Connect OpenAI Codex to Capsule Security for complete visibility into AI coding assistant activity, including prompts, tool execution, and session lifecycle.
This integration uses Codex's hooks system to capture AI coding assistant activity. Hooks are shell commands that execute at specific points in Codex's lifecycle, providing automated workflows and audit capabilities.
The following hooks are configured:
| Hook Event | Description |
|---|---|
| SessionStart | Session initialization and context with MCP tools definitions |
| UserPromptSubmit | User prompts before submission to the model |
| PreToolUse | Tool execution requests (before execution) |
| PostToolUse | Tool execution results (after completion) |
| Stop | Agent stop events when the agent finished responding |
Before you begin, ensure you have:
- Codex CLI installed
- A Capsule Security account with admin access
Log in to the Capsule Security portal
Navigate to Integrations and locate Codex
Click Install — Capsule automatically generates a
hooks.jsonfile containing:- Hook commands for all lifecycle events
- An embedded authentication token scoped to your organization
Select your target platform to download the configuration:
- Mac / Linux: a single
hooks.jsonfile - Windows: a
capsule-codex-hooks.ziparchive containinghooks.jsonand aCapsuleCodexHook.ps1companion script
- Mac / Linux: a single
On Windows,
hooks.jsoninvokesCapsuleCodexHook.ps1at the path configured in the integration's Advanced Settings (defaultC:\Program Files\Capsule\CapsuleCodexHook.ps1), so both files must be deployed. The platform downloads are not interchangeable — use each platform's ownhooks.json.
Codex loads hooks from the following locations. Where you place the configuration determines who controls it and how much users can tamper with it:
| Location | Path | Best for |
|---|---|---|
| User | ~/.codex/hooks.json (macOS/Linux)%USERPROFILE%\.codex\hooks.json (Windows) | POVs, pilots, and quick tests |
| Managed (enterprise) | Managed hooks directory declared in requirements.toml at /etc/codex/requirements.toml (macOS/Linux) or %ProgramData%\OpenAI\Codex\requirements.toml (Windows) | Production fleets |
User-space configuration is the fastest way to evaluate the integration — a single file copy with no infrastructure. For production, prefer the managed/enterprise location: user-space hooks can be edited or deleted by the user, and Codex skips non-managed hooks until each user reviews and trusts them via /hooks, while managed hooks are trusted by policy and cannot be disabled from the user hook browser.
macOS / Linux:
mkdir -p ~/.codex
cp hooks.json ~/.codex/hooks.jsonWindows (PowerShell, as Administrator):
New-Item -ItemType Directory -Path "$env:USERPROFILE\.codex" -Force | Out-Null
Copy-Item -Path "hooks.json" -Destination "$env:USERPROFILE\.codex\hooks.json" -Force
New-Item -ItemType Directory -Path "C:\Program Files\Capsule" -Force | Out-Null
Copy-Item -Path "CapsuleCodexHook.ps1" -Destination "C:\Program Files\Capsule\CapsuleCodexHook.ps1" -ForceBecause user-level hooks are non-managed, each user must review and trust them once via /hooks (see Step 4), and trust must be re-granted whenever the configuration changes (for example, a rotated token).
Codex's managed configuration lets administrators enforce the Capsule hooks fleet-wide:
Use your device management solution to install the Capsule hook configuration into a dedicated directory on each endpoint (Codex does not distribute hook scripts — your MDM delivers the files)
Deploy a
requirements.tomlthat points Codex at that directory:- macOS / Linux:
/etc/codex/requirements.toml - Windows:
%ProgramData%\OpenAI\Codex\requirements.toml - macOS via MDM: a configuration profile in the
com.openai.codexpreference domain (requirements_toml_base64)
[hooks] managed_dir = "/path/to/managed/hooks" # macOS/Linux (must exist; absolute path) windows_managed_dir = 'C:\path\to\managed\hooks' allow_managed_hooks_only = true- macOS / Linux:
With
allow_managed_hooks_only = true, user and project hooks are blocked entirely — only administrator-approved hooks run, and users cannot disable or circumvent the Capsule integration
Hooks from managed sources are trusted by policy: no per-user /hooks review is required.
If your organization is not ready for managed configuration, you can still automate deployment at scale by having your MDM write the configuration into each user profile. See the platform guides:
- Microsoft Intune (supports fully automated deployment from the Capsule portal)
- Jamf Pro
- Kandji
- JumpCloud
- Microsoft SCCM
- ManageEngine Endpoint Central
- Tanium
Note that hooks deployed this way are still user-level (non-managed), so each user must trust them via /hooks.
Hooks are loaded at session start. Exit any running Codex sessions and start a new one for the configuration to take effect.
Start a new Codex CLI session
If Codex warns that hooks require review, run
/hooks, review the Capsule hooks, and trust them (not required for managed hooks)Execute a simple task to generate activity:
Create a new file called test.txt with the content "Hello World"Log in to the Capsule Security portal
Navigate to Inventory > Agents and confirm your Codex agent appears
Click on the agent and review the audit logs to verify events are captured:
- Session start event
- User prompt
- Tool execution
- Session activity
If events are not appearing:
Verify
hooks.jsonis in the correct location for your platform (see Step 2) — if theCODEX_HOMEenvironment variable is set, Codex reads the configuration from there instead of~/.codexRun
/hooksin Codex — if the Capsule hooks are listed but skipped, they have not been trusted yet; if nothing is listed, the file is not being loadedVerify the file syntax — ensure the file contains valid JSON:
cat ~/.codex/hooks.json | python3 -m json.toolWindows: verify the script path — the path inside
hooks.jsonmust match whereCapsuleCodexHook.ps1was actually installed (see the integration's Advanced Settings)Check that hooks are not disabled by policy — a
requirements.tomlwith[features] hooks = falseturns the hooks feature off entirelyContact Capsule Security support if issues persist
Codex hooks execute with your current environment credentials. Before deploying hooks:
- Review all hook scripts provided by Capsule Security
- Verify the endpoint URL matches your organization's Capsule instance
- Protect authentication tokens used by hooks (never commit
hooks.jsonto version control) - Codex records hook trust against a hash of the hook definition — any modification to the deployed configuration revokes trust and requires re-approval, which protects users from silent tampering
For help with this integration:
- Email: support@capsule.security
- Include: Your organization ID, integration status, and any error messages