4afc85ca30
Hook chain repairs (Group A):
- alignment-check.sh: read .prompt (was .user_prompt) — hook was dead
- block-dangerous.sh: jq instead of inline interpreter (RULE 0.2 + fail-open fix)
- destructive-guard.sh: explicit INPUT=cat + jq guard + exit 0 — was silent no-op
- numeric-claims-guard.sh: exit 1 -> exit 2 (Claude Code spec — was non-blocking)
comments updated 0.17 -> 0.18 (env var name kept)
- no-downgrade.sh: removed (?i) PCRE syntax — POSIX ERE matched literal text
- task-timer.sh: jq -nc instead of bare printf — JSON injection on quotes/backslashes
in description was corrupting RULE 0.18 evidence journal
- check-error-patterns.sh: replaced with no-op stub — had hardcoded /Users/denis/...
PATH LEAK in public kit, plus inline interpreter use
- post-commit-audit.sh: added trailing exit 0 — grep return code was hook exit code
- citation-verify.sh: ALLOW_REGEX accepts HOOK-BYPASS marker — bypass was documented
but never matched
- settings-snippet.json: agent-stub-scan moved PreToolUse:Agent -> PostToolUse:Agent
(RULE 0.16 enforcement was firing before transcript existed)
- check-error-patterns hook removed from settings-snippet.json
New defensive hooks (Group H):
- no-github-push.sh: PreToolUse:Bash hard deny on github.com push/create/sync/remote-add
(RULE 0.1 — patent IP protection; was missing from public kit)
- secrets-pre-guard.sh: PreToolUse:Edit|Write — token-pattern scan with allowlist (RULE 0.8)
- chat-numeric-prewarn.sh: UserPromptSubmit reminder when prompt mentions time/cost
(RULE 0.18 chat extension)
- chat-numeric-postflag.sh: Stop event scans last assistant message for naked numerics
without REAL/FROM-JOURNAL/ESTIMATE-HTC markers
Source: full Sonnet test-retest audit 2026-05-02 (3 parallel waves of 6 agents each)
identified hook chain bugs as HIGH severity in all 3 runs independently.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
17 lines
799 B
Bash
Executable file
17 lines
799 B
Bash
Executable file
#!/bin/bash
|
|
# PostToolUse hook: after git commit, remind about double audit
|
|
CMD=$(cat | jq -r '.tool_input.command // empty' 2>/dev/null)
|
|
|
|
if echo "$CMD" | grep -qE 'git\s+commit'; then
|
|
echo ""
|
|
echo "═══════════════════════════════════════════════════"
|
|
echo " DOUBLE AUDIT REQUIRED (rules/double-audit.md)"
|
|
echo " Phase 1: review all changes (git diff)"
|
|
echo " Phase 2: verify Phase 1 findings"
|
|
echo " Phase 3: report to user BEFORE any fixes"
|
|
echo " DO NOT fix anything without user approval"
|
|
echo "═══════════════════════════════════════════════════"
|
|
echo ""
|
|
fi
|
|
|
|
exit 0
|