What changed
One-shot sessions that merely share a working directory with an active plan (a CI review bot run via codex exec, a read-only research agent, a nested orchestrator) were hijacked by the hooks: plan context injected, the actual output redirected into progress.md, and a fabricated completed phase appended to task_plan.md (#195, reported by @marcmuon).
v3.4.0 adds a documented per-invocation opt-out:
PLANNING_DISABLED=1 codex exec -o review.md '$code-review review this branch'With the variable set, every hook exits before reading the plan: no context injection, no follow-up messages, no plan-file writes. PreToolUse still emits its allow decision so tool calls proceed normally. The guard covers all Codex hook entry points, the Python adapter route, the canonical Claude Code dispatchers (inject-plan.sh, gate-stop.sh, check-complete.sh/.ps1), and ships in every distributed copy including the five language variants.
Also corrected docs/codex.md, which still described the pre-v3.1.0 blocking Stop hook. The decision: block half of #195 was already fixed in v3.1.0; the reporter was on a v2.41.0 bundle shipped by oh-my-codex.
Verification
- Python suite: 200 passed, 5 skipped, 0 failed (12 new opt-out tests)
- Functional smoke test on a live temp plan: with the variable set, no hook output, tool calls still allowed, plan files byte-for-byte unchanged
- scripts/sync-ide-folders.py --verify: all IDE folders in sync