feat(hooks): add Codex deny-retry hook

[BjornMelin]

Summary

Adds official Codex CLI hook support for RTK.

• adds rtk hook codex for Codex PreToolUse JSON
• updates rtk init --codex to write hooks.json and enable [features].codex_hooks = true
• keeps AGENTS.md + RTK.md awareness guidance
• adds uninstall/show support for Codex hooks/config state
• documents why Codex uses deny-with-suggestion instead of transparent updatedInput

Closes #1003.

Codex hook behavior

Codex currently parses updatedInput in PreToolUse hook output but does not apply it in practice. This PR uses the working path instead:

git status --short
=> denied with: Rerun that as: rtk git status --short
=> Codex retries: rtk git status --short

The installed hooks.json command is portable:

{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Bash",
        "hooks": [
          {
            "type": "command",
            "command": "rtk hook codex",
            "statusMessage": "Checking RTK rewrite"
          }
        ]
      }
    ]
  }
}

Validation

• cargo fmt --all
• cargo test codex -- --nocapture
• cargo test --all
• cargo clippy --all-targets
• temp-home smoke test: HOME=$(mktemp -d) ./target/debug/rtk init -g --codex
• direct hook smoke: raw git status returns Codex deny payload with Rerun that as: rtk git status
• direct hook smoke: already-RTK command emits no output
• live Codex smoke: nested Codex blocked git status --short, surfaced Rerun that as: rtk git status --short, then reran the RTK command

Notes

cargo clippy --all-targets -- -D warnings is not the current CI command and fails on existing baseline warnings unrelated to this change. The repository CI command, cargo clippy --all-targets, passes.

[pszymkowiak]

[w] wshm · Automated triage by AI

📊 Automated PR Analysis

✨ Type	feature
🟡 Risk	medium

Summary

Adds programmatic Codex CLI hook support using a deny-with-suggestion pattern, since Codex's PreToolUse hooks cannot apply updatedInput in-place. Includes rtk hook codex command, rtk init --codex updates to write hooks.json and config.toml, uninstall/show support, and extensive documentation updates across README, TECHNICAL.md, and hook-specific docs.

Review Checklist

• Tests present
• Breaking change
• Docs updated

Linked issues: #1003

---

Analyzed automatically by wshm · This is an automated analysis, not a human review.

[CLAassistant]

All committers have signed the CLA.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.

✅ BjornMelin
❌ github-actions[bot]
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[Copilot]

Pull request overview

Adds first-class OpenAI Codex CLI integration to RTK’s hooks layer, aligning Codex with existing agent hook support while documenting why Codex currently requires a deny-with-suggestion workflow instead of in-place rewrites.

Changes:

• Add rtk hook codex handler and wire it into the CLI subcommands.
• Extend rtk init --codex to install/manage Codex hooks.json + enable features.codex_hooks = true in Codex config.toml, plus show/uninstall enhancements.
• Update hook documentation across repo to reflect Codex’s deny-with-suggestion behavior.

Reviewed changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
src/main.rs	Adds the hook codex subcommand and routes execution to the Codex hook handler.
src/hooks/init.rs	Implements Codex hooks.json + config.toml install/state display/uninstall logic; adds related tests.
src/hooks/hook_cmd.rs	Implements Codex PreToolUse hook processing and deny-with-suggestion response shape; adds tests.
src/hooks/constants.rs	Adds CONFIG_TOML constant for Codex config handling.
src/hooks/README.md	Updates hooks matrix and implementation notes to include Codex behavior.
hooks/codex/README.md	Documents Codex hook wiring and deny-with-suggestion behavior.
hooks/README.md	Updates global hook docs to describe Codex’s non-transparent rewrite approach.
docs/contributing/TECHNICAL.md	Updates contributor docs to reflect Codex hook support.
README.md	Updates user-facing overview and supported tools table for Codex hook behavior.

[JulienMaille]

Wouldn't his also work on the codex app, ie not codex CLI?

[tjx666]

@BjornMelin @aeppling waiting for this

[aeppling]

Hey @BjornMelin

Thanks for addressing this. I'm aware of the codex CLI gap for the updatedInput that is not honored, thus being said the deny retry approach can be costly :

• It costs extra API tokens ; each time a raw rewritable command is blocked, the model has to run an extra inference turn to re-issue it as rtk …. Transparent rewrite (and prompt-level guidance) avoid this; deny-retry is the only approach that structurally adds turns.

• Most importantly, it's not transparent , by RTK principles we want to be as transparent as possible, so commands should be rewritten without LLM having to prefix any commands itself, as well as not causing retries.

RTK want to be a LLM proxy, transparent and efficient, and for this we want to detach from context based actions for LLMs, to avoid polluting context + more precision and reliable because deterministic. This is not possible yet because not all CLI support hooks, but for Codex we seems close to be able to do this.

Your PR is clean and thanks for this, it has a lot of clean part that could be favorized, the approach is what i want to discuss.
Did you reproduce the bug with Codex CLI ? With which version?

You can refer to my review on #2033 about the codex CLI updatedInput problem.
Open to discuss