM,EAAE,GAAG,CAAC,MAAc,EAAoB,EAAE,CAAC,CAAC;QAChD,IAAI,EAAE,SAAS;QACf,OAAO,EAAE,QAAQ,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,uBAAuB,EAAE,MAAM,CAAC,EAAE;QACzE,OAAO,EAAE,IAAI;KACd,CAAC,CAAC;IAEH,OAAO;QACL,8EAA8E;QAC9E,0EAA0E;QAC1E,wEAAwE;QACxE,gFAAgF;QAChF,gFAAgF;QAChF,6EAA6E;QAC7E,oFAAoF;QACpF,4EAA4E;QAC5E,gFAAgF;QAChF,mFAAmF;QACnF,uEAAuE;QACvE,iFAAiF;QACjF,mDAAmD;QACnD,UAAU,EAAE;YACV,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,4BAA4B,CAAC,EAAE,IAAI,CAAC,4BAA4B,CAAC,EAAE,EAAE,CAAC,+BAA+B,CAAC,EAAE,IAAI,CAAC,sBAAsB,CAAC,CAAC,EAAE;SACpK;QACD,mEAAmE;QACnE,2EAA2E;QAC3E,iBAAiB,EAAE;YACjB,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC,EAAE;SAC/D;QACD,6DAA6D;QAC7D,yEAAyE;QACzE,gEAAgE;QAChE,yEAAyE;QACzE,6EAA6E;QAC7E,6EAA6E;QAC7E,6EAA6E;QAC7E,0EAA0E;QAC1E,2EAA2E;QAC3E,0EAA0E;QAC1E,sCAAsC;QACtC,IAAI,EAAE;YACJ,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,GAAG,IAAI,CAAC,oBAAoB,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,CAAC,6BAA6B,CAAC,EAAE,IAAI,CAAC,+BAA+B,CAAC,CAAC,EAAE;SACxJ;QACD,8BAA8B;QAC9B,YAAY,EAAE;YACZ,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,kBAAkB,CAAC,CAAC,EAAE;SACjD;QACD,gBAAgB,EAAE;YAChB,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,2BAA2B,CAAC,CAAC,EAAE;SAC1D;KACF,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CAAC,KAAqB;IAC/C,OAAO,CAAC,KAAK,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,CAC7B,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAC,CACpF,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAAC,UAAkB;IAClD,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IACjD,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC5C,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IAEpD,IAAI,MAAM,GAAqB,EAAE,CAAC;IAClC,IAAI,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC7B,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC;YAC/D,IAAI,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ;gBAAE,MAAM,GAAG,MAA0B,CAAC;QAChF,CAAC;QAAC,MAAM,CAAC;YACP,qDAAqD;QACvD,CAAC;IACH,CAAC;IACD,MAAM,KAAK,GAAG,CAAC,MAAM,CAAC,KAAK,KAAK,EAAE,CAAC,CAAC;IACpC,MAAM,OAAO,GAAG,0BAA0B,CAAC,UAAU,CAAC,CAAC;IAEvD,KAAK,MAAM,CAAC,KAAK,EAAE,YAAY,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5D,MAAM,UAAU,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9E,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,UAAU,EAAE,GAAG,YAAY,CAAC,CAAC;IAClD,CAAC;IAED,EAAE,CAAC,aAAa,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IACpE,OAAO,SAAS,CAAC;AACnB,CAAC"}

package/dist/core/types.d.ts

@@ -52,6 +52,10 @@ export interface Session {
      *  model id. Per-framework resolution happens in the headless/
      *  interactive launch builders, not at the session-state level. */
     model?: ModelTier | string;
+    /** The AI framework/engine powering this session. Carried so the dashboard
+     *  renders engine-aware (a Codex session must not display as a Claude one).
+     *  Populated at spawn from the resolved framework; undefined on legacy records. */
+    framework?: 'claude-code' | 'codex-cli';
     /** The initial prompt/instruction sent to the framework's CLI */
     prompt?: string;
     /** Maximum duration in minutes before the session is killed */