Finding · codex

Codex: PreToolUse Hook Input Rewrites

What Changed

PR #20527 enables PreToolUse hooks to rewrite tool inputs before execution. The hook output schema already documented updatedInput, but Codex was rejecting it instead of applying it. Now: when a PreToolUse hook returns permissionDecision: "allow" with an updatedInput payload, Codex applies the rewritten input before dispatching the tool call. The tool executes the updated payload, not the original.

Operator Consequence

PreToolUse hooks can now sanitize, normalize, redirect, or augment tool calls before execution. Examples:

Strip or mask sensitive arguments before a shell command runs
Normalize file paths to prevent path traversal
Replace a risky file destination with a safe staging path

Previously, hooks could only observe and allow/deny. Now they can observe, allow with modification, or deny.

Signal

Hook authors who have been waiting for updatedInput to work should test existing hooks. Hooks that previously allowed-and-returned an updatedInput (expecting the rewrite to apply) were silently executing the original input.

Finding metadata

Confidence: high
Actionability: adapt
Accessibility impact: low
Operator relevance: high
Bitter relevance: medium

Run: 2026-05-12-partial-cycle-codex-refresh-2026-05-12-frontier-v0

Finding ID: 2026-05-12-codex-pretooluse-input-rewrite

Accepted signals

PreToolUse hooks can now rewrite tool inputs before execution · 2026-05-12

Profile citations

Codex · claim · pretooluse-input-rewrite
Codex · posture · capability
Codex · posture · governance

Source links

Primary links, including exact changelog lines when available.

Codex
commit_diff_reviewedPR #20527 — Support PreToolUse updatedInput rewritesgithub.com/openai/codex/pull/20527