keisei/KeiSeiKit-1.0
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
KeiSeiKit-1.0/skills/hooks-control/SKILL.md
Parfii-bot f77c1b7fdc fix(v0.15.1): RED-1 CVE + typed-handoff + schema minItems 
Security hotfix — v0.15.1 Wave 1 fixes from 4-parallel audit.

RED-1 (CVE): KEI_DISABLED_HOOKS tokenized match — was `*all*`
substring-glob (trivially bypassable via "install", "wall-clock", etc.),
now exact-token split on comma/space. Patched in all 9 hooks:
no-hand-edit-agents, assemble-agents, assemble-validate, tomd-preread,
agent-fork-logger, site-wysiwyd-check, error-spike-detector,
milestone-commit-hook, session-end-dump.

RED-2 (observability): minimal profile whitelist now includes
agent-fork-logger and session-end-dump (ledger + trace paths) so
observability is not silently lost on minimal installs.

HIGH: review.json schema minItems:1 on findings — rejects empty
reviews; new Rust test review_schema_rejects_empty_findings.

HIGH: typed-handoff wire-up — produces_artifact declared at top
level on 5 manifests (kei-security-auditor, kei-validator,
kei-architect, kei-code-implementer, kei-critic); duplicate
per-handoff declarations removed.

MED: kei-artifact validate.rs gains warn_unsupported_keywords —
non-fatal stderr warning when schema uses keywords outside the
hand-rolled 2020-12 subset.

LOW: CI Node matrix dropped 18, now ['20','22'].

Doc drift: skills/hooks-control/SKILL.md reflects tokenized-match
semantics and updated minimal-profile hook list.

Tests: 191 Rust workspace + 30 assembler (both pass). RED-1
reproducer 10/10 (4 former-CVE vectors blocked, 5 legit vectors
accepted, empty passes).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-22 15:08:51 +08:00

4.5 KiB
Raw Blame History

name description argument-hint
hooks-control Runtime enable/disable of KeiSeiKit hooks via env vars (v0.15.1). Click-only wizard that emits shell `export` / `unset` commands for the user to paste. Supports per-hook disable, profile switch (full / advisory-off / minimal / off), or full re-enable. Does NOT execute anything — user controls their shell. (none — fully click-driven)

Hooks Control — Runtime Hook Enable/Disable

Click-only wizard. Helps you toggle KeiSeiKit hooks for the current shell session via env vars, without editing ~/.claude/settings.json. The skill emits shell commands; it NEVER runs them.

Two env vars are honoured by every kit-shipped hook (v0.15.1+):

Var Meaning
KEI_DISABLED_HOOKS Comma- or space-list of hook base names (no .sh). Matching is tokenized exact-match (v0.15.1 fix — earlier versions used substring-glob, which let foo-all-bar disable every hook). The literal all token still disables every hook.
KEI_HOOK_PROFILE One of full (default), advisory-off, minimal, off.
Profile What stays on
full (default) Every hook
advisory-off Disables pure-stderr advisories: recurrence-suggest, citation-verify, error-spike-detector, milestone-commit-hook.
minimal Only the four kit-shipped hooks needed for structural integrity or observability: no-hand-edit-agents, assemble-validate, agent-fork-logger, session-end-dump. User-global safety hooks (no-github-push, secrets-guard, genesis-leak-guard, git-pre-commit-genesis) are not shipped by the kit but are respected when present in ~/.claude/hooks/.
off Every hook off (escape hatch — use when debugging hook interactions).

Pipeline (one phase, up to 2 AskUserQuestion batches)

Phase 1 — Show state + pick action

Print current state:

Current KEI_DISABLED_HOOKS: <value or "(unset)">
Current KEI_HOOK_PROFILE:   <value or "full (default)">
Active kit-shipped hooks:   <list of 9 minus disabled set>

AskUserQuestionWhat do you want to do?

  1. Disable specific hook(s) — this shell session only
  2. Switch profile — full / advisory-off / minimal / off
  3. Re-enable everything — clear both env vars
  4. Show state only — emit no commands

Phase 2a — Hook multi-select (if picked 1)

AskUserQuestion multi-select over the 9 kit-shipped hook names: assemble-agents, assemble-validate, no-hand-edit-agents, tomd-preread, agent-fork-logger, site-wysiwyd-check, error-spike-detector, milestone-commit-hook, session-end-dump.

Emit:

# Disable selected hooks for this shell session:
export KEI_DISABLED_HOOKS=<comma-joined-names>

For persistence, tell the user to paste into ~/.zshrc / ~/.bashrc by hand. Do NOT edit rc files.

Phase 2b — Profile picker (if picked 2)

AskUserQuestion over full / advisory-off / minimal / off. Emit:

# Switch profile for this shell session:
export KEI_HOOK_PROFILE=<choice>

Phase 2c — Re-enable everything (if picked 3)

Emit directly (no further question):

# Clear all runtime hook overrides (back to full / everything on):
unset KEI_DISABLED_HOOKS KEI_HOOK_PROFILE

Phase 2d — State only (if picked 4)

Stop after the state block.

Rules

  • Click-only. Every decision is AskUserQuestion. No free-text.
  • Never execute. The skill prints shell commands as code blocks; the user runs them. Any export from a tool call would evaporate at skill exit — the shell running hooks is a subshell.
  • No rc edits. If the user wants persistence, we say "paste into your shell rc". The skill MUST NOT modify ~/.zshrc / ~/.bashrc.
  • RULE 0.4 — no invented hook names. Only the 9 names in Phase 2a are valid choices. Never suggest a name not in the kit.
  • RULE -1 — NO DOWNGRADE. If the user asks "can I silence all safety hooks?", present tradeoffs; point at KEI_HOOK_PROFILE=off with a warning that patent-IP and generated-file protections also go down.

Final report

=== HOOKS-CONTROL REPORT ===
Action:     <picked option>
Commands:   <N lines emitted>
Scope:      current shell session (unless pasted into rc)
Verify:     `env | grep KEI_` after pasting
Undo:       unset KEI_DISABLED_HOOKS KEI_HOOK_PROFILE

References

  • hooks/*.sh — each kit hook sources the v0.15.1 runtime-controls block
  • README.md → "Runtime hook controls" section
  • ~/.claude/rules/recurrence-escalate.md — severity ladder notes that hooks can be silenced at runtime, no rule deletion required