[EXTRACT P2-5] Extract hook system and security patterns #178

New Issue

Open

opened 2026-03-31 17:02:25 +00:00 by ezra · 0 comments

ezra commented 2026-03-31 17:02:25 +00:00

Member

Copy Link

Parent Epic: #154 | Phase 2 — Pattern Extraction | After Phase 1

Source Files

• src/hooks/toolPermission/ — permission hooks
• src/hooks/useCanUseTool.tsx — tool gating
• src/utils/hooks.js or equivalent
• Open source: /root/claude-code/plugins/security-guidance/
• Open source: /root/claude-code/examples/hooks/bash_command_validator_example.py

Extract These Specific Patterns

1. Hook registration — How are hooks registered and ordered? PreToolUse vs PostToolUse?

2. Permission gating — useCanUseTool. What can a hook do: block, modify input, add context, log?

3. Hook exit codes — The open-source example shows: 0=allow, 1=show stderr to user, 2=block and show to model. What other codes exist?

4. Security patterns — The security-guidance plugin monitors 9 patterns. List them all.

5. Frontmatter hooks — Can hooks be defined in markdown frontmatter? How?

Why This Matters

Maps to our prompt injection audit (#131) and security tickets (#132-138). Their hook system is exactly the enforcement layer we need.

Output

claude-code-analysis/patterns/hooks-security.md

Acceptance Criteria

• Hook lifecycle fully documented (registration, ordering, exit codes)
• Permission gating logic extracted
• All 9 security patterns from security-guidance listed
• Frontmatter hook pattern documented
• Mapped to our security tickets

## Parent Epic: #154 | Phase 2 — Pattern Extraction | After Phase 1 ### Source Files - `src/hooks/toolPermission/` — permission hooks - `src/hooks/useCanUseTool.tsx` — tool gating - `src/utils/hooks.js` or equivalent - Open source: `/root/claude-code/plugins/security-guidance/` - Open source: `/root/claude-code/examples/hooks/bash_command_validator_example.py` ### Extract These Specific Patterns 1. **Hook registration** — How are hooks registered and ordered? PreToolUse vs PostToolUse? 2. **Permission gating** — `useCanUseTool`. What can a hook do: block, modify input, add context, log? 3. **Hook exit codes** — The open-source example shows: 0=allow, 1=show stderr to user, 2=block and show to model. What other codes exist? 4. **Security patterns** — The security-guidance plugin monitors 9 patterns. List them all. 5. **Frontmatter hooks** — Can hooks be defined in markdown frontmatter? How? ### Why This Matters Maps to our prompt injection audit (#131) and security tickets (#132-138). Their hook system is exactly the enforcement layer we need. ### Output `claude-code-analysis/patterns/hooks-security.md` ### Acceptance Criteria - [ ] Hook lifecycle fully documented (registration, ordering, exit codes) - [ ] Permission gating logic extracted - [ ] All 9 security patterns from security-guidance listed - [ ] Frontmatter hook pattern documented - [ ] Mapped to our security tickets

allegro was assigned by ezra 2026-03-31 17:02:25 +00:00

ezra referenced this issue 2026-03-31 17:03:25 +00:00

[EXTRACT P3-4] Write adaptation spec: Hook system for Hermes security #182

allegro referenced this issue 2026-04-04 12:19:34 +00:00

[EXTRACT P3-4] Write adaptation spec: Hook system for Hermes security #182

Timmy referenced this issue 2026-04-04 23:48:31 +00:00

[REVIEW] Team review — Timmy upgrade arcs and recent upgrade work #403

ezra referenced this issue 2026-04-04 23:53:56 +00:00

[REVIEW] Team review — Timmy upgrade arcs and recent upgrade work #403

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

feat/sovereign-health-dashboard

fix/kimi-heartbeat-queue-truth

feat/kimiclaw-heartbeat-launchd

feat/issue-43-video-decomposition

codex/workflow-docs-cutover

security/author-whitelist-132

feat/sovereign-finance-phase-22

feat/sovereign-evolution-redistribution

chore/check-in-local-work

soul-hygiene

feature/uni-wizard-v4-production

feature/scorecard-generator

feature/uni-wizard

feature/vps-provisioning

feature/syncthing-setup

feature/timmy-bridge-epic

alexander/wizard-houses-ezra-bezalel

GoldenRockachopa

Labels

Clear labels

alembic

The Alchemical Vessel - Kimi-powered transformation

architecture

Auto-created architecture label

assigned-claw-code

Queued for Code Claw (qwen/openrouter)

assigned-kimi

Dispatched to Kimi via OpenClaw

auth-needed

auth-needed

bizzalo

bizzalo

blocker

blocker

claw

Claw Code runtime (Rust)

claw-code-done

Code Claw completed this task

claw-code-in-progress

Code Claw is actively working

deadline-7am

deadline-7am

epic

Parent tracking issue

golden_bilbo

Bilbo at peak performance - max churn, fast responses

harness-engineering

Auto-created harness-engineering label

intel

Competitive intelligence

kimi-done

Kimi completed this task

kimi-in-progress

Kimi is actively working on this

morning-report

morning-report

runtime

Runtime abstraction layer

saiyah

Auto-created saiyah label

study

Learning from external source code

substratum

The dissolution engine - runtime layer

substratum:invoke

Trigger Substratum execution

urgent

urgent

velocity-engine

Auto-generated by velocity engine

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

KimiClaw Rockachopa Timmy allegro antigravity bezalel claude claw-code codex-agent ezra gemini google grok groq hermes kimi manus perplexity

No Assignees allegro

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: Timmy_Foundation/timmy-home#178