fix: enforce trusted-before-project ordering for hooks

[viyatb-oai]

Summary

• execute trust-sensitive hook events in tiers so non-project hooks run before project hooks for PreToolUse, SessionStart, and UserPromptSubmit
• preserve parallel execution within each trust tier, but skip lower-precedence project hooks once a higher-precedence hook blocks or stops processing
• keep trusted-project lookup stable on Windows by matching both raw and canonicalized absolute path keys when resolving project trust and active project config

Security

• closes the PreToolUse race where a project hook could observe or exfiltrate a tool invocation before a higher-precedence user or managed hook denied it
• closes the analogous prompt/session leak where project UserPromptSubmit or SessionStart hooks could observe prompt or startup data before a higher-precedence hook stopped processing
• makes the trust-gating regressions portable on Windows, where temp-path aliases and canonicalized paths can differ for the same trusted project

Stack

• Stacked on fix: trust-gate project hooks and exec policies #14718
• fix: trust-gate project hooks and exec policies #14718 closes the untrusted project-layer loading gap when .codex/hooks.json exists without .codex/config.toml
• this PR builds on that parent by enforcing trust precedence at hook execution time and by keeping the new trust-path behavior consistent across platforms

Test

• cargo test -p codex-hooks
• targeted codex-core regressions covering project hooks without config.toml
• cargo clippy -p codex-core -p codex-hooks --tests -- -D warnings
• cargo clippy -p codex-core --tests -- -D warnings

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 9401e5ff84

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Resolve canonical trust-key collisions deterministically

project_trust_context canonicalizes each project key and then collects into a HashMap. If config contains two different keys that resolve to the same canonical path (e.g. symlink path vs real path) with conflicting trust_level, the later insert wins. Because HashMap iteration order is not stable, trust can flip between trusted/untrusted across runs, enabling or disabling project hooks/config unpredictably.

Useful? React with 👍 / 👎.