PreToolUse hook that reviews proposed writes to MCP configuration files and blocks inline credential values, credential-bearing URLs, and broad filesystem roots before they are saved.

PreToolUse hook that blocks edits adding remote MCP server URLs unless their host appears in an explicit allowlist, reducing accidental connection to unreviewed OAuth, SSE, or Streamable HTTP MCP endpoints.

PreToolUse hook that reviews proposed Bash commands for package, installer, and archive downloads, then blocks curl or wget download commands that do not include an adjacent checksum or signature verification step.

Read-only Claude Code Stop hook that checks the current GitHub pull request title against a Conventional Commits style pattern before the session ends, then falls back to the latest commit subject when no PR title is available.

PreToolUse hook that scans proposed writes to prompt, agent, rule, markdown, and context files for common prompt-injection phrases before the content is saved into an AI-readable surface.

PostToolUse hook that compares a just-edited OpenAPI or JSON Schema document against the version committed in git and warns about backward-incompatible drift — removed OpenAPI paths and removed required properties — so breaking API changes are surfaced before they ship. Advisory only; it never blocks the edit.

Read-only Claude Code PostToolUse hook that runs Biome's formatter, linter, and import-sorting checks on edited JavaScript, TypeScript, JSON, CSS, and GraphQL files without auto-writing changes.

Read-only Claude Code PostToolUse hook that checks edited Cloudflare Wrangler config files for required Worker fields, environment inheritance traps, secret-like vars, deprecated Workers Sites usage, and source-of-truth drift before Claude continues.

PreToolUse hook that inspects a database migration before it is written and blocks irreversible or lock-heavy operations — DROP TABLE/COLUMN, TRUNCATE, table/column RENAME, and CREATE INDEX without CONCURRENTLY — following the strong_migrations safe-migration checks. An explicit acknowledgement comment lets an intentional change through, so risky schema edits are a deliberate choice rather than an accident.

Read-only Claude Code PostToolUse hook that runs Hadolint diagnostics after Claude writes or edits Dockerfile-like files, surfacing Dockerfile best practice, inline shell, trusted registry, label, and configuration findings without rewriting files.

PostToolUse hook that flags two review hazards as Claude writes files: edits to generated or vendored artifacts (lockfiles, minified bundles, source maps, dist/build output, snapshots, protobuf output) and oversized diffs that change more lines than a configurable threshold versus the committed version. It keeps machine-generated churn and unreviewably large changes out of commits.

PostToolUse hook that inspects an edited npm package-lock.json for supply-chain provenance risk rather than known CVEs — dependencies resolved from outside the public npm registry (git, alternate-registry, or insecure transports) and registry tarballs missing an integrity hash. It mirrors the lockfile-lint provenance checks so a tampered or unexpected dependency source is caught at edit time. Advisory only; it never installs or runs anything.

PostToolUse hook that watches dependency manifest and lockfile edits, then prompts or runs an OSS Review Toolkit dependency license analysis.

PreToolUse hook that scans the exact text Claude Code is about to write or edit for high-confidence secret formats (AWS access keys, GitHub tokens, OpenAI keys, Slack tokens, Google API keys, Stripe keys, and private key blocks) and blocks the write with a non-zero exit before the secret ever reaches disk. Pattern set mirrors the canonical gitleaks rules.

PostToolUse hook that keeps a project's README in sync with the code. When the README or package.json is edited it checks for the standard-readme core sections (Install and Usage) and verifies that every CLI command the package exposes through its package.json bin field is actually documented, so the README does not drift out of date as the project changes. Advisory only; it never edits files.

PostToolUse hook that catches unintended UI changes by pixel-diffing a just-saved screenshot against its baseline with odiff. When a PNG lands in a screenshots or snapshots directory, the hook finds the matching baseline, compares the two images, writes a diff image when they differ, and reports the pixel-difference summary so a visual regression is surfaced the moment the screenshot is updated. Advisory only; it never overwrites the screenshot or the baseline.

Read-only Claude Code PostToolUse hook that runs ShellCheck diagnostics after Claude writes or edits shell scripts, reporting shell portability, quoting, expansion, error-handling, and command-safety issues without modifying files.

Read-only Claude Code PostToolUse hook that runs shfmt diff checks after Claude writes or edits shell scripts, surfacing POSIX shell, Bash, Zsh, and mksh formatting drift without rewriting files or executing scripts.

SessionStart hook that prints a daily Claude Code retro at the top of every session — competency grade (0–100, A–F), 14-day efficiency sparklines, and a year-long contributions heatmap.

Monitors and logs database query performance metrics with slow query detection, N+1 analysis, and optimization suggestions using PostgreSQL pg_stat_statements, Prisma query logging, Sequelize query logging, TypeORM query logging, and Bullet N+1 detection patterns.

Automatically backs up changed files to cloud storage when Claude Code session ends using AWS S3, Google Cloud Storage, or rclone for universal cloud provider support.

Performs a comprehensive security audit of all dependencies when Claude Code session ends using npm audit (npm 10.x+), yarn audit (Yarn 4.x+), pip-audit 2.7.x+, safety, bundler-audit, and OWASP dep-scan.

Automatically rebuilds Docker containers when Dockerfile or docker-compose.yml files are modified. This PostToolUse hook triggers automatic Docker image rebuilding when Docker-related files (Dockerfile, docker-compose.yml, .dockerignore) are modified, providing real-time container synchronization during development.

Automatically commits all changes with a summary when Claude Code session ends.

Tracks all Claude Code activities in real-time and logs them for monitoring and debugging.

Scans for potential sensitive data exposure and alerts immediately.

Sends progress updates to Slack channel for team visibility on Claude activities.

Automatically compiles and validates Svelte components when they are modified.

Generates and sends a comprehensive summary email to the team when session ends.

Automatically runs terraform plan when .tf files are modified to preview infrastructure changes.