Bridge Codex native hooks into OpenClaw

Bridge Codex-native tool events into the OpenClaw plugin hook surface, including native permission approval routing, bounded relay payloads, approval spam protection, and docs/changelog updates.\n\nCo-authored-by: pashpashpash <nik@vault77.ai>
2026-05-06 17:20:45 +00:00 · 2026-04-24 08:48:26 -07:00
parent 3a64aa49a9
commit 7a958d920c
25 changed files with 2379 additions and 10 deletions
--- a/docs/.generated/plugin-sdk-api-baseline.sha256
+++ b/docs/.generated/plugin-sdk-api-baseline.sha256
@@ -1,2 +1,2 @@
-b125289f628c19afb6087dcd58b674fa8acc8899545f99db81c264c4c964d17f  plugin-sdk-api-baseline.json
-2a2e9959cd35a375ec97682ec5d5108d94d4e77a82085929c58e9a994313d5e6  plugin-sdk-api-baseline.jsonl
+3e0d36fbe1db58f01c297a35c9a26d1037471720a8e71dc7149d108bf0f9bf40  plugin-sdk-api-baseline.json
+aa4065f3efaf8ed6f7641ad7384039123e5bbb21a3e682f7599ca75195ceb8cd  plugin-sdk-api-baseline.jsonl
--- a/docs/tools/acp-agents.md
+++ b/docs/tools/acp-agents.md
@@ -58,7 +58,15 @@ Natural-language triggers that should route to the native Codex plugin:
 - "Attach this chat to Codex thread `<id>`."
 - "Show Codex threads, then bind this one."

-Native Codex conversation binding is the default chat-control path, but it is intentionally conservative for interactive Codex approval/tool flows: OpenClaw dynamic tools and approval prompts are not exposed through this bound-chat path yet, so those requests are declined with a clear explanation. Use the Codex harness path or explicit ACP fallback when the workflow depends on OpenClaw dynamic tools or long-running interactive approvals.
+Native Codex conversation binding is the default chat-control path. OpenClaw
+dynamic tools still execute through OpenClaw, while Codex-native tools such as
+shell/apply-patch execute inside Codex. For Codex-native tool events, OpenClaw
+injects a per-turn native hook relay so plugin hooks can block
+`before_tool_call`, observe `after_tool_call`, and route Codex
+`PermissionRequest` events through OpenClaw approvals. The v1 relay is
+deliberately conservative: it does not mutate Codex-native tool arguments,
+rewrite Codex thread records, or gate final answers/Stop hooks. Use explicit
+ACP only when you want the ACP runtime/session model.

 Natural-language triggers that should route to the ACP runtime:

--- a/docs/tools/plugin.md
+++ b/docs/tools/plugin.md
@@ -394,6 +394,12 @@ Hook guard behavior for typed lifecycle hooks:
 - `message_sending`: `{ cancel: true }` is terminal; lower-priority handlers are skipped.
 - `message_sending`: `{ cancel: false }` is a no-op and does not clear an earlier cancel.

+Native Codex app-server runs bridge Codex-native tool events back into this
+hook surface. Plugins can block native Codex tools through `before_tool_call`,
+observe results through `after_tool_call`, and participate in Codex
+`PermissionRequest` approvals. The bridge does not rewrite Codex-native tool
+arguments yet.
+
 For full typed hook behavior, see [SDK Overview](/plugins/sdk-overview#hook-decision-semantics).

 ## Related