Production-tested hooks for automated quality enforcement and skill activation.
- Copy hooks to
~/.claude/hooks/:
mkdir -p ~/.claude/hooks
cp *.ts ~/.claude/hooks/- Copy skill rules to project:
mkdir -p .claude/skills
cp ../config/skill-rules.json .claude/skills/-
Merge
settings-example.jsoninto your~/.claude/settings.json -
Install dependencies:
npm install -g tsxPurpose: Blocks dangerous commands before execution
Blocks (Critical):
git push --force origin main- Force push to main branchrm -rf /- Recursive delete of root- Fork bombs, disk formatting
Warns:
git reset --hard- Hard reset (suggests stash first)--no-verify- Skipping git hookscurl | sh- Piping remote content to shellvercel --prod- Production deployments
Detects secrets in commands:
- AWS keys, GitHub tokens, API keys
- Passwords in command arguments
Purpose: Quality checks before git commit
Checks:
- Secret Scanning - Scans staged content for exposed secrets
- TypeScript - Runs
tsc --noEmit(30s timeout) - Conventional Commits - Validates commit message format
Behavior: Warns only, does NOT block commits (flexible mode)
Purpose: TypeScript validation after every file edit
Features:
- Runs after Edit, MultiEdit, Write on
.ts/.tsxfiles - Shows errors in edited file first, then count of others
- Finds project root (tsconfig.json) automatically
- 45s timeout, skips node_modules/test files
Behavior: Warns only, does NOT block edits
Purpose: Suggests Multi-LLM consultation for complex decisions
Detects keywords:
- Architecture: refactor, migrate, scaling, design pattern
- Review: security, vulnerability, audit, best practice
- Debug: error, bug, crash, undefined, not working
Behavior: Shows suggestion box, does NOT block
Purpose: Automatic skill activation based on prompt analysis
Reads: .claude/skills/skill-rules.json (see ../config/)
Output Format:
========================================
[!] SKILL ACTIVATION CHECK
========================================
[!!] CRITICAL SKILLS (REQUIRED):
-> code-quality-gate
[*] RECOMMENDED SKILLS:
-> strict-typescript-mode
[+] SUGGESTED SKILLS:
-> preview-testing
ACTION: Use Skill tool BEFORE responding
========================================
Enforcement Levels:
block(critical priority) → MUST invoke skillwarn(high priority) → Recommended, shows alertsuggest(medium/low) → Gentle hint
Behavior: Analyzes prompt, matches keywords/intent patterns, outputs skill suggestions
User types prompt
↓
UserPromptSubmit → skill-activation-prompt.ts (suggests skills based on keywords)
→ multi-llm-advisor-hook.ts (suggests LLM help)
↓
Claude generates Bash command
↓
PreToolUse → security-scan.ts (blocks dangerous commands)
→ pre-commit-quality.ts (checks before commit)
↓
Command executes
↓
Claude generates Edit/Write
↓
PostToolUse → post-edit-tsc-check.ts (TypeScript validation)
See settings-example.json for the full configuration.
Key settings:
matcher: "Bash"- Only triggers on Bash toolmatcher: "Edit|MultiEdit|Write"- Triggers on file modificationsmatcher: ".*"- Triggers on all prompts
const BLOCKED_PATTERNS = [
// Add your pattern
{
pattern: /your-dangerous-pattern/i,
type: 'CUSTOM_BLOCK',
message: 'Description of the danger'
},
];const SECRET_PATTERNS = [
// Add your pattern
{
name: 'Custom Secret',
pattern: /your-secret-pattern/g
},
];Hook not running:
- Check
~/.claude/settings.jsonsyntax - Ensure
tsxis installed globally - Check file permissions
TypeScript check too slow:
- Increase timeout in hook (default: 30-45s)
- Check if
tsconfig.jsonincludes too many files
False positives in secret scanning:
- Add pattern to
WHITELIST_PATTERNSarray