oh-my-customcodex 0.3.9 → 0.3.10

package/dist/cli/index.js

@@ -3091,7 +3091,7 @@ var init_package = __esm(() => {
     workspaces: [
       "packages/*"
     ],
-    version: "0.3.9",
+    version: "0.3.10",
     description: "Batteries-included agent harness on top of GPT Codex + OMX",
     type: "module",
     bin: {

package/dist/index.js

@@ -2180,7 +2180,7 @@ var package_default = {
   workspaces: [
     "packages/*"
   ],
-  version: "0.3.9",
+  version: "0.3.10",
   description: "Batteries-included agent harness on top of GPT Codex + OMX",
   type: "module",
   bin: {

package/package.json

@@ -3,7 +3,7 @@
   "workspaces": [
     "packages/*"
   ],
-  "version": "0.3.9",
+  "version": "0.3.10",
   "description": "Batteries-included agent harness on top of GPT Codex + OMX",
   "type": "module",
   "bin": {

package/templates/.claude/hooks/hooks.json

@@ -83,14 +83,14 @@
         "description": "Schema-based tool input validation — Phase 1 advisory only"
       },
       {
-        "matcher": "tool == \"Bash\" && tool_input.command matches \"\\\\.claude/\"",
+        "matcher": "(tool == \"Bash\" && tool_input.command matches \"\\\\.claude/\") || ((tool == \"Write\" || tool == \"Edit\") && tool_input.file_path matches \"\\\\.claude/\")",
         "hooks": [
           {
             "type": "command",
             "command": "bash .codex/hooks/scripts/claude-sensitive-path-guard.sh"
           }
         ],
-        "description": "Block Bash writes into .claude/ sensitive paths before Claude Code permission prompts fire"
+        "description": "Block Bash/Write/Edit writes into .claude/ sensitive paths before Claude Code permission prompts fire"
       },
       {
         "matcher": "tool == \"Bash\"",

package/templates/.claude/hooks/scripts/claude-sensitive-path-guard.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-# Block Bash write operations targeting .claude/ sensitive paths.
+# Block tool write operations targeting .claude/ sensitive paths.
 # Claude Code can surface a sensitive-file permission prompt before allow rules
 # or bypassPermissions are evaluated, so fail fast before the command runs.
 
@@ -8,11 +8,15 @@ set -euo pipefail
 command -v jq >/dev/null 2>&1 || exit 0
 
 input=$(cat)
+tool=$(echo "$input" | jq -r '.tool // .tool_name // ""')
 cmd=$(echo "$input" | jq -r '.tool_input.command // ""')
+file_path=$(echo "$input" | jq -r '.tool_input.file_path // ""')
 
-if [ -z "$cmd" ]; then
-  echo "$input"
-  exit 0
+if [[ "$tool" =~ ^(Write|Edit)$ ]] && [[ "$file_path" =~ \.claude/ ]]; then
+  echo "[Hook] BLOCKED: $tool targeting .claude/ sensitive path" >&2
+  echo "[Hook] File: $file_path" >&2
+  echo "[Hook] Sensitive-path prompts can override allow rules. Use the repo's managed sync/update path or perform this change interactively." >&2
+  exit 2
 fi
 
 targets_claude=0
@@ -32,7 +36,7 @@ fi
 if [ "$targets_claude" -eq 1 ] && [ "$writes_claude" -eq 1 ]; then
   echo "[Hook] BLOCKED: Bash write targeting .claude/ sensitive path" >&2
   echo "[Hook] Command: $cmd" >&2
-  echo "[Hook] Use Write/Edit or the repo's managed sync/update path instead of Bash for .claude/ changes." >&2
+  echo "[Hook] Sensitive-path prompts can override allow rules. Use the repo's managed sync/update path or perform this change interactively." >&2
   exit 2
 fi
 

package/templates/.claude/rules/MUST-agent-design.md

@@ -235,6 +235,26 @@ Skills persist output to `.codex/outputs/sessions/{YYYY-MM-DD}/{skill-name}-{HHm
 **Rules**: Opt-in per skill, final subagent writes with a file-write API that creates missing parent directories (R010 compliance), do not pre-create session output directories with Bash, .codex/outputs/ is git-untracked, no indexing required.
 -->
 
+## Sensitive Path Handling
+
+Claude Code treats `.claude/` and `templates/.claude/` as sensitive directories across Bash, Write, and Edit operations. The sensitive-path check runs above `bypassPermissions` and explicit allow rules, so allow rules do not override the sensitive-path check.
+
+This Codex port uses `.codex/` as the active runtime surface, but packaged compatibility templates still live under `templates/.claude/`. Any automation that writes those templates must account for Claude Code permission prompts.
+
+| Path pattern | Sensitive in Claude Code? | Affected operations |
+|--------------|---------------------------|---------------------|
+| `.claude/**` | Yes | Bash writes, Write, Edit |
+| `templates/.claude/**` | Yes | Bash writes, Write, Edit |
+| `.codex/**` | No | Normal Codex runtime writes; still follow R010/R017 |
+| `.codex/outputs/**` and `.claude/outputs/**` | Treat as constrained artifact paths | Use file-write APIs that create parents; do not pre-create with Bash |
+
+Recommended practice:
+
+1. Prefer Write/Edit in an interactive session, or managed sync/update paths, over Bash copy/mkdir/tee writes for `.claude/` and `templates/.claude/`.
+2. Keep allow rules only as defensive documentation; do not rely on them to suppress sensitive-path prompts.
+3. Do not run unattended Claude Code release automation that writes `templates/.claude/**` unless the workflow can handle interactive approval.
+4. In this Codex port, update `.codex/...` source files and their `templates/.claude/...` mirrors deliberately instead of bulk-copying with shell commands.
+
 ## Separation of Concerns
 
 | Location | Purpose | Contains |

package/templates/manifest.json

@@ -1,6 +1,6 @@
 {
-  "version": "0.3.9",
-  "lastUpdated": "2026-04-24T08:45:48.000Z",
+  "version": "0.3.10",
+  "lastUpdated": "2026-04-24T09:10:47.000Z",
   "components": [
     {
       "name": "rules",