fix: eliminate security hook trigger patterns in /codex and /autoplan (#1329)#1506
Open
NikhileshNanduri wants to merge 2 commits into
Open
fix: eliminate security hook trigger patterns in /codex and /autoplan (#1329)#1506NikhileshNanduri wants to merge 2 commits into
NikhileshNanduri wants to merge 2 commits into
Conversation
…toplan (issue garrytan#1329) Extracts the logic from gstack-codex-probe bash functions and the inline Python JSONL streaming parser into individually-executable binaries so skill templates can call them directly without triggering Claude Code PreToolUse security hooks. New binaries (all in bin/): - gstack-codex-auth-probe: multi-signal auth check (exit 0=ok, 1=failed) - gstack-codex-version-check: warns on known-bad Codex CLI versions - gstack-codex-log-event: telemetry emitter (reads config internally, no _TEL env) - gstack-codex-log-hang: operational learning writer on codex timeout - gstack-codex-timeout-wrapper: gtimeout/timeout/unwrapped fallback chain - gstack-codex-jsonl-parser: Python script parsing codex --json streaming output with --mode challenge (completeness check) and --mode consult (SESSION_ID extract) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…an (issue garrytan#1329) Pattern 1 — source with tilde path: Replace `source ~/.claude/skills/gstack/bin/gstack-codex-probe` + function calls with direct `~/.claude/skills/gstack/bin/gstack-codex-*` binary invocations in both codex/SKILL.md.tmpl and autoplan/SKILL.md.tmpl. Pattern 3 — bare cd "$_REPO_ROOT": Replace bare `cd "$_REPO_ROOT"` lines with `-C "$_REPO_ROOT"` flag on codex commands (review bare path, exec custom path) and drop the cd entirely for exec resume (session context preserves directory; -C is not a supported flag for resume). Pattern 4 — inline python3 -u -c with #-comments: Replace all three inline JSONL parser blocks (Challenge, Consult new-session, Consult resume) with pipe to `~/.claude/skills/gstack/bin/gstack-codex-jsonl-parser`. Also regenerates .kiro/.cursor/.openclaw etc host-specific SKILL.md files via `bun run scripts/gen-skill-docs.ts --host all`. Tests: 38 new tests in codex-hardening.test.ts guarding all three patterns and verifying standalone binary behaviour. Updated skill-validation.test.ts to check for the jsonl-parser binary instead of the old $PYTHON_CMD inline pattern. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes the remaining 3 of 4 security hook trigger patterns from issue #1329. PR #1496 already shipped Pattern 2 (
evalwith tilde path viagstack-paths --get). This PR handles Patterns 1, 3, and 4.Pattern 1 —
sourcewith tilde path (both templates):source ~/.claude/skills/gstack/bin/gstack-codex-probe→ triggers PreToolUse hook on tilde-path source~/.claude/skills/gstack/bin/gstack-codex-*standalone binariesPattern 3 — bare
cd "$_REPO_ROOT"(codex template only):cd "$_REPO_ROOT"line before codex commands triggerscd + commandhook-C "$_REPO_ROOT"flag on codex commands;git -C "$_REPO_ROOT" difffor git commands;codex exec resumedrops thecdentirely (session context preserves directory;-Cis not a supported flag for resume)Pattern 4 — inline python3 with
#-comments (codex template only):python3 -u -c "..."blocks with Python-style comments trigger multi-line comment hook~/.claude/skills/gstack/bin/gstack-codex-jsonl-parser --mode challenge|consultNew files
bin/gstack-codex-auth-probebin/gstack-codex-version-checkbin/gstack-codex-log-eventbin/gstack-codex-log-hangbin/gstack-codex-timeout-wrapperbin/gstack-codex-jsonl-parser--jsonoutputTesting scenarios
Static validation (free,
bun test)Pattern guard tests —
test/codex-hardening.test.tsadds 38 new tests:source ~/.*gstack-codex-probein codex/autoplan templates and generated SKILL.md filescd "$_REPO_ROOT"as a top-level line in any of the 4 files$PYTHON_CMD.*-u\s+-c\s+"pattern (inline python) in any of the 4 filesStandalone binary tests —
test/codex-hardening.test.ts:bash -n)python3 -c "ast.parse(...)")gstack-codex-auth-probe: AUTH_OK on CODEX_API_KEY, AUTH_FAILED with no auth, AUTH_OK on auth.jsongstack-codex-timeout-wrapper: executes directly without timeout binary, prefers gtimeoutgstack-codex-jsonl-parser: extracts agent_message, SESSION_ID in consult mode, no SESSION_ID in challenge mode, disconnect warning in challenge mode, tokens from turn.completed, [codex thinking] for reasoning, [codex ran] for command_execution, tolerates malformed JSONUpdated skill-validation test — Python discovery test updated to check for
gstack-codex-jsonl-parserbinary invocation instead of old$PYTHON_CMDinline patternFull free suite:
bun testpasses with only the 2 pre-existing AGENTS.md/docs/skills.md doc-inventory failures (confirmed on clean main)Verification command
🤖 Generated with Claude Code