Merged
Conversation
added 2 commits
April 28, 2026 11:10
The managed PreToolUse hooks already block direct Write/Edit tools on protected branches, but Bash allowlisting could classify command names like cat or printf as read-only before accounting for shell output redirection. The guard now detects file-writing redirection first and keeps stderr-only diagnostics allowed. Constraint: Protected main/dev edits must pivot into agent worktrees before file mutation Rejected: Remove cat/echo/printf from the allowlist | harmless read-only diagnostics still need those commands Confidence: high Scope-risk: narrow Directive: Check redirection before treating a Bash segment as read-only by command name Tested: python3 -m py_compile .codex/hooks/skill_guard.py .claude/hooks/skill_guard.py Tested: node --test --test-name-pattern "repo hook settings reference real local hook directories|repo skill guard blocks shell output redirect bypasses" test/setup.test.js Tested: openspec validate agent-codex-block-shell-output-redirect-hook-bypass-2026-04-28-11-01 --type change --strict Tested: openspec validate --specs Not-tested: Full test/setup.test.js currently fails unrelated OpenSpec branch-start reuse assertion
The hook guard fix is implemented and locally verified, but remote finish requires network approval. The cleanup checklist now records the exact blocked finish command and retry condition so the lane can resume without re-discovering state. Constraint: Approval reviewer rejected network finish because usage limit is reached until 3:40 PM Confidence: high Scope-risk: narrow Tested: git status shows only the blocker note before commit Not-tested: Remote PR/merge/cleanup, blocked by approval quota
NagyVikt
deleted the
agent/codex/block-shell-output-redirect-hook-bypass-2026-04-28-11-01
branch
NagyVikt
added a commit
that referenced
this pull request
Apr 28, 2026
The original hook-redirect branch merged successfully after the approval window reset, but its OpenSpec cleanup checklist still carried the prior usage-limit blocker. This records the PR, merge commit, and branch/worktree cleanup evidence so future resume paths do not reopen a completed lane. Constraint: Original branch was already merged as PR #446 before cleanup evidence could be amended in-place Rejected: Leave the blocker note in place | it would make a merged and cleaned lane look unfinished Confidence: high Scope-risk: narrow Tested: openspec validate agent-codex-block-shell-output-redirect-hook-bypass-2026-04-28-11-01 --type change --strict Tested: openspec validate --specs Not-tested: Runtime hook behavior; bookkeeping-only change Co-authored-by: NagyVikt <nagy.viktordp@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Automated by gx branch finish (PR flow).