Codex hooks merge user + project layers, gated by trust
Scoping codex CLI hooks to specific projects without affecting unrelated work.
Codex hooks discover and merge from both ~/.codex/hooks.json (user-level) and <repo>/.codex/hooks.json (project-level), and higher-precedence layers do not replace lower ones — they accumulate, so the same event can have hooks from both layers fire concurrently. Project-local hooks only load when the .codex/ layer is trusted, which is set via [projects.<path>] trust_level = trusted in ~/.codex/config.toml. Trust cascades from parent paths, so trusting ~/Projects covers every repo underneath it without per-repo config. This makes the natural pattern: keep general-purpose hooks (image transcription, etc) in ~/.codex/, keep project-specific behavior modifiers (workflow nudges, custom integrations) in <repo>/.codex/.
For any project-specific codex automation, scope it to <repo>/.codex/hooks.json from the start. Putting workflow-specific hooks in ~/.codex/ pollutes every other codex session — and the trust-cascade means you almost never need to manage trust per-project anyway.