npm - oh-my-codex - Versions diffs - 0.18.11 → 0.18.13 - Mend

oh-my-codex 0.18.11 → 0.18.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (196) hide show

package/Cargo.lock +6 -6
package/Cargo.toml +1 -1
package/README.md +9 -1
package/dist/autopilot/__tests__/ralplan-gate.test.js +668 -0
package/dist/autopilot/__tests__/ralplan-gate.test.js.map +1 -1
package/dist/autopilot/completion-gate.d.ts +10 -0
package/dist/autopilot/completion-gate.d.ts.map +1 -0
package/dist/autopilot/completion-gate.js +154 -0
package/dist/autopilot/completion-gate.js.map +1 -0
package/dist/autopilot/ralplan-gate.d.ts.map +1 -1
package/dist/autopilot/ralplan-gate.js +42 -21
package/dist/autopilot/ralplan-gate.js.map +1 -1
package/dist/cli/__tests__/codex-plugin-layout.test.js +46 -3
package/dist/cli/__tests__/codex-plugin-layout.test.js.map +1 -1
package/dist/cli/__tests__/doctor-invalid-config.test.js +35 -0
package/dist/cli/__tests__/doctor-invalid-config.test.js.map +1 -1
package/dist/cli/__tests__/doctor-warning-copy.test.js +317 -0
package/dist/cli/__tests__/doctor-warning-copy.test.js.map +1 -1
package/dist/cli/__tests__/index.test.js +120 -2
package/dist/cli/__tests__/index.test.js.map +1 -1
package/dist/cli/__tests__/launch-fallback.test.js +1 -1
package/dist/cli/__tests__/launch-fallback.test.js.map +1 -1
package/dist/cli/__tests__/resume.test.js +217 -1
package/dist/cli/__tests__/resume.test.js.map +1 -1
package/dist/cli/__tests__/session-scoped-runtime.test.js +101 -0
package/dist/cli/__tests__/session-scoped-runtime.test.js.map +1 -1
package/dist/cli/__tests__/session-search-help.test.js +3 -2
package/dist/cli/__tests__/session-search-help.test.js.map +1 -1
package/dist/cli/__tests__/session-search.test.js +64 -2
package/dist/cli/__tests__/session-search.test.js.map +1 -1
package/dist/cli/__tests__/setup-agents-overwrite.test.js +289 -1
package/dist/cli/__tests__/setup-agents-overwrite.test.js.map +1 -1
package/dist/cli/__tests__/setup-install-mode.test.js +290 -17
package/dist/cli/__tests__/setup-install-mode.test.js.map +1 -1
package/dist/cli/__tests__/setup-prompts-overwrite.test.js +74 -0
package/dist/cli/__tests__/setup-prompts-overwrite.test.js.map +1 -1
package/dist/cli/__tests__/setup-scope.test.js +45 -0
package/dist/cli/__tests__/setup-scope.test.js.map +1 -1
package/dist/cli/__tests__/state.test.js +93 -0
package/dist/cli/__tests__/state.test.js.map +1 -1
package/dist/cli/__tests__/update.test.js +157 -3
package/dist/cli/__tests__/update.test.js.map +1 -1
package/dist/cli/__tests__/version-sync-contract.test.js +2 -0
package/dist/cli/__tests__/version-sync-contract.test.js.map +1 -1
package/dist/cli/doctor.d.ts.map +1 -1
package/dist/cli/doctor.js +90 -12
package/dist/cli/doctor.js.map +1 -1
package/dist/cli/index.d.ts +13 -4
package/dist/cli/index.d.ts.map +1 -1
package/dist/cli/index.js +439 -46
package/dist/cli/index.js.map +1 -1
package/dist/cli/project-runtime-codex-homes.d.ts +6 -0
package/dist/cli/project-runtime-codex-homes.d.ts.map +1 -0
package/dist/cli/project-runtime-codex-homes.js +27 -0
package/dist/cli/project-runtime-codex-homes.js.map +1 -0
package/dist/cli/session-search.d.ts.map +1 -1
package/dist/cli/session-search.js +8 -1
package/dist/cli/session-search.js.map +1 -1
package/dist/cli/setup.d.ts +2 -2
package/dist/cli/setup.d.ts.map +1 -1
package/dist/cli/setup.js +482 -126
package/dist/cli/setup.js.map +1 -1
package/dist/cli/state.d.ts.map +1 -1
package/dist/cli/state.js +79 -8
package/dist/cli/state.js.map +1 -1
package/dist/cli/update.d.ts +1 -0
package/dist/cli/update.d.ts.map +1 -1
package/dist/cli/update.js +42 -10
package/dist/cli/update.js.map +1 -1
package/dist/config/__tests__/codex-hooks.test.js +73 -29
package/dist/config/__tests__/codex-hooks.test.js.map +1 -1
package/dist/config/codex-hooks.d.ts +14 -0
package/dist/config/codex-hooks.d.ts.map +1 -1
package/dist/config/codex-hooks.js +54 -51
package/dist/config/codex-hooks.js.map +1 -1
package/dist/config/generator.d.ts +1 -1
package/dist/config/generator.d.ts.map +1 -1
package/dist/config/generator.js +1 -1
package/dist/config/generator.js.map +1 -1
package/dist/hooks/__tests__/best-practice-research-skill.test.js +12 -0
package/dist/hooks/__tests__/best-practice-research-skill.test.js.map +1 -1
package/dist/hud/__tests__/authority.test.js +45 -12
package/dist/hud/__tests__/authority.test.js.map +1 -1
package/dist/hud/__tests__/reconcile.test.js +95 -0
package/dist/hud/__tests__/reconcile.test.js.map +1 -1
package/dist/hud/__tests__/render.test.js +6 -6
package/dist/hud/__tests__/render.test.js.map +1 -1
package/dist/hud/__tests__/tmux.test.js +2 -2
package/dist/hud/__tests__/tmux.test.js.map +1 -1
package/dist/hud/authority.d.ts.map +1 -1
package/dist/hud/authority.js +17 -2
package/dist/hud/authority.js.map +1 -1
package/dist/hud/index.js +1 -4
package/dist/hud/index.js.map +1 -1
package/dist/hud/reconcile.d.ts.map +1 -1
package/dist/hud/reconcile.js +42 -0
package/dist/hud/reconcile.js.map +1 -1
package/dist/hud/render.d.ts.map +1 -1
package/dist/hud/render.js +6 -0
package/dist/hud/render.js.map +1 -1
package/dist/hud/tmux.d.ts.map +1 -1
package/dist/hud/tmux.js +5 -4
package/dist/hud/tmux.js.map +1 -1
package/dist/mcp/__tests__/bootstrap.test.js +31 -1
package/dist/mcp/__tests__/bootstrap.test.js.map +1 -1
package/dist/mcp/bootstrap.d.ts +1 -0
package/dist/mcp/bootstrap.d.ts.map +1 -1
package/dist/mcp/bootstrap.js +32 -0
package/dist/mcp/bootstrap.js.map +1 -1
package/dist/modes/__tests__/base-autopilot-gates.test.d.ts +2 -0
package/dist/modes/__tests__/base-autopilot-gates.test.d.ts.map +1 -0
package/dist/modes/__tests__/base-autopilot-gates.test.js +154 -0
package/dist/modes/__tests__/base-autopilot-gates.test.js.map +1 -0
package/dist/modes/base.d.ts +4 -1
package/dist/modes/base.d.ts.map +1 -1
package/dist/modes/base.js +71 -1
package/dist/modes/base.js.map +1 -1
package/dist/pipeline/__tests__/orchestrator.test.js +144 -3
package/dist/pipeline/__tests__/orchestrator.test.js.map +1 -1
package/dist/pipeline/__tests__/stages.test.js +109 -0
package/dist/pipeline/__tests__/stages.test.js.map +1 -1
package/dist/pipeline/orchestrator.d.ts.map +1 -1
package/dist/pipeline/orchestrator.js +11 -4
package/dist/pipeline/orchestrator.js.map +1 -1
package/dist/pipeline/stages/code-review.d.ts +2 -0
package/dist/pipeline/stages/code-review.d.ts.map +1 -1
package/dist/pipeline/stages/code-review.js +2 -0
package/dist/pipeline/stages/code-review.js.map +1 -1
package/dist/pipeline/stages/ultraqa.d.ts +3 -0
package/dist/pipeline/stages/ultraqa.d.ts.map +1 -1
package/dist/pipeline/stages/ultraqa.js +3 -0
package/dist/pipeline/stages/ultraqa.js.map +1 -1
package/dist/ralplan/__tests__/consensus-gate.test.d.ts +2 -0
package/dist/ralplan/__tests__/consensus-gate.test.d.ts.map +1 -0
package/dist/ralplan/__tests__/consensus-gate.test.js +631 -0
package/dist/ralplan/__tests__/consensus-gate.test.js.map +1 -0
package/dist/ralplan/consensus-gate.d.ts +9 -1
package/dist/ralplan/consensus-gate.d.ts.map +1 -1
package/dist/ralplan/consensus-gate.js +287 -65
package/dist/ralplan/consensus-gate.js.map +1 -1
package/dist/scripts/__tests__/codex-native-hook.test.js +481 -0
package/dist/scripts/__tests__/codex-native-hook.test.js.map +1 -1
package/dist/scripts/codex-native-hook.d.ts.map +1 -1
package/dist/scripts/codex-native-hook.js +145 -25
package/dist/scripts/codex-native-hook.js.map +1 -1
package/dist/scripts/codex-native-pre-post.d.ts +1 -0
package/dist/scripts/codex-native-pre-post.d.ts.map +1 -1
package/dist/scripts/codex-native-pre-post.js +130 -0
package/dist/scripts/codex-native-pre-post.js.map +1 -1
package/dist/session-history/__tests__/search.test.js +166 -0
package/dist/session-history/__tests__/search.test.js.map +1 -1
package/dist/session-history/search.d.ts +7 -0
package/dist/session-history/search.d.ts.map +1 -1
package/dist/session-history/search.js +83 -24
package/dist/session-history/search.js.map +1 -1
package/dist/sidecar/__tests__/collector.test.js +60 -0
package/dist/sidecar/__tests__/collector.test.js.map +1 -1
package/dist/sidecar/collector.d.ts.map +1 -1
package/dist/sidecar/collector.js +3 -6
package/dist/sidecar/collector.js.map +1 -1
package/dist/state/__tests__/operations.test.js +622 -0
package/dist/state/__tests__/operations.test.js.map +1 -1
package/dist/state/__tests__/skill-active.test.js +82 -0
package/dist/state/__tests__/skill-active.test.js.map +1 -1
package/dist/state/operations.d.ts.map +1 -1
package/dist/state/operations.js +31 -9
package/dist/state/operations.js.map +1 -1
package/dist/state/skill-active.d.ts.map +1 -1
package/dist/state/skill-active.js +41 -1
package/dist/state/skill-active.js.map +1 -1
package/dist/team/__tests__/runtime.test.js +81 -57
package/dist/team/__tests__/runtime.test.js.map +1 -1
package/dist/team/runtime.js +4 -4
package/dist/team/runtime.js.map +1 -1
package/dist/utils/__tests__/paths.test.js +23 -0
package/dist/utils/__tests__/paths.test.js.map +1 -1
package/dist/utils/__tests__/version.test.js +27 -0
package/dist/utils/__tests__/version.test.js.map +1 -1
package/dist/utils/paths.d.ts.map +1 -1
package/dist/utils/paths.js +4 -2
package/dist/utils/paths.js.map +1 -1
package/dist/utils/version.d.ts.map +1 -1
package/dist/utils/version.js +7 -2
package/dist/utils/version.js.map +1 -1
package/dist/verification/__tests__/ci-rust-gates.test.js +4 -2
package/dist/verification/__tests__/ci-rust-gates.test.js.map +1 -1
package/dist/verification/__tests__/dev-merge-issue-close-workflow.test.js +71 -3
package/dist/verification/__tests__/dev-merge-issue-close-workflow.test.js.map +1 -1
package/package.json +1 -1
package/plugins/oh-my-codex/.codex-plugin/plugin.json +1 -1
package/plugins/oh-my-codex/hooks/codex-native-hook.mjs +53 -2
package/plugins/oh-my-codex/skills/best-practice-research/SKILL.md +6 -1
package/skills/best-practice-research/SKILL.md +6 -1
package/src/scripts/__tests__/codex-native-hook.test.ts +615 -0
package/src/scripts/codex-native-hook.ts +162 -32
package/src/scripts/codex-native-pre-post.ts +137 -0

package/src/scripts/__tests__/codex-native-hook.test.ts CHANGED Viewed

@@ -1464,6 +1464,156 @@ describe("codex native hook dispatch", () => {
     }
   });
+  it("suppresses child-agent SessionStart and Stop before the canonical leader session is reconciled (#2831)", async () => {
+    const cwd = await mkdtemp(join(tmpdir(), "omx-native-hook-subagent-no-canonical-"));
+    const originalCodexHome = process.env.CODEX_HOME;
+    try {
+      process.env.CODEX_HOME = join(cwd, "codex-home");
+      await writeJson(join(process.env.CODEX_HOME, ".omx-config.json"), {
+        notifications: {
+          enabled: true,
+          verbosity: "session",
+          telegram: { enabled: true, botToken: "123:abc", chatId: "456" },
+        },
+      });
+      const stateDir = join(cwd, ".omx", "state");
+      const leaderNativeSessionId = "codex-leader-thread-no-canonical";
+      const childNativeSessionId = "codex-child-thread-no-canonical";
+      await mkdir(join(cwd, ".omx", "hooks"), { recursive: true });
+      await writeFile(
+        join(cwd, ".omx", "hooks", "record-lifecycle.mjs"),
+        [
+          "import { appendFileSync } from 'node:fs';",
+          "export async function onHookEvent(event) {",
+          "  appendFileSync('hook-events.jsonl', `${JSON.stringify({ event: event.event })}\\n`);",
+          "}",
+        ].join("\n"),
+      );
+      const transcriptPath = join(cwd, "no-canonical-subagent-rollout.jsonl");
+      await writeFile(
+        transcriptPath,
+        `${JSON.stringify({
+          type: "session_meta",
+          payload: {
+            id: childNativeSessionId,
+            source: {
+              subagent: {
+                thread_spawn: {
+                  parent_thread_id: leaderNativeSessionId,
+                  agent_role: "explorer",
+                },
+              },
+            },
+          },
+        })}\n`,
+      );
+      await dispatchCodexNativeHook(
+        {
+          hook_event_name: "SessionStart",
+          cwd,
+          session_id: childNativeSessionId,
+          transcript_path: transcriptPath,
+        },
+        { cwd, sessionOwnerPid: process.pid },
+      );
+      assert.equal(
+        existsSync(join(cwd, "hook-events.jsonl")),
+        false,
+        "child SessionStart must be suppressed even before the canonical leader session is reconciled",
+      );
+      assert.equal(
+        existsSync(join(stateDir, "session.json")),
+        false,
+        "child SessionStart must not be promoted into a root/leader session",
+      );
+      const tracking = JSON.parse(
+        await readFile(join(stateDir, "subagent-tracking.json"), "utf-8"),
+      ) as {
+        sessions?: Record<string, {
+          leader_thread_id?: string;
+          threads?: Record<string, { kind?: string; mode?: string }>;
+        }>;
+      };
+      assert.equal(tracking.sessions?.[leaderNativeSessionId]?.leader_thread_id, leaderNativeSessionId);
+      assert.equal(tracking.sessions?.[leaderNativeSessionId]?.threads?.[childNativeSessionId]?.kind, "subagent");
+      await dispatchCodexNativeHook(
+        {
+          hook_event_name: "Stop",
+          cwd,
+          session_id: childNativeSessionId,
+          thread_id: childNativeSessionId,
+          turn_id: "no-canonical-child-stop-turn",
+        },
+        { cwd },
+      );
+      assert.equal(
+        existsSync(join(cwd, "hook-events.jsonl")),
+        false,
+        "child Stop must be suppressed when the start was recognized as subagent-scoped",
+      );
+    } finally {
+      if (originalCodexHome === undefined) {
+        delete process.env.CODEX_HOME;
+      } else {
+        process.env.CODEX_HOME = originalCodexHome;
+      }
+      await rm(cwd, { recursive: true, force: true });
+    }
+  });
+  it("preserves root/leader SessionStart dispatch at session verbosity (#2831)", async () => {
+    const cwd = await mkdtemp(join(tmpdir(), "omx-native-hook-root-session-start-preserved-"));
+    const originalCodexHome = process.env.CODEX_HOME;
+    try {
+      process.env.CODEX_HOME = join(cwd, "codex-home");
+      await writeJson(join(process.env.CODEX_HOME, ".omx-config.json"), {
+        notifications: {
+          enabled: true,
+          verbosity: "session",
+          telegram: { enabled: true, botToken: "123:abc", chatId: "456" },
+        },
+      });
+      await mkdir(join(cwd, ".omx", "hooks"), { recursive: true });
+      await writeFile(
+        join(cwd, ".omx", "hooks", "record-lifecycle.mjs"),
+        [
+          "import { appendFileSync } from 'node:fs';",
+          "export async function onHookEvent(event) {",
+          "  appendFileSync('hook-events.jsonl', `${JSON.stringify({ event: event.event })}\\n`);",
+          "}",
+        ].join("\n"),
+      );
+      await dispatchCodexNativeHook(
+        {
+          hook_event_name: "SessionStart",
+          cwd,
+          session_id: "codex-root-thread-preserved",
+        },
+        { cwd, sessionOwnerPid: process.pid },
+      );
+      const hookEvents = await readFile(join(cwd, "hook-events.jsonl"), "utf-8");
+      assert.match(
+        hookEvents,
+        /"event":"session-start"/,
+        "root/leader SessionStart must still dispatch at session verbosity",
+      );
+    } finally {
+      if (originalCodexHome === undefined) {
+        delete process.env.CODEX_HOME;
+      } else {
+        process.env.CODEX_HOME = originalCodexHome;
+      }
+      await rm(cwd, { recursive: true, force: true });
+    }
+  });
   it("keeps a self-parented native role thread as subagent evidence", async () => {
     const cwd = await mkdtemp(join(tmpdir(), "omx-native-hook-self-parented-subagent-"));
     try {
@@ -5903,6 +6053,414 @@ exit 0
     }
   });
+  it("allows read-only diagnostics mentioning apply_patch while deep-interview blocks real apply_patch invocations", async () => {
+    const cwd = await mkdtemp(join(tmpdir(), "omx-native-hook-pretool-deep-interview-grep-apply-patch-"));
+    try {
+      const stateDir = join(cwd, ".omx", "state");
+      const sessionDir = join(stateDir, "sessions", "sess-di-grep");
+      await mkdir(sessionDir, { recursive: true });
+      await writeJson(join(stateDir, "session.json"), { session_id: "sess-di-grep", cwd });
+      await writeJson(join(sessionDir, "skill-active-state.json"), {
+        version: 1,
+        active: true,
+        skill: "deep-interview",
+        phase: "planning",
+        session_id: "sess-di-grep",
+        active_skills: [{ skill: "deep-interview", phase: "planning", active: true, session_id: "sess-di-grep" }],
+      });
+      await writeJson(join(sessionDir, "deep-interview-state.json"), {
+        active: true,
+        mode: "deep-interview",
+        current_phase: "intent-first",
+        session_id: "sess-di-grep",
+      });
+      const allowedGrep = await dispatchCodexNativeHook(
+        {
+          hook_event_name: "PreToolUse",
+          cwd,
+          session_id: "sess-di-grep",
+          tool_name: "Bash",
+          tool_use_id: "tool-di-grep",
+          tool_input: { command: 'grep -n "apply_patch" dist/scripts/codex-native-hook.js' },
+        },
+        { cwd },
+      );
+      assert.equal(allowedGrep.outputJson, null);
+      const allowedSubshellGrep = await dispatchCodexNativeHook(
+        {
+          hook_event_name: "PreToolUse",
+          cwd,
+          session_id: "sess-di-grep",
+          tool_name: "Bash",
+          tool_use_id: "tool-di-grep-subshell",
+          tool_input: { command: '(grep -n "apply_patch" dist/scripts/codex-native-hook.js)' },
+        },
+        { cwd },
+      );
+      assert.equal(allowedSubshellGrep.outputJson, null);
+      // Double-quoted spans that merely mention the literal token, expand a
+      // parameter, or run a substitution that is not `apply_patch` stay allowed
+      // — the quoted-substitution fix must not over-block read-only diagnostics.
+      const allowedQuotedMention = await dispatchCodexNativeHook(
+        {
+          hook_event_name: "PreToolUse",
+          cwd,
+          session_id: "sess-di-grep",
+          tool_name: "Bash",
+          tool_use_id: "tool-di-grep-quoted-mention",
+          tool_input: { command: 'echo "${apply_patch} $(echo apply_patch)"' },
+        },
+        { cwd },
+      );
+      assert.equal(allowedQuotedMention.outputJson, null);
+      const blockedApplyPatch = await dispatchCodexNativeHook(
+        {
+          hook_event_name: "PreToolUse",
+          cwd,
+          session_id: "sess-di-grep",
+          tool_name: "Bash",
+          tool_use_id: "tool-di-apply-patch-invoke",
+          tool_input: { command: "apply_patch <<'EOF'\n*** Begin Patch\n*** Add File: src/leak.ts\n+export const x = 1;\n*** End Patch\nEOF" },
+        },
+        { cwd },
+      );
+      assert.equal((blockedApplyPatch.outputJson as { decision?: string } | null)?.decision, "block");
+      const blockedEnvAssignmentApplyPatch = await dispatchCodexNativeHook(
+        {
+          hook_event_name: "PreToolUse",
+          cwd,
+          session_id: "sess-di-grep",
+          tool_name: "Bash",
+          tool_use_id: "tool-di-apply-patch-env-assignment",
+          tool_input: { command: "FOO=bar apply_patch <<'EOF'\n*** Begin Patch\n*** Add File: src/leak.ts\n+export const x = 1;\n*** End Patch\nEOF" },
+        },
+        { cwd },
+      );
+      assert.equal((blockedEnvAssignmentApplyPatch.outputJson as { decision?: string } | null)?.decision, "block");
+      const blockedEnvWrapperApplyPatch = await dispatchCodexNativeHook(
+        {
+          hook_event_name: "PreToolUse",
+          cwd,
+          session_id: "sess-di-grep",
+          tool_name: "Bash",
+          tool_use_id: "tool-di-apply-patch-env-wrapper",
+          tool_input: { command: "env FOO=bar apply_patch <<'EOF'\n*** Begin Patch\n*** Add File: src/leak.ts\n+export const x = 1;\n*** End Patch\nEOF" },
+        },
+        { cwd },
+      );
+      assert.equal((blockedEnvWrapperApplyPatch.outputJson as { decision?: string } | null)?.decision, "block");
+      const heredocBody = "\n*** Begin Patch\n*** Add File: src/leak.ts\n+export const x = 1;\n*** End Patch\nEOF";
+      const blockedRealApplyPatchForms: Array<{ id: string; command: string }> = [
+        { id: "tool-di-apply-patch-env-i", command: `env -i apply_patch <<'EOF'${heredocBody}` },
+        { id: "tool-di-apply-patch-env-unset", command: `env -u FOO apply_patch <<'EOF'${heredocBody}` },
+        { id: "tool-di-apply-patch-env-i-assignment", command: `env -i FOO=bar apply_patch <<'EOF'${heredocBody}` },
+        { id: "tool-di-apply-patch-assignment-env", command: `FOO=bar env apply_patch <<'EOF'${heredocBody}` },
+        { id: "tool-di-apply-patch-exec-env-assignment", command: `exec env FOO=bar apply_patch <<'EOF'${heredocBody}` },
+        { id: "tool-di-apply-patch-absolute-path", command: `/usr/bin/apply_patch <<'EOF'${heredocBody}` },
+        { id: "tool-di-apply-patch-relative-path", command: `./apply_patch <<'EOF'${heredocBody}` },
+        { id: "tool-di-apply-patch-subshell", command: `(apply_patch <<'EOF'${heredocBody}\n)` },
+        { id: "tool-di-apply-patch-subshell-spaced", command: `( apply_patch <<'EOF'${heredocBody}\n)` },
+        { id: "tool-di-apply-patch-double-subshell", command: `((apply_patch <<'EOF'${heredocBody}\n))` },
+        { id: "tool-di-apply-patch-pipe-subshell", command: `true | (apply_patch <<'EOF'${heredocBody}\n)` },
+        { id: "tool-di-apply-patch-subshell-env", command: `(env apply_patch <<'EOF'${heredocBody}\n)` },
+        { id: "tool-di-apply-patch-command-substitution", command: `x=$(apply_patch <<'EOF'${heredocBody}\n)` },
+        { id: "tool-di-apply-patch-brace-group", command: `{ apply_patch <<'EOF'${heredocBody}\n}` },
+        // Command substitution runs even inside double quotes, so quoting the
+        // already-blocked `$(…)` / `` `…` `` form must not bypass the guard.
+        { id: "tool-di-apply-patch-quoted-command-substitution", command: `echo "$(apply_patch <<'EOF'${heredocBody}\n)"` },
+        { id: "tool-di-apply-patch-quoted-backtick", command: `echo "\`apply_patch <<'EOF'${heredocBody}\`"` },
+        { id: "tool-di-apply-patch-quoted-command-substitution-prefixed", command: `echo "patched: $(apply_patch <<'EOF'${heredocBody}\n) done"` },
+      ];
+      for (const form of blockedRealApplyPatchForms) {
+        const blockedForm = await dispatchCodexNativeHook(
+          {
+            hook_event_name: "PreToolUse",
+            cwd,
+            session_id: "sess-di-grep",
+            tool_name: "Bash",
+            tool_use_id: form.id,
+            tool_input: { command: form.command },
+          },
+          { cwd },
+        );
+        assert.equal(
+          (blockedForm.outputJson as { decision?: string } | null)?.decision,
+          "block",
+          `expected deep-interview to block real apply_patch form: ${form.command}`,
+        );
+      }
+    } finally {
+      await rm(cwd, { recursive: true, force: true });
+    }
+  });
+  it("allows deep-interview same-command literal variable redirects to artifacts while blocking variable redirects outside them", async () => {
+    const cwd = await mkdtemp(join(tmpdir(), "omx-native-hook-pretool-deep-interview-var-redirect-"));
+    try {
+      const stateDir = join(cwd, ".omx", "state");
+      const sessionDir = join(stateDir, "sessions", "sess-di-var-redirect");
+      await mkdir(sessionDir, { recursive: true });
+      await writeJson(join(stateDir, "session.json"), { session_id: "sess-di-var-redirect", cwd });
+      await writeJson(join(sessionDir, "skill-active-state.json"), {
+        version: 1,
+        active: true,
+        skill: "deep-interview",
+        phase: "planning",
+        session_id: "sess-di-var-redirect",
+        active_skills: [{ skill: "deep-interview", phase: "planning", active: true, session_id: "sess-di-var-redirect" }],
+      });
+      await writeJson(join(sessionDir, "deep-interview-state.json"), {
+        active: true,
+        mode: "deep-interview",
+        current_phase: "intent-first",
+        session_id: "sess-di-var-redirect",
+      });
+      const allowedVarRedirect = await dispatchCodexNativeHook(
+        {
+          hook_event_name: "PreToolUse",
+          cwd,
+          session_id: "sess-di-var-redirect",
+          tool_name: "Bash",
+          tool_use_id: "tool-di-var-redirect-allow",
+          tool_input: { command: 'SNAP=".omx/context/example.md"\ncat > "$SNAP" <<\'EOF\'\ncontent\nEOF' },
+        },
+        { cwd },
+      );
+      assert.equal(allowedVarRedirect.outputJson, null);
+      const blockedVarRedirect = await dispatchCodexNativeHook(
+        {
+          hook_event_name: "PreToolUse",
+          cwd,
+          session_id: "sess-di-var-redirect",
+          tool_name: "Bash",
+          tool_use_id: "tool-di-var-redirect-block",
+          tool_input: { command: 'SNAP="src/leak.ts"\ncat > "$SNAP" <<\'EOF\'\ncontent\nEOF' },
+        },
+        { cwd },
+      );
+      assert.equal((blockedVarRedirect.outputJson as { decision?: string } | null)?.decision, "block");
+      const blockedUnresolvedVarRedirect = await dispatchCodexNativeHook(
+        {
+          hook_event_name: "PreToolUse",
+          cwd,
+          session_id: "sess-di-var-redirect",
+          tool_name: "Bash",
+          tool_use_id: "tool-di-var-redirect-unresolved",
+          tool_input: { command: 'cat > "$SNAP" <<\'EOF\'\ncontent\nEOF' },
+        },
+        { cwd },
+      );
+      assert.equal((blockedUnresolvedVarRedirect.outputJson as { decision?: string } | null)?.decision, "block");
+    } finally {
+      await rm(cwd, { recursive: true, force: true });
+    }
+  });
+  it("allows deep-interview apply_patch artifact writes from freeform patch text while blocking outside paths", async () => {
+    const cwd = await mkdtemp(join(tmpdir(), "omx-native-hook-pretool-deep-interview-apply-patch-"));
+    try {
+      const stateDir = join(cwd, ".omx", "state");
+      const sessionDir = join(stateDir, "sessions", "sess-di-apply-patch");
+      await mkdir(sessionDir, { recursive: true });
+      await writeJson(join(stateDir, "session.json"), { session_id: "sess-di-apply-patch", cwd });
+      await writeJson(join(sessionDir, "skill-active-state.json"), {
+        version: 1,
+        active: true,
+        skill: "deep-interview",
+        phase: "planning",
+        session_id: "sess-di-apply-patch",
+        active_skills: [{ skill: "deep-interview", phase: "planning", active: true, session_id: "sess-di-apply-patch" }],
+      });
+      await writeJson(join(sessionDir, "deep-interview-state.json"), {
+        active: true,
+        mode: "deep-interview",
+        current_phase: "intent-first",
+        session_id: "sess-di-apply-patch",
+      });
+      const allowedAddFile = await dispatchCodexNativeHook(
+        {
+          hook_event_name: "PreToolUse",
+          cwd,
+          session_id: "sess-di-apply-patch",
+          tool_name: "apply_patch",
+          tool_use_id: "tool-di-apply-patch-add",
+          tool_input: {
+            input: "*** Begin Patch\n*** Add File: .omx/context/findings.md\n+# Findings\n*** End Patch\n",
+          },
+        },
+        { cwd },
+      );
+      assert.equal(allowedAddFile.outputJson, null);
+      const allowedUpdateFile = await dispatchCodexNativeHook(
+        {
+          hook_event_name: "PreToolUse",
+          cwd,
+          session_id: "sess-di-apply-patch",
+          tool_name: "ApplyPatch",
+          tool_use_id: "tool-di-apply-patch-update",
+          tool_input: {
+            input: "*** Begin Patch\n*** Update File: .omx/specs/deep-interview-demo.md\n@@\n-old\n+new\n*** End Patch\n",
+          },
+        },
+        { cwd },
+      );
+      assert.equal(allowedUpdateFile.outputJson, null);
+      const allowedStateWrite = await dispatchCodexNativeHook(
+        {
+          hook_event_name: "PreToolUse",
+          cwd,
+          session_id: "sess-di-apply-patch",
+          tool_name: "apply_patch",
+          tool_use_id: "tool-di-apply-patch-state",
+          tool_input: {
+            input: "*** Begin Patch\n*** Add File: .omx/state/deep-interview-notes.json\n+{}\n*** End Patch\n",
+          },
+        },
+        { cwd },
+      );
+      assert.equal(allowedStateWrite.outputJson, null);
+      const blockedOutsidePath = await dispatchCodexNativeHook(
+        {
+          hook_event_name: "PreToolUse",
+          cwd,
+          session_id: "sess-di-apply-patch",
+          tool_name: "apply_patch",
+          tool_use_id: "tool-di-apply-patch-outside",
+          tool_input: {
+            input: "*** Begin Patch\n*** Add File: src/implementation.ts\n+export const x = 1;\n*** End Patch\n",
+          },
+        },
+        { cwd },
+      );
+      assert.equal((blockedOutsidePath.outputJson as { decision?: string } | null)?.decision, "block");
+      assert.match(String((blockedOutsidePath.outputJson as { reason?: string } | null)?.reason ?? ""), /Deep-interview is active/);
+      const blockedMixedPaths = await dispatchCodexNativeHook(
+        {
+          hook_event_name: "PreToolUse",
+          cwd,
+          session_id: "sess-di-apply-patch",
+          tool_name: "apply_patch",
+          tool_use_id: "tool-di-apply-patch-mixed",
+          tool_input: {
+            input: "*** Begin Patch\n*** Add File: .omx/context/ok.md\n+ok\n*** Add File: src/leak.ts\n+leak\n*** End Patch\n",
+          },
+        },
+        { cwd },
+      );
+      assert.equal((blockedMixedPaths.outputJson as { decision?: string } | null)?.decision, "block");
+      const blockedUnparseablePatch = await dispatchCodexNativeHook(
+        {
+          hook_event_name: "PreToolUse",
+          cwd,
+          session_id: "sess-di-apply-patch",
+          tool_name: "apply_patch",
+          tool_use_id: "tool-di-apply-patch-empty",
+          tool_input: { input: "not a recognizable patch" },
+        },
+        { cwd },
+      );
+      assert.equal((blockedUnparseablePatch.outputJson as { decision?: string } | null)?.decision, "block");
+    } finally {
+      await rm(cwd, { recursive: true, force: true });
+    }
+  });
+  it("allows Autopilot ralplan planning artifacts while blocking implementation writes", async () => {
+    const cwd = await mkdtemp(join(tmpdir(), "omx-native-hook-pretool-autopilot-ralplan-artifact-"));
+    try {
+      const stateDir = join(cwd, ".omx", "state");
+      const sessionDir = join(stateDir, "sessions", "sess-autopilot-ralplan-artifact");
+      await mkdir(sessionDir, { recursive: true });
+      await writeJson(join(stateDir, "session.json"), { session_id: "sess-autopilot-ralplan-artifact", cwd });
+      await writeJson(join(sessionDir, "skill-active-state.json"), {
+        version: 1,
+        active: true,
+        skill: "autopilot",
+        phase: "ralplan",
+        session_id: "sess-autopilot-ralplan-artifact",
+        thread_id: "thread-autopilot-ralplan-artifact",
+        active_skills: [
+          {
+            skill: "autopilot",
+            phase: "ralplan",
+            active: true,
+            session_id: "sess-autopilot-ralplan-artifact",
+            thread_id: "thread-autopilot-ralplan-artifact",
+          },
+        ],
+      });
+      await writeJson(join(sessionDir, "autopilot-state.json"), {
+        active: true,
+        mode: "autopilot",
+        current_phase: "ralplan",
+        session_id: "sess-autopilot-ralplan-artifact",
+        thread_id: "thread-autopilot-ralplan-artifact",
+      });
+      const allowedPlanWrite = await dispatchCodexNativeHook(
+        {
+          hook_event_name: "PreToolUse",
+          cwd,
+          session_id: "sess-autopilot-ralplan-artifact",
+          thread_id: "thread-autopilot-ralplan-artifact",
+          tool_name: "Write",
+          tool_use_id: "tool-autopilot-ralplan-plan-write",
+          tool_input: { file_path: ".omx/plans/prd-omx-y7a.md", content: "# Plan" },
+        },
+        { cwd },
+      );
+      assert.equal(allowedPlanWrite.outputJson, null);
+      const allowedSpecEdit = await dispatchCodexNativeHook(
+        {
+          hook_event_name: "PreToolUse",
+          cwd,
+          session_id: "sess-autopilot-ralplan-artifact",
+          thread_id: "thread-autopilot-ralplan-artifact",
+          tool_name: "Edit",
+          tool_use_id: "tool-autopilot-ralplan-spec-edit",
+          tool_input: { file_path: ".omx/specs/omx-y7a.md", old_string: "old", new_string: "new" },
+        },
+        { cwd },
+      );
+      assert.equal(allowedSpecEdit.outputJson, null);
+      const blockedImplementationEdit = await dispatchCodexNativeHook(
+        {
+          hook_event_name: "PreToolUse",
+          cwd,
+          session_id: "sess-autopilot-ralplan-artifact",
+          thread_id: "thread-autopilot-ralplan-artifact",
+          tool_name: "Edit",
+          tool_use_id: "tool-autopilot-ralplan-src-edit",
+          tool_input: { file_path: "src/implementation.ts", old_string: "a", new_string: "b" },
+        },
+        { cwd },
+      );
+      assert.equal((blockedImplementationEdit.outputJson as { decision?: string } | null)?.decision, "block");
+      assert.match(String((blockedImplementationEdit.outputJson as { reason?: string } | null)?.reason ?? ""), /src\/implementation\.ts/);
+      assert.match(String((blockedImplementationEdit.outputJson as { reason?: string } | null)?.reason ?? ""), /not under allowed planning artifact paths/);
+    } finally {
+      await rm(cwd, { recursive: true, force: true });
+    }
+  });
   it("allows null-device fd redirects while deep-interview blocks real Bash writes", async () => {
     const cwd = await mkdtemp(join(tmpdir(), "omx-native-hook-pretool-deep-interview-null-redirect-"));
     try {
@@ -14121,6 +14679,63 @@ exit 0
     }
   });
+  it("blocks implementation writes while Autopilot is supervising deep-interview without a persisted phase transition", async () => {
+    const cwd = await mkdtemp(join(tmpdir(), "omx-native-hook-autopilot-deep-interview-pretool-block-"));
+    try {
+      const stateDir = join(cwd, ".omx", "state");
+      const sessionId = "sess-autopilot-deep-interview-pretool-block";
+      await mkdir(join(stateDir, "sessions", sessionId), { recursive: true });
+      await writeJson(join(stateDir, "session.json"), { session_id: sessionId });
+      await writeJson(join(stateDir, "sessions", sessionId, "skill-active-state.json"), {
+        active: true,
+        skill: "autopilot",
+        phase: "deep-interview",
+        session_id: sessionId,
+        active_skills: [{ skill: "autopilot", phase: "deep-interview", active: true, session_id: sessionId }],
+      });
+      await writeJson(join(stateDir, "sessions", sessionId, "autopilot-state.json"), {
+        active: true,
+        mode: "autopilot",
+        current_phase: "deep-interview",
+        session_id: sessionId,
+        handoff_artifacts: {
+          deep_interview: null,
+          ralplan: null,
+          ultragoal: null,
+          code_review: null,
+          ultraqa: null,
+        },
+        ralplan_consensus_gate: {
+          ralplan_architect_review: null,
+          ralplan_critic_review: null,
+          complete: false,
+        },
+      });
+      const result = await dispatchCodexNativeHook(
+        {
+          hook_event_name: "PreToolUse",
+          cwd,
+          session_id: sessionId,
+          thread_id: "thread-autopilot-deep-interview-pretool-block",
+          tool_name: "Edit",
+          tool_input: { file_path: "src/runtime.ts", old_string: "a", new_string: "b" },
+        },
+        { cwd },
+      );
+      assert.equal(result.omxEventName, "pre-tool-use");
+      assert.equal(result.outputJson?.decision, "block");
+      assert.match(String(result.outputJson?.reason ?? ""), /Deep-interview is active .*implementation\/write tools are blocked/i);
+      assert.match(
+        String((result.outputJson?.hookSpecificOutput as { additionalContext?: string } | undefined)?.additionalContext ?? ""),
+        /To implement, first ask for or process an explicit transition/i,
+      );
+    } finally {
+      await rm(cwd, { recursive: true, force: true });
+    }
+  });
   it("blocks implementation writes while Autopilot is supervising ralplan without handoff", async () => {
     const cwd = await mkdtemp(join(tmpdir(), "omx-native-hook-autopilot-ralplan-pretool-block-"));
     try {