Oh My Codex
Install statewright in Oh My Codex (OMX)
Oh My Codex
If you're running OMX, this plugin restricts which tools your agents can use per workflow phase. Enforcement goes through Codex native hooks (the only layer that can actually block tool calls in OMX's architecture).
Install
git clone https://github.com/statewright/statewright.git
cd statewright/plugins/omx
npm install && npm run build
bash install.shThe install script merges statewright hooks into ~/.codex/hooks.json without touching your existing OMX hooks.
Setup
- Get an API key at statewright.ai/keys
- Save it:
mkdir -p ~/.statewright echo 'sw_live_...' > ~/.statewright/api_key - Add the MCP server (uses the same proxy as the Codex plugin):
codex mcp add statewright -- bash ~/statewright/plugins/codex/mcp-proxy.sh - Add
env_varsto~/.codex/config.tomlfor environment propagation:[mcp_servers.statewright] env_vars = ["STATEWRIGHT_API_KEY", "STATEWRIGHT_GATEWAY_URL"]
Verify
Start OMX and type statewright_list_workflows(). If you see your workflows, the plugin is active.
Why native hooks?
OMX has two hook systems and the distinction matters:
| Layer | Can block tools? | Can inject context? |
|---|---|---|
Codex native hooks (.codex/hooks.json) | Yes | Yes |
OMX plugin hooks (.omx/hooks/*.mjs) | No | No |
Statewright uses Codex native hooks because they're the only layer that can intercept tool calls and return deny decisions. The OMX plugin SDK is fire-and-forget; it can log and send tmux keys but it can't stop a tool from executing.
How it works
The plugin is a single TypeScript file compiled to an 18KB bundle. PreToolUse enforcement reads from a local state cache with no network round-trip. Bash commands are classified for redirects, destructive operations, and scripting interpreters even when Bash itself is in the allowed tools list.
Interrupts work too. Edit a file matching a glob pattern (like **/*.pb.js) and the workflow auto-transitions to a validation state, then returns.