{"id":47611243,"url":"https://github.com/yurukusa/claude-code-hooks","last_synced_at":"2026-04-01T20:23:05.462Z","repository":{"id":341111266,"uuid":"1168954390","full_name":"yurukusa/claude-code-hooks","owner":"yurukusa","description":"16 production hooks + 5 templates for autonomous Claude Code operation. Context monitoring, syntax checking, branch protection, secret leak prevention, and more.","archived":false,"fork":false,"pushed_at":"2026-03-21T20:18:42.000Z","size":91,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-21T21:31:31.791Z","etag":null,"topics":["ai-safety","anthropic","autonomous","bash","claude","claude-code","developer-tools","devops","hooks","plugin","posttooluse","pretooluse","safety"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/yurukusa.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"yurukusa","ko_fi":"yurukusa","custom":["https://yurukusa.github.io/cc-ops-kit-landing/"]}},"created_at":"2026-02-28T01:40:31.000Z","updated_at":"2026-03-21T20:18:45.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/yurukusa/claude-code-hooks","commit_stats":null,"previous_names":["yurukusa/claude-code-hooks"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/yurukusa/claude-code-hooks","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yurukusa%2Fclaude-code-hooks","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yurukusa%2Fclaude-code-hooks/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yurukusa%2Fclaude-code-hooks/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yurukusa%2Fclaude-code-hooks/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/yurukusa","download_url":"https://codeload.github.com/yurukusa/claude-code-hooks/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yurukusa%2Fclaude-code-hooks/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31291537,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-01T13:12:26.723Z","status":"ssl_error","status_checked_at":"2026-04-01T13:12:25.102Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-safety","anthropic","autonomous","bash","claude","claude-code","developer-tools","devops","hooks","plugin","posttooluse","pretooluse","safety"],"created_at":"2026-04-01T20:23:00.687Z","updated_at":"2026-04-01T20:23:05.455Z","avatar_url":"https://github.com/yurukusa.png","language":"Shell","funding_links":["https://github.com/sponsors/yurukusa","https://ko-fi.com/yurukusa","https://yurukusa.github.io/cc-ops-kit-landing/"],"categories":["Plugins"],"sub_categories":["All Plugins"],"readme":"# claude-code-hooks\n\n[![GitHub stars](https://img.shields.io/github/stars/yurukusa/claude-code-hooks?style=social)](https://github.com/yurukusa/claude-code-hooks)\n[![tests](https://github.com/yurukusa/claude-code-hooks/actions/workflows/test.yml/badge.svg)](https://github.com/yurukusa/claude-code-hooks/actions/workflows/test.yml)\n\n**[Interactive Cookbook](https://yurukusa.github.io/claude-code-hooks/)** — search, filter, and copy 26 hook recipes in your browser.\n\n**Find \u0026 install hooks:** `npx cc-hook-registry init` — auto-detect your project and install recommended hooks.\n\n**16 hooks + 6 templates from 700+ hours of autonomous Claude Code operation.**\n\n```\n┌─────────────────────────────────────────────────────────┐\n│ Claude Code Session │\n│ │\n│ User Prompt ──→ PermissionRequest ──→ PreToolUse │\n│ (auto-approve- (destructive-guard │\n│ readonly) branch-guard │\n│ comment-strip │\n│ cd-git-allow │\n│ secret-guard) │\n│ │ │ │\n│ ▼ ▼ │\n│ Tool Executes ──→ PostToolUse │\n│ (syntax-check │\n│ context-monitor │\n│ activity-logger │\n│ tmp-cleanup) │\n│ │ │\n│ ▼ │\n│ Session End ──→ Stop │\n│ (proof-log-session) │\n│ │\n│ Notification ──→ no-ask-human │\n│ PreCompact ──→ proof-log-session │\n└─────────────────────────────────────────────────────────┘\n```\n\nProduction infrastructure for running Claude Code autonomously. Every hook exists because something went wrong without it. Every template encodes a workflow pattern that survived real-world autonomous operation.\n\n\u003e **Honest disclaimer:** This is what works for us. Your workflow may differ. These hooks and templates address the failure modes we actually encountered.\n\nCovers **18 of 20 checks** in [cc-health-check](https://github.com/yurukusa/cc-health-check).\n\n### Get Started in 10 Seconds\n\n```bash\nnpx cc-safe-setup # Install 8 essential hooks\nnpx cc-safe-setup --verify # Test each hook works\nnpx cc-safe-setup --doctor # Diagnose any issues\nnpx cc-safe-setup --create \"block npm publish without tests\" # Generate custom hooks\n```\n\n\u003e **Want all 16 hooks + templates?** Clone this repo. Or get the [Ops Kit](https://yurukusa.github.io/cc-ops-kit-landing/?utm_source=github\u0026utm_medium=readme\u0026utm_campaign=ops-kit) with install.sh + 3 exclusive tools (pay what you want).\n\u003e\n\u003e **New to hooks?** Read the [Troubleshooting Guide](https://github.com/yurukusa/cc-safe-setup/blob/main/TROUBLESHOOTING.md) or print the [Cheat Sheet](https://yurukusa.github.io/cc-safe-setup/cheatsheet.html).\n\n---\n\n## What's Included\n\n### Hooks (16)\n\n| Hook | Purpose | Trigger |\n|------|---------|---------|\n| `context-monitor.sh` | Graduated context window warnings (CAUTION → WARNING → CRITICAL → EMERGENCY) | PostToolUse |\n| `activity-logger.sh` | JSONL audit trail of every file change (path, lines added/deleted, timestamp) | PostToolUse (Edit\\|Write) |\n| `syntax-check.sh` | Automatic syntax validation after edits (Python, Shell, JSON, YAML, JS) | PostToolUse (Edit\\|Write) |\n| `decision-warn.sh` | Alerts on edits to sensitive paths without blocking | PreToolUse (Edit\\|Write) |\n| `cdp-safety-check.sh` | Blocks raw WebSocket CDP construction, forces use of proven tools | PreToolUse (Bash) |\n| `proof-log-session.sh` | Auto-generates 5W1H session summaries into daily markdown files | Stop, PreCompact |\n| `session-start-marker.sh` | Records session start time (used by proof-log) | PostToolUse |\n| `no-ask-human.sh` | Detects and discourages questions to absent humans during autonomous operation | PostToolUse |\n| `branch-guard.sh` | Blocks pushes to main/master + force-push on all branches | PreToolUse (Bash) |\n| `error-gate.sh` | Blocks external actions (push, publish, POST) when unresolved errors exist | PreToolUse (Bash) |\n| `destructive-guard.sh` | Blocks rm -rf on sensitive paths, git reset --hard, git clean. Prevents NTFS junction traversal data loss | PreToolUse (Bash) |\n| `secret-guard.sh` | Blocks git add .env, credential files, git add . with .env present | PreToolUse (Bash) |\n| `comment-strip.sh` | Strips bash comments that break permission allowlists ([#29582](https://github.com/anthropics/claude-code/issues/29582)) | PreToolUse (Bash) |\n| `cd-git-allow.sh` | Auto-approves read-only cd+git compounds ([#32985](https://github.com/anthropics/claude-code/issues/32985)) | PreToolUse (Bash) |\n| `auto-approve-readonly.sh` | Auto-approves read-only commands (git log, ls, cat) via PermissionRequest | PermissionRequest |\n| `tmp-cleanup.sh` | Removes stale tmpclaude-* files older than 60 seconds | PostToolUse |\n\n### Templates (5)\n\n| Template | Purpose |\n|----------|---------|\n| `CLAUDE-autonomous.md` | Operational rules for autonomous execution: backup branches, loop detection, decision autonomy, state persistence |\n| `dod-checklists.md` | Definition of Done for code changes, publications, general tasks, and session handoffs |\n| `task-queue.yaml` | Structured task queue with priority, status tracking, and blocked items |\n| `mission.md` | Persistent state across session restarts: goals, progress, blockers, handoff notes |\n| `LESSONS.md` | Structured incident log: what failed, root cause, fix applied, prevention rule |\n\n### Example Configurations (3)\n\n- `settings-minimal.json` — Context monitor + syntax check. Good starting point.\n- `settings.json` — Recommended setup with all core hooks.\n- `settings-autonomous.json` — Full autonomous mode with no-ask-human + branch guard + error gate.\n\n---\n\n## Health Check Coverage\n\nHow the kit maps to [cc-health-check](https://github.com/yurukusa/cc-health-check)'s 20 checks:\n\n| Dimension | Check | Covered By |\n|-----------|-------|-----------|\n| Safety | PreToolUse blocks dangerous commands | `cdp-safety-check.sh` |\n| Safety | API keys in dedicated files | `CLAUDE-autonomous.md` |\n| Safety | Branch protection | `branch-guard.sh` |\n| Safety | Error-aware gate | `error-gate.sh` |\n| Safety | Destructive command blocker | `destructive-guard.sh` |\n| Quality | Syntax checks after edits | `syntax-check.sh` |\n| Quality | Error detection and tracking | `error-gate.sh` + `activity-logger.sh` |\n| Quality | Definition of Done checklist | `dod-checklists.md` |\n| Quality | Output verification | `CLAUDE-autonomous.md` + `dod-checklists.md` |\n| Monitoring | Context window alerts | `context-monitor.sh` |\n| Monitoring | Activity logging | `activity-logger.sh` |\n| Monitoring | Daily summaries | `proof-log-session.sh` |\n| Recovery | Backup branches | `CLAUDE-autonomous.md` |\n| Recovery | Watchdog for hangs/idle | *(requires external tmux script)* |\n| Recovery | Loop detection | `CLAUDE-autonomous.md` |\n| Autonomy | Task queue | `task-queue.yaml` |\n| Autonomy | Block unnecessary questions | `no-ask-human.sh` |\n| Autonomy | Persistent state | `mission.md` |\n| Coordination | Decision audit trail | `decision-warn.sh` |\n| Coordination | Multi-agent coordination | *(requires external tooling)* |\n| Coordination | Lesson capture | `LESSONS.md` |\n\n**18/20 covered.** The 2 uncovered checks (watchdog, multi-agent) require external tooling beyond hooks and templates.\n\n---\n\n## Quick Setup\n\n### Option A: Quick Install (Recommended)\n\n```bash\nnpx cc-safe-setup\n```\n\nInstalls 8 essential hooks in 10 seconds. Zero config. [Details](https://github.com/yurukusa/cc-safe-setup)\n\n**After install, verify hooks are working:**\n\n```bash\nnpx cc-safe-setup --verify # Test each hook with sample inputs\nnpx cc-safe-setup --status # Check which hooks are installed\nnpx cc-health-check # Full setup diagnostic (20 checks)\n```\n\n\u003e **Note:** cc-safe-setup installs **hooks** (automatic background scripts), not skills or plugins. Hooks activate immediately after restarting Claude Code — no additional commands needed.\n\n### Option B: Manual Setup\n\n#### 1. Copy hooks and templates\n\n```bash\n# Hooks\nmkdir -p ~/.claude/hooks\ncp hooks/*.sh ~/.claude/hooks/\nchmod +x ~/.claude/hooks/*.sh\n\n# Templates (copy what you need to your project)\ncp templates/CLAUDE-autonomous.md ~/CLAUDE.md # or append to existing\ncp templates/dod-checklists.md ~/.claude/\ncp templates/task-queue.yaml ~/ops/\ncp templates/mission.md ~/ops/\ncp templates/LESSONS.md ~/\n```\n\n#### 2. Wire hooks into settings.json\n\nOpen `~/.claude/settings.json` and add the hooks configuration. Use one of the example files as a starting point:\n\n```bash\ncat examples/settings-autonomous.json\n```\n\nThen copy the `\"hooks\"` section into your own settings file, replacing `/path/to/hooks/` with your actual path.\n\n**Minimal example** (context monitor + syntax check only):\n\n```json\n{\n \"hooks\": {\n \"PostToolUse\": [\n {\n \"matcher\": \"\",\n \"hooks\": [{ \"type\": \"command\", \"command\": \"~/.claude/hooks/context-monitor.sh\" }]\n },\n {\n \"matcher\": \"Edit|Write\",\n \"hooks\": [{ \"type\": \"command\", \"command\": \"~/.claude/hooks/syntax-check.sh\" }]\n }\n ]\n }\n}\n```\n\n#### 3. Verify\n\nStart a Claude Code session and make an edit. You should see syntax check output (on error) and context monitoring messages (when context drops below thresholds).\n\n---\n\n## Hook Details\n\n### context-monitor.sh\n\n**The most valuable hook in this collection.**\n\nMonitors remaining context window capacity. Falls back to tool-call-count estimation when debug logs are unavailable.\n\n**Why it exists:** We lost an entire session's work when context hit 3% with no warning.\n\n**Thresholds:** 40% CAUTION → 25% WARNING → 20% CRITICAL (auto-compact) → 15% EMERGENCY\n\n### activity-logger.sh\n\nRecords every Edit/Write operation to JSONL with timestamp, file path, and line counts.\n\n**Why it exists:** \"What did Claude Code do in the last 2 hours?\" needs an instant answer.\n\n### syntax-check.sh\n\nRuns syntax validation immediately after Claude Code edits a file. Supports Python, Shell, JSON, YAML, JS.\n\n**Why it exists:** Claude Code would introduce a syntax error, continue working for 10+ steps, then hit a wall.\n\n### branch-guard.sh\n\nBlocks `git push` to main/master. Allows pushes to feature/staging branches.\n\n**Why it exists:** One accidental force-push to main destroyed a day of work.\n\n**Config:** `CC_PROTECT_BRANCHES=\"main:master:production\"` (default: `main:master`)\n\n### error-gate.sh\n\nBlocks external actions (git push, npm publish, curl POST) when unresolved errors exist in the error log. Allows local operations.\n\n**Why it exists:** Publishing broken code to production while errors were unresolved.\n\n**Config:** `CC_ERROR_LOG` (default: `~/.claude/error-tracker.log`), `CC_ERROR_THRESHOLD` (default: `WARNING`)\n\n### decision-warn.sh\n\nNon-blocking alerts when Claude Code edits files in monitored directories.\n\n### cdp-safety-check.sh\n\nBlocks raw Chrome DevTools Protocol WebSocket construction. Forces use of established tools.\n\n### proof-log-session.sh\n\nGenerates 5W1H session summary at session end. Aggregates from activity-logger.sh.\n\n### session-start-marker.sh\n\nRecords session start timestamp. Used by proof-log for duration calculation.\n\n### no-ask-human.sh\n\nDetects question patterns and reminds the agent to decide autonomously. Essential for unattended operation.\n\n---\n\n## Environment Variables\n\n| Variable | Used By | Default |\n|----------|---------|---------|\n| `CC_CONTEXT_MISSION_FILE` | context-monitor | `$HOME/mission.md` |\n| `CC_ACTIVITY_LOG` | activity-logger, proof-log | `$HOME/claude-activity-log.jsonl` |\n| `CC_MONITORED_PATHS` | activity-logger | *(none)* |\n| `CC_MONITORED_DIRS` | decision-warn | `$HOME/bin:$HOME/.claude/hooks` |\n| `CC_CDP_TOOL_NAME` | cdp-safety-check | `cdp-eval` |\n| `CC_PROOF_LOG_DIR` | proof-log | `$HOME/proof-log` |\n| `CC_NO_ASK_ENABLED` | no-ask-human | `1` |\n| `CC_PROTECT_BRANCHES` | branch-guard | `main:master` |\n| `CC_ERROR_LOG` | error-gate | `$HOME/.claude/error-tracker.log` |\n| `CC_ERROR_THRESHOLD` | error-gate | `WARNING` |\n| `CC_ALLOW_DESTRUCTIVE` | destructive-guard | `0` |\n| `CC_SAFE_DELETE_DIRS` | destructive-guard | `node_modules:dist:build:.cache` |\n\n---\n\n## Requirements\n\n- **Claude Code** (with hooks support)\n- **bash** + **jq**\n- **python3** (used by activity-logger, proof-log, context-monitor)\n- **Optional:** PyYAML (YAML syntax checking), Node.js (JS syntax checking)\n\n---\n\n## Common Accidents \u0026 Prevention\n\nReal incidents from GitHub Issues, and the hooks that prevent them:\n\n| Accident | Issue | Prevention Hook |\n|---|---|---|\n| `rm -rf` deleted entire user directory via NTFS junction | [#36339](https://github.com/anthropics/claude-code/issues/36339) | `destructive-guard` (built-in) |\n| `Remove-Item -Recurse -Force` destroyed unpushed source | [#37331](https://github.com/anthropics/claude-code/issues/37331) | `destructive-guard` (built-in) |\n| Entire Mac filesystem deleted during cleanup | [#36233](https://github.com/anthropics/claude-code/issues/36233) | `scope-guard` (example) |\n| `migrate:fresh` wiped production database | [#37405](https://github.com/anthropics/claude-code/issues/37405) | `block-database-wipe` (example) |\n| `prisma migrate reset` deleted all user data | [#34729](https://github.com/anthropics/claude-code/issues/34729) | `block-database-wipe` (example) |\n| `.bashrc` overwritten by `chezmoi apply` | [#37478](https://github.com/anthropics/claude-code/issues/37478) | `protect-dotfiles` (example) |\n| `git config --global` modified without consent | [#37201](https://github.com/anthropics/claude-code/issues/37201) | `git-config-guard` (example) |\n| Edits silently reverted during context compaction | [#34674](https://github.com/anthropics/claude-code/issues/34674) | `auto-checkpoint` (example) |\n| Deployed without committing, changes reverted on sync | [#37314](https://github.com/anthropics/claude-code/issues/37314) | `deploy-guard` (example) |\n| Prompt injection exfiltrated data via curl POST | [#37420](https://github.com/anthropics/claude-code/issues/37420) | `network-guard` (example) |\n| CLAUDE.md memory rules ignored repeatedly | [#37314](https://github.com/anthropics/claude-code/issues/37314) | Use hooks instead of memory |\n\nInstall any example: `npx cc-safe-setup --install-example \u003cname\u003e`\n\n---\n\n## Cookbook\n\n**[COOKBOOK.md](COOKBOOK.md)** — 18 ready-to-use hook recipes from real GitHub Issues. Auto-approve git with `-C` flags, SSH commands, desktop notifications, test enforcement, PowerShell protection, database wipe prevention, dotfile protection, auto-checkpoint, git config guard, and more.\n\n---\n\n## Troubleshooting\n\n**Hooks not firing?**\n\n1. **Use absolute paths** in your hook commands. Relative paths break depending on which directory you start Claude Code from:\n ```json\n \"command\": \"bash ~/.claude/hooks/syntax-check.sh\"\n ```\n\n2. **Test your hook in isolation** before relying on it:\n ```bash\n echo '{\"tool_name\":\"Bash\",\"tool_input\":{\"command\":\"rm -rf /\"}}' | bash ~/.claude/hooks/decision-warn.sh\n echo $? # Should print 2 (blocked) for dangerous commands\n ```\n\n3. **Check the timeout.** Hooks have a 5-second timeout by default. If your script does anything slow (network calls, large file scans), it may silently time out and Claude proceeds as if it passed.\n\n4. **Verify permissions:** `chmod +x hooks/*.sh` — hooks must be executable.\n\n5. **VS Code extension:** Hooks configured in settings.json may not fire in the VS Code extension. Test with the CLI first: `claude` from terminal.\n\n6. **Exit codes matter:**\n - `exit 0` = allow (hook passed)\n - `exit 2` = hard block (command never runs — Claude cannot override this)\n - Any stderr output on exit 2 is shown to Claude as the reason\n\n---\n\n## Related Tools\n\n| Tool | What it does |\n|------|-------------|\n| [cc-health-check](https://github.com/yurukusa/cc-health-check) | Diagnose your setup — find what's missing |\n| [cc-session-stats](https://github.com/yurukusa/cc-session-stats) | How much are you using AI? |\n| [cc-audit-log](https://github.com/yurukusa/cc-audit-log) | What did your AI do? |\n| [cc-roast](https://yurukusa.github.io/cc-roast/) | Your CLAUDE.md, brutally reviewed |\n| **claude-code-hooks** | Fix what's missing — hooks and templates |\n\nRun cc-health-check first to see your score, then use this kit to fix what's missing.\n\n---\n\n## Want it all set up in 15 minutes?\n\n**[Claude Code Ops Kit](https://yurukusa.github.io/cc-ops-kit-landing/?utm_source=github\u0026utm_medium=readme\u0026utm_campaign=ops-kit)** (Pay What You Want) — Everything above, pre-configured and ready to deploy:\n\n- All 16 hooks, pre-configured with `install.sh`\n- **6 templates** (CLAUDE.md baseline + autonomous, DoD checklists, task-queue, mission, LESSONS)\n- **3 exclusive tools** (watchdog, CLAUDE.md generator, risk-score)\n- 3 settings.json presets (minimal / standard / autonomous)\n\n\u003e Free version = parts. Ops Kit = assembled, tested, ready to run.\n\n---\n\n**New to hooks?** See the [Migration Guide](https://github.com/yurukusa/cc-safe-setup/blob/main/MIGRATION.md) — step-by-step from permissions-only to permissions + hooks.\n\n📘 **Want the full story?** [Production guide from 700+ hours of autonomous operation](https://zenn.dev/yurukusa/books/6076c23b1cb18b) — everything that broke, and how we fixed it.\n\n📰 **Popular articles:**\n- [Skills Guide deep-dive (19K+ views)](https://qiita.com/yurukusa/items/f69920b4a02cf7e2988c) — Anthropic's official Skills PDF analyzed\n- [108 hours running unattended](https://qiita.com/yurukusa/items/3b2f9cf4d1eb7f7a54c5) — every incident and the safety hooks that came from them\n\nIf these hooks saved you from a bad day, consider giving this repo a ⭐ — it helps others find it.\n\n## License\n\nMIT License.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyurukusa%2Fclaude-code-hooks","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fyurukusa%2Fclaude-code-hooks","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyurukusa%2Fclaude-code-hooks/lists"}