mirror of
https://github.com/affaan-m/everything-claude-code.git
synced 2026-03-30 13:43:26 +08:00
c8f631b046
Adds npx block-no-verify@1.1.2 as a PreToolUse Bash hook in hooks/hooks.json and a beforeShellExecution hook in .cursor/hooks.json to prevent AI agents from bypassing git hooks via the hook-bypass flag. This closes the last enforcement gap in the ECC security stack — the bypass flag silently skips pre-commit, commit-msg, and pre-push hooks. Closes #648 Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
115 lines
3.3 KiB
JSON
115 lines
3.3 KiB
JSON
{
|
|
"hooks": {
|
|
"sessionStart": [
|
|
{
|
|
"command": "node .cursor/hooks/session-start.js",
|
|
"event": "sessionStart",
|
|
"description": "Load previous context and detect environment"
|
|
}
|
|
],
|
|
"sessionEnd": [
|
|
{
|
|
"command": "node .cursor/hooks/session-end.js",
|
|
"event": "sessionEnd",
|
|
"description": "Persist session state and evaluate patterns"
|
|
}
|
|
],
|
|
"beforeShellExecution": [
|
|
{
|
|
"command": "npx block-no-verify@1.1.2",
|
|
"event": "beforeShellExecution",
|
|
"description": "Block git hook-bypass flag to protect pre-commit, commit-msg, and pre-push hooks from being skipped"
|
|
},
|
|
{
|
|
"command": "node .cursor/hooks/before-shell-execution.js",
|
|
"event": "beforeShellExecution",
|
|
"description": "Tmux dev server blocker, tmux reminder, git push review"
|
|
}
|
|
],
|
|
"afterShellExecution": [
|
|
{
|
|
"command": "node .cursor/hooks/after-shell-execution.js",
|
|
"event": "afterShellExecution",
|
|
"description": "PR URL logging, build analysis"
|
|
}
|
|
],
|
|
"afterFileEdit": [
|
|
{
|
|
"command": "node .cursor/hooks/after-file-edit.js",
|
|
"event": "afterFileEdit",
|
|
"description": "Auto-format, TypeScript check, console.log warning"
|
|
}
|
|
],
|
|
"beforeMCPExecution": [
|
|
{
|
|
"command": "node .cursor/hooks/before-mcp-execution.js",
|
|
"event": "beforeMCPExecution",
|
|
"description": "MCP audit logging and untrusted server warning"
|
|
}
|
|
],
|
|
"afterMCPExecution": [
|
|
{
|
|
"command": "node .cursor/hooks/after-mcp-execution.js",
|
|
"event": "afterMCPExecution",
|
|
"description": "MCP result logging"
|
|
}
|
|
],
|
|
"beforeReadFile": [
|
|
{
|
|
"command": "node .cursor/hooks/before-read-file.js",
|
|
"event": "beforeReadFile",
|
|
"description": "Warn when reading sensitive files (.env, .key, .pem)"
|
|
}
|
|
],
|
|
"beforeSubmitPrompt": [
|
|
{
|
|
"command": "node .cursor/hooks/before-submit-prompt.js",
|
|
"event": "beforeSubmitPrompt",
|
|
"description": "Detect secrets in prompts (sk-, ghp_, AKIA patterns)"
|
|
}
|
|
],
|
|
"subagentStart": [
|
|
{
|
|
"command": "node .cursor/hooks/subagent-start.js",
|
|
"event": "subagentStart",
|
|
"description": "Log agent spawning for observability"
|
|
}
|
|
],
|
|
"subagentStop": [
|
|
{
|
|
"command": "node .cursor/hooks/subagent-stop.js",
|
|
"event": "subagentStop",
|
|
"description": "Log agent completion"
|
|
}
|
|
],
|
|
"beforeTabFileRead": [
|
|
{
|
|
"command": "node .cursor/hooks/before-tab-file-read.js",
|
|
"event": "beforeTabFileRead",
|
|
"description": "Block Tab from reading secrets (.env, .key, .pem, credentials)"
|
|
}
|
|
],
|
|
"afterTabFileEdit": [
|
|
{
|
|
"command": "node .cursor/hooks/after-tab-file-edit.js",
|
|
"event": "afterTabFileEdit",
|
|
"description": "Auto-format Tab edits"
|
|
}
|
|
],
|
|
"preCompact": [
|
|
{
|
|
"command": "node .cursor/hooks/pre-compact.js",
|
|
"event": "preCompact",
|
|
"description": "Save state before context compaction"
|
|
}
|
|
],
|
|
"stop": [
|
|
{
|
|
"command": "node .cursor/hooks/stop.js",
|
|
"event": "stop",
|
|
"description": "Console.log audit on all modified files"
|
|
}
|
|
]
|
|
}
|
|
}
|