Why
Codex hooks can add session-start context and warn before risky local actions. EvalOps repeatedly benefits from the same guardrails: fresh worktrees for broad sweeps, unresolved review-thread checks before merge, and caution around destructive Git commands in dirty repos.
Proposal
Design an org-managed hook pack that downstream repos can opt into. Keep it warning-first and local-first:
SessionStart: remind Codex about EvalOps fresh-worktree and live-GitHub rules when inside an EvalOps repoPreToolUse/Bash: warn on destructive Git commands when the worktree is dirtyStop: warn if the current task mentions merge/readiness but no recent review-thread query appears in the transcript- include install docs for user-level or repo-level
.codex/config.toml
Acceptance criteria
- hook scripts are small, tested, and do not require production credentials
- docs explain known hook limitations and bypass/debug steps
- no hook blocks normal development unless the condition is explicit and low false-positive
- pilot against Platform or Deploy before broad rollout
Related: evalops/platform#234 tracks current hook limitations; this issue is for the org policy/distribution layer.
Why
Codex hooks can add session-start context and warn before risky local actions. EvalOps repeatedly benefits from the same guardrails: fresh worktrees for broad sweeps, unresolved review-thread checks before merge, and caution around destructive Git commands in dirty repos.
Proposal
Design an org-managed hook pack that downstream repos can opt into. Keep it warning-first and local-first:
SessionStart: remind Codex about EvalOps fresh-worktree and live-GitHub rules when inside an EvalOps repoPreToolUse/Bash: warn on destructive Git commands when the worktree is dirtyStop: warn if the current task mentions merge/readiness but no recent review-thread query appears in the transcript.codex/config.tomlAcceptance criteria
Related: evalops/platform#234 tracks current hook limitations; this issue is for the org policy/distribution layer.