Context
All Codex hooks execute client-side ("in the GUI").
Problems
- Data is already at the client when hooks run — even a successful block is too late, and the payload could be captured by a malicious or competing hook written by a bad actor.
- Stop's enforcement is merely "you can no longer send prompts in this chat" — trivially bypassed by clicking new chat.
Analogy
This is client-side JS validation vs. a server-side WAF. Client-side means anyone can alter the logic — and the sensitive data has already reached the browser either way.
Impact
Client-side hooks are defense-in-depth at best, not a sound prevention/deterrence model for PII or harmful content.
Raised by a collaborator during Codex hook integration review.
Context
All Codex hooks execute client-side ("in the GUI").
Problems
Analogy
This is client-side JS validation vs. a server-side WAF. Client-side means anyone can alter the logic — and the sensitive data has already reached the browser either way.
Impact
Client-side hooks are defense-in-depth at best, not a sound prevention/deterrence model for PII or harmful content.
Raised by a collaborator during Codex hook integration review.