Windows Codex hooks use single-quoted commands and fail under cmd.exe

[smoochy]

Summary

On Windows, the generated Codex hook commands from @superbased/observer are wrapped in POSIX-style single quotes. Codex executes these hook commands through cmd.exe, which does not treat '...' as valid quoting. As a result, the hook command is parsed incorrectly and exits with code 1.

Environment

• OS: Windows
• Codex CLI: 0.133.0
• @superbased/observer: 1.6.27

Generated hook command

Example from hooks.json:

"command": "'C:\\Users\\Administrator\\AppData\\Roaming\\npm\\node_modules\\@superbased\\observer\\node_modules\\@superbased\\observer-win32-x64\\bin\\observer.exe' hook codex SessionStart --config 'C:\\Users\\Administrator\\.observer\\config.toml'"

The same quoting pattern was generated for PermissionRequest, PreToolUse, PostToolUse, SessionStart, Stop, and UserPromptSubmit.

Reproduction

1. Install @superbased/observer on Windows.
2. Configure Codex hooks using the current install flow.
3. Start Codex or submit a prompt.
4. The hook fails immediately.

Running the generated command through cmd.exe reproduces the problem:

cmd /c "'C:\Users\Administrator\AppData\Roaming\npm\node_modules\@superbased\observer\node_modules\@superbased\observer-win32-x64\bin\observer.exe' hook codex SessionStart --config 'C:\Users\Administrator\.observer\config.toml'"

Actual behavior

The command fails under cmd.exe because the single quotes are interpreted literally instead of as quoting. In my case this caused the hook to error immediately, and Codex showed hook failures on prompt submission / session start.

Expected behavior

On Windows, generated Codex hook commands should use Windows-safe quoting:

• no single quotes around executable/config paths
• if quoting is required, use "..." for cmd.exe compatibility

Workaround

Manually editing hooks.json to remove the single quotes fixed it. For example, this form works:

"command": "C:\\Users\\Administrator\\AppData\\Roaming\\npm\\node_modules\\@superbased\\observer\\node_modules\\@superbased\\observer-win32-x64\\bin\\observer.exe hook codex SessionStart --config C:\\Users\\Administrator\\.observer\\config.toml"

After removing the single quotes, the affected Codex hooks executed successfully.

[marmutapp]

Thanks for the precise repro and the workaround @smoochy - this made the diagnosis instant. Confirmed root cause in v1.6.27 and shipped a fix as v1.6.28 (just published to npm + public mirror). This issue was introduced during our last cycle due to a bad path setup.

What was wrong

v1.6.27 introduced single-quote wrapping for hook commands so Claude Code on Windows (which always invokes hooks through Git Bash) would preserve the backslashes in D:\...\observer.exe. That fix was right for Claude Code, but the same wrapper was applied to the Codex registrar too and Codex spawns each hook through cmd.exe on part of the argument and cmd.exe failed to find a binary whose name starts with a quote, every hook fires exit 1, exactly as you saw.

What v1.6.28 does

The Codex registrar now picks its quoting style based on the path shape:

• Linux/macOS Codex paths → POSIX single-quote (unchanged; codex spawns via /bin/sh there).
• Windows-shaped paths (contain \) → cmd.exe-safe double-quote when the path needs quoting (spaces, special chars etc.); unwrapped when it doesn't - matching the exact working shape from your workaround did.

Your install path has no spaces, so the post-fix command is:
"command": "C:\Users\Administrator\AppData\Roaming\npm\node_modules\@superbased\observer\node_modules\@superbased\observer-win32-x64\bin\observer.exe hook codex SessionStart --config C:\Users\Administrator\.observer\config.toml"

A C:\Program Files\… install (with a space) would render as: "command": ""C:\Program Files\observer\observer.exe" hook codex SessionStart --config "C:\Program Files\Observer\config.toml""

Both forms work under cmd.exe.
npm install -g @superbased/observer@1.6.28
observer init --force --tool codex

--force re-writes the existing hooks.json with the new quoting shape. After that, Codex hooks should fire cleanly on the next session start / prompt submit.

Scope of the fix

Codex registrar only right now. Claude Code stays on single-quote (correct under Git Bash).

Thanks again for the detailed bug report (with the suggested fix), the inline cmd /c repro + the working unquoted-form workaround made this a one-look diagnosis.

[smoochy]

Thanks for the reply. Already updated the CLI.

One thing I noticed yesterday, but forgot to mention. And I saw it just again in your reply.

I states C:\Users\Administrator.observer\config.toml". But shouldn't it be C:\Users\Administrator\.observer\config.toml"? There is a slash missing in front of .codex.

[marmutapp]

That seems to be an issue in the issues comments section - I did write it as C:\Users\Administrator\.observer\config.toml but when you don't use it inside a code block it automatically removes the backslash \ if it is followed by a non-alphanumeric character.
I think Github's regex setup or something equivalent is kicking in.