Install command
Provided
A PostToolUse hook that watches for edits to Docker-related files (Dockerfile, docker-compose, .dockerfile, .dockerignore).
Open the source and read safety notes before installing.
Source-backed facts for citing this resource, derived directly from the registry — also available as plain text for AI assistants.
Decision playbook
Signals are present but mixed. Use the checklist below to confirm the source and operational safety for your environment.
0
78
—
No baseline selected
No major trust-signal divergence detected in the current selection.
Confirm ownership and provenance before trusting install instructions.
Source link availableRequired
Open the canonical repository and verify ownership.
Source provenance statusRequired
Marked as source-backed.
Metadata reviewed
Registry metadata indicates a reviewed listing.
Validate risk disclosures before installation or API wiring.
Safety notes presentRequired
Review the listed safety guidance before running commands.
Privacy notes presentRequired
Review data handling notes before connecting accounts or secrets.
Trust level risk gateRequired
Trust level does not block evaluation.
Check package metadata and artifact integrity signals.
Install payload available
Install or copy payload is available for review.
Package verification flag
No package verification flag provided.
Checksum metadata
No checksum provided for downloaded artifact.
Use compare context to validate trade-offs before adoption.
Compare tray has multiple entries
Add at least one more entry to compare trust differences.
Baseline comparison available
No baseline peer selected yet.
Diverging trust signals identified
No major trust-signal divergence found.
Setup at a glance
Copy-ready — paste the snippet to get started.
Install command
Provided
Config snippet
Provided
Copy snippet
Provided
Prerequisites
None
Platforms
1 listed
Difficulty
0/100
Adoption plan
Current risk score 16/100. Use staged verification before broader rollout.
Validate source and review signals before any execution.
Confirm source provenanceRequired
Source URL/provenance metadata is present.
Confirm metadata review state
Listing has review metadata.
Verify install payload
Install/config payload exists and can be inspected.
Confirm safety, privacy, and package integrity signals.
Review safety notesRequired
Safety notes are present.
Review privacy notesRequired
Privacy notes are present.
Verify package integrity metadata
No package verification/checksum metadata.
Adopt in controlled steps based on the selected plan.
Run in isolated sandbox firstRequired
Use a constrained sandbox and observe behavior across multiple tasks.
Roll out graduallyRequired
Roll out to a small cohort before wider usage.
Set monitoring and fallback
Define rollback path and monitor errors after adoption.
Evidence readiness
Required evidence gates are covered (5/6 signals complete).
Source repository/provenance is listed.
Required in this preset
Review metadata is present.
Required in this preset
Safety notes are present.
Required in this preset
Privacy notes are present.
Optional in this preset
Package integrity metadata is missing.
Optional in this preset
Install payload is available.
Required in this preset
Required evidence gates are covered for this preset.
Decision timeline
5/6 steps complete with no blocking gaps for this preset.
triage
Source/provenance metadata is available.
triage
Review metadata is available.
verify
Safety notes are available.
verify
Privacy notes are available.
verify
Package integrity metadata is missing.
rollout
Install payload is available.
No required blockers for this timeline preset.
Safety & privacy surface
3 safety and 3 privacy notes across 3 risk areas. Review closely: network access.
#!/usr/bin/env bash
# Read the tool input from stdin
INPUT=$(cat)
TOOL_NAME=$(echo "$INPUT" | jq -r '.tool_name')
FILE_PATH=$(echo "$INPUT" | jq -r '.tool_input.file_path // .tool_input.path // ""')
if [ -z "$FILE_PATH" ]; then
exit 0
fi
# Check if it's a Docker-related file
if [[ "$FILE_PATH" == *Dockerfile* ]] || [[ "$FILE_PATH" == *docker-compose* ]] || [[ "$FILE_PATH" == *.dockerfile ]] || [[ "$FILE_PATH" == *dockerignore* ]]; then
echo "🐳 Docker file detected: $FILE_PATH" >&2
# Check if Docker is available
if ! command -v docker &> /dev/null; then
echo "⚠️ Docker not found - install Docker to enable auto-rebuild" >&2
exit 0
fi
# Check if Docker daemon is running
if ! docker info &> /dev/null; then
echo "⚠️ Docker daemon not running - start Docker to enable auto-rebuild" >&2
exit 0
fi
# Handle different Docker file types
if [[ "$FILE_PATH" == *Dockerfile* ]] || [[ "$FILE_PATH" == *.dockerfile ]]; then
echo "🔨 Dockerfile modified - rebuilding Docker image..." >&2
# Determine image name (use directory name by default)
IMAGE_NAME=$(basename "$(pwd)"):latest
# Check if there's a specific Dockerfile path
DOCKERFILE_DIR=$(dirname "$FILE_PATH")
echo "📦 Building image: $IMAGE_NAME" >&2
echo "📁 Build context: $DOCKERFILE_DIR" >&2
# Build the Docker image
if docker build -t "$IMAGE_NAME" "$DOCKERFILE_DIR" 2>&1; then
echo "✅ Docker image '$IMAGE_NAME' rebuilt successfully" >&2
# Show image details
IMAGE_ID=$(docker images -q "$IMAGE_NAME" | head -1)
if [ -n "$IMAGE_ID" ]; then
IMAGE_SIZE=$(docker images "$IMAGE_NAME" --format "table {{.Size}}" | tail -1)
echo "📊 Image ID: $IMAGE_ID, Size: $IMAGE_SIZE" >&2
fi
else
echo "❌ Docker image build failed" >&2
exit 1
fi
elif [[ "$FILE_PATH" == *docker-compose* ]]; then
echo "🔨 Docker Compose file modified - rebuilding services..." >&2
COMPOSE_FILE=$(basename "$FILE_PATH")
COMPOSE_DIR=$(dirname "$FILE_PATH")
echo "📁 Compose file: $COMPOSE_FILE" >&2
echo "📁 Working directory: $COMPOSE_DIR" >&2
# Change to the directory containing the compose file
cd "$COMPOSE_DIR" || exit 1
# Check if docker-compose or docker compose is available
if command -v docker-compose &> /dev/null; then
COMPOSE_CMD="docker-compose"
elif docker compose version &> /dev/null; then
COMPOSE_CMD="docker compose"
else
echo "⚠️ Neither docker-compose nor 'docker compose' found" >&2
exit 0
fi
# Build the services
echo "🔧 Using: $COMPOSE_CMD" >&2
if $COMPOSE_CMD -f "$COMPOSE_FILE" build 2>&1; then
echo "✅ Docker Compose services rebuilt successfully" >&2
# Show service status
echo "📊 Service status:" >&2
$COMPOSE_CMD -f "$COMPOSE_FILE" ps --format "table {{.Service}}\t{{.Status}}" 2>/dev/null || true
else
echo "❌ Docker Compose build failed" >&2
exit 1
fi
elif [[ "$FILE_PATH" == *dockerignore* ]]; then
echo "📝 .dockerignore file modified" >&2
echo "💡 This will affect the next Docker build by excluding specified files" >&2
# Show dockerignore contents for reference
if [ -f "$FILE_PATH" ]; then
echo "📋 Current .dockerignore rules:" >&2
head -10 "$FILE_PATH" >&2
fi
fi
# General Docker tips
echo "" >&2
echo "💡 Docker Development Tips:" >&2
echo " • Use .dockerignore to exclude unnecessary files" >&2
echo " • Consider multi-stage builds for smaller images" >&2
echo " • Use docker system prune to clean up unused resources" >&2
else
echo "File $FILE_PATH is not a Docker-related file, skipping rebuild" >&2
fi
exit 0{
"hooks": {
"postToolUse": {
"script": "./.claude/hooks/docker-container-auto-rebuild.sh",
"matchers": [
"write",
"edit"
]
}
}
}.claude/settings.local.json~/.claude/settings.json.claude/settings.json{
"hooks": {
"postToolUse": {
"script": "./.claude/hooks/docker-container-auto-rebuild.sh",
"matchers": ["write", "edit"]
}
}
}
#!/usr/bin/env bash
# Read the tool input from stdin
INPUT=$(cat)
TOOL_NAME=$(echo "$INPUT" | jq -r '.tool_name')
FILE_PATH=$(echo "$INPUT" | jq -r '.tool_input.file_path // .tool_input.path // ""')
if [ -z "$FILE_PATH" ]; then
exit 0
fi
# Check if it's a Docker-related file
if [[ "$FILE_PATH" == *Dockerfile* ]] || [[ "$FILE_PATH" == *docker-compose* ]] || [[ "$FILE_PATH" == *.dockerfile ]] || [[ "$FILE_PATH" == *dockerignore* ]]; then
echo "🐳 Docker file detected: $FILE_PATH" >&2
# Check if Docker is available
if ! command -v docker &> /dev/null; then
echo "⚠️ Docker not found - install Docker to enable auto-rebuild" >&2
exit 0
fi
# Check if Docker daemon is running
if ! docker info &> /dev/null; then
echo "⚠️ Docker daemon not running - start Docker to enable auto-rebuild" >&2
exit 0
fi
# Handle different Docker file types
if [[ "$FILE_PATH" == *Dockerfile* ]] || [[ "$FILE_PATH" == *.dockerfile ]]; then
echo "🔨 Dockerfile modified - rebuilding Docker image..." >&2
# Determine image name (use directory name by default)
IMAGE_NAME=$(basename "$(pwd)"):latest
# Check if there's a specific Dockerfile path
DOCKERFILE_DIR=$(dirname "$FILE_PATH")
echo "📦 Building image: $IMAGE_NAME" >&2
echo "📁 Build context: $DOCKERFILE_DIR" >&2
# Build the Docker image
if docker build -t "$IMAGE_NAME" "$DOCKERFILE_DIR" 2>&1; then
echo "✅ Docker image '$IMAGE_NAME' rebuilt successfully" >&2
# Show image details
IMAGE_ID=$(docker images -q "$IMAGE_NAME" | head -1)
if [ -n "$IMAGE_ID" ]; then
IMAGE_SIZE=$(docker images "$IMAGE_NAME" --format "table {{.Size}}" | tail -1)
echo "📊 Image ID: $IMAGE_ID, Size: $IMAGE_SIZE" >&2
fi
else
echo "❌ Docker image build failed" >&2
exit 1
fi
elif [[ "$FILE_PATH" == *docker-compose* ]]; then
echo "🔨 Docker Compose file modified - rebuilding services..." >&2
COMPOSE_FILE=$(basename "$FILE_PATH")
COMPOSE_DIR=$(dirname "$FILE_PATH")
echo "📁 Compose file: $COMPOSE_FILE" >&2
echo "📁 Working directory: $COMPOSE_DIR" >&2
# Change to the directory containing the compose file
cd "$COMPOSE_DIR" || exit 1
# Check if docker-compose or docker compose is available
if command -v docker-compose &> /dev/null; then
COMPOSE_CMD="docker-compose"
elif docker compose version &> /dev/null; then
COMPOSE_CMD="docker compose"
else
echo "⚠️ Neither docker-compose nor 'docker compose' found" >&2
exit 0
fi
# Build the services
echo "🔧 Using: $COMPOSE_CMD" >&2
if $COMPOSE_CMD -f "$COMPOSE_FILE" build 2>&1; then
echo "✅ Docker Compose services rebuilt successfully" >&2
# Show service status
echo "📊 Service status:" >&2
$COMPOSE_CMD -f "$COMPOSE_FILE" ps --format "table {{.Service}}\t{{.Status}}" 2>/dev/null || true
else
echo "❌ Docker Compose build failed" >&2
exit 1
fi
elif [[ "$FILE_PATH" == *dockerignore* ]]; then
echo "📝 .dockerignore file modified" >&2
echo "💡 This will affect the next Docker build by excluding specified files" >&2
# Show dockerignore contents for reference
if [ -f "$FILE_PATH" ]; then
echo "📋 Current .dockerignore rules:" >&2
head -10 "$FILE_PATH" >&2
fi
fi
# General Docker tips
echo "" >&2
echo "💡 Docker Development Tips:" >&2
echo " • Use .dockerignore to exclude unnecessary files" >&2
echo " • Consider multi-stage builds for smaller images" >&2
echo " • Use docker system prune to clean up unused resources" >&2
else
echo "File $FILE_PATH is not a Docker-related file, skipping rebuild" >&2
fi
exit 0
Complete hook script that automatically rebuilds Docker containers when Dockerfiles are modified
#!/usr/bin/env bash
INPUT=$(cat)
FILE_PATH=$(echo "$INPUT" | jq -r '.tool_input.file_path // .tool_input.path // ""')
if [ -z "$FILE_PATH" ]; then
exit 0
fi
if [[ "$FILE_PATH" == *Dockerfile* ]] || [[ "$FILE_PATH" == *docker-compose* ]]; then
echo "Docker file detected: $FILE_PATH" >&2
if ! command -v docker &> /dev/null; then
echo "Docker not found - install Docker to enable auto-rebuild" >&2
exit 0
fi
if ! docker info &> /dev/null; then
echo "Docker daemon not running - start Docker to enable auto-rebuild" >&2
exit 0
fi
if [[ "$FILE_PATH" == *Dockerfile* ]]; then
echo "Dockerfile modified - rebuilding Docker image..." >&2
IMAGE_NAME=$(basename "$(pwd)"):latest
DOCKERFILE_DIR=$(dirname "$FILE_PATH")
export DOCKER_BUILDKIT=1
if docker build -t "$IMAGE_NAME" -f "$FILE_PATH" "$DOCKERFILE_DIR" 2>&1; then
echo "Docker image '$IMAGE_NAME' rebuilt successfully" >&2
else
echo "Docker image build failed" >&2
exit 1
fi
fi
fi
exit 0
Complete hook configuration for .claude/settings.json to enable automatic Docker container rebuilding
{
"hooks": {
"postToolUse": {
"script": "./.claude/hooks/docker-container-auto-rebuild.sh",
"matchers": ["write", "edit"]
}
}
}
Enhanced hook script for Docker Compose v2 with BuildKit support and --no-cache flag
#!/usr/bin/env bash
INPUT=$(cat)
FILE_PATH=$(echo "$INPUT" | jq -r '.tool_input.file_path // .tool_input.path // ""')
if [[ "$FILE_PATH" == *docker-compose* ]]; then
if command -v docker &> /dev/null && docker info &> /dev/null; then
if docker compose version &> /dev/null; then
COMPOSE_CMD="docker compose"
elif command -v docker-compose &> /dev/null; then
COMPOSE_CMD="docker-compose"
else
echo "Neither docker-compose nor docker compose found" >&2
exit 0
fi
COMPOSE_FILE=$(basename "$FILE_PATH")
COMPOSE_DIR=$(dirname "$FILE_PATH")
cd "$COMPOSE_DIR" || exit 1
echo "Rebuilding Docker Compose services..." >&2
if $COMPOSE_CMD -f "$COMPOSE_FILE" build --no-cache 2>&1; then
echo "Docker Compose services rebuilt successfully" >&2
else
echo "Docker Compose build failed" >&2
exit 1
fi
fi
fi
exit 0
Enhanced hook script with BuildKit support and detailed build progress reporting
#!/usr/bin/env bash
INPUT=$(cat)
FILE_PATH=$(echo "$INPUT" | jq -r '.tool_input.file_path // .tool_input.path // ""')
if [[ "$FILE_PATH" == *Dockerfile* ]]; then
if command -v docker &> /dev/null && docker info &> /dev/null; then
export DOCKER_BUILDKIT=1
IMAGE_NAME=$(basename "$(pwd)"):latest
DOCKERFILE_DIR=$(dirname "$FILE_PATH")
DOCKERFILE_NAME=$(basename "$FILE_PATH")
echo "Building with BuildKit: $IMAGE_NAME" >&2
if docker build -t "$IMAGE_NAME" -f "$FILE_PATH" "$DOCKERFILE_DIR" --progress=plain 2>&1; then
IMAGE_ID=$(docker images -q "$IMAGE_NAME" | head -1)
IMAGE_SIZE=$(docker images "$IMAGE_NAME" --format "{{.Size}}" | head -1)
echo "Image rebuilt: $IMAGE_ID, Size: $IMAGE_SIZE" >&2
else
echo "Docker build failed" >&2
exit 1
fi
fi
fi
exit 0
Enhanced hook script that triggers rebuild when .dockerignore is modified
#!/usr/bin/env bash
INPUT=$(cat)
FILE_PATH=$(echo "$INPUT" | jq -r '.tool_input.file_path // .tool_input.path // ""')
if [[ "$FILE_PATH" == *.dockerignore* ]]; then
if command -v docker &> /dev/null && docker info &> /dev/null; then
echo ".dockerignore file modified" >&2
echo "This will affect the next Docker build by excluding specified files" >&2
if [ -f "$FILE_PATH" ]; then
echo "Current .dockerignore rules:" >&2
head -10 "$FILE_PATH" >&2
fi
DOCKERFILE_DIR=$(dirname "$FILE_PATH")
DOCKERFILE="$DOCKERFILE_DIR/Dockerfile"
if [ -f "$DOCKERFILE" ]; then
echo "Triggering rebuild for associated Dockerfile..." >&2
export DOCKER_BUILDKIT=1
IMAGE_NAME=$(basename "$(pwd)"):latest
docker build -t "$IMAGE_NAME" -f "$DOCKERFILE" "$DOCKERFILE_DIR" 2>&1 || echo "Build failed or skipped" >&2
fi
fi
fi
exit 0
Verify Docker socket accessibility with docker info command. Restart Docker daemon or add user to docker group on Linux: sudo usermod -aG docker $USER then log out and back in. Check Docker Desktop is running and Docker socket is accessible: docker ps.
Specify Dockerfile path explicitly using docker build -f $FILE_PATH instead of relying on directory context. Detect Dockerfile name pattern and use as -f argument for targeted builds. Use absolute paths for Dockerfile specification to avoid ambiguity.
Add --no-cache flag to force clean rebuild: docker compose build --no-cache. Stop running containers first with docker compose down before rebuild to prevent port and resource conflicts. Check service dependencies in docker-compose.yml for circular dependencies.
Ensure .dockerignore is in same directory as Dockerfile being built. Docker reads .dockerignore from build context root, not from Dockerfile directory if using -f flag with different path. Verify .dockerignore location matches build context root directory.
Verify Docker build cache invalidation by checking layer hashes in build output. Add COPY instruction for modified files or use docker build --pull --no-cache to force complete rebuild without cache. Check if BuildKit cache is interfering: DOCKER_BUILDKIT=0 docker build.
Verify Docker Compose v2 installation: docker compose version. Check Docker Engine version is 20.10.13+ for native compose support. Use docker compose instead of docker-compose for v2. Verify PATH includes Docker binary location.
Ensure BuildKit is enabled: export DOCKER_BUILDKIT=1. Check Docker Engine version supports BuildKit (20.10+). Verify cache mount syntax in Dockerfile is correct. Use --progress=plain for detailed BuildKit error messages.
Detect all compose files in project: find . -name docker-compose*.yml. Use -f flag to specify compose file explicitly: docker compose -f docker-compose.dev.yml build. Support multiple compose files: docker compose -f docker-compose.yml -f docker-compose.override.yml build.
Show that Docker Container Auto Rebuild - Hooks is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.
[](https://heyclau.de/entry/hooks/docker-container-auto-rebuild)Docker Container Auto Rebuild - Hooks side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.
| Field | A PostToolUse hook that watches for edits to Docker-related files (Dockerfile, docker-compose, .dockerfile, .dockerignore). Open dossier | Comprehensive Docker image vulnerability scanning with layer analysis, base image recommendations, and security best practices enforcement. This PostToolUse hook automatically scans Docker images for vulnerabilities when Dockerfiles are modified, providing real-time security validation during development. Open dossier | Automatically creates timestamped backups of files before modification to prevent data loss. This hook runs before file editing operations (Edit, Write, Multiedit) and creates versioned backups in a centralized .backups directory with ISO 8601-compliant timestamps including nanoseconds for collision prevention. Open dossier | Validates Kubernetes YAML manifests for syntax and best practices when modified. Open dossier |
|---|---|---|---|---|
| Next steps | ||||
| Trust | ||||
| Review status | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed |
| Package trust | Package not verified | Package not verified | Package not verified | Package not verified |
| Source provenance | Source-backed | Source-backed | Source-backed | Source-backed |
| Submitter | — | — | — | — |
| Install risk | Review first | Review first | Review first | Review first |
| Notes | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ |
| Brand | — | |||
| Category | hooks | hooks | hooks | hooks |
| Source | source-backed | source-backed | source-backed | source-backed |
| Author | JSONbored | JSONbored | JSONbored | JSONbored |
| Added | 2025-09-19 | 2025-10-19 | 2025-09-19 | 2025-09-19 |
| Platforms | Claude Code | Claude Code | Claude Code | Claude Code |
| Source repo | — | — | — | — |
| Safety notes | ✓Runs automatically after write or edit activity on Dockerfile, docker-compose, dockerfile, and dockerignore paths. Invokes docker build or docker compose build and can consume CPU, disk, network, and local Docker daemon resources. Uses the Dockerfile directory or compose-file directory as the build context, so incorrect paths can include more files than expected. | ✓Runs automatically on its configured Claude Code hook event and executes shell logic that can read, modify, or delete files in your project (and may run builds, installs, or network calls); review the script and scope it to expected paths before enabling. | ✓Runs automatically on its configured Claude Code hook event and executes shell logic that can read, modify, or delete files in your project (and may run builds, installs, or network calls); review the script and scope it to expected paths before enabling. | ✓Runs automatically on its configured Claude Code hook event and executes shell logic that can read, modify, or delete files in your project (and may run builds, installs, or network calls); review the script and scope it to expected paths before enabling. |
| Privacy notes | ✓Reads Docker-related files and may send build context files to the local Docker daemon during image builds. Build logs may reveal image names, service names, dependency URLs, and package-install output. Prints the first lines of .dockerignore files to local hook output when those files are edited. | ✓Receives Claude Code hook input (session metadata, file paths, and tool output) and reads local project files; review what the script logs or forwards to external services and keep credentials out of its output. | ✓Receives Claude Code hook input (session metadata, file paths, and tool output) and reads local project files; review what the script logs or forwards to external services and keep credentials out of its output. | ✓Receives Claude Code hook input (session metadata, file paths, and tool output) and reads local project files; review what the script logs or forwards to external services and keep credentials out of its output. |
| Prerequisites | — none listed | — none listed | — none listed | — none listed |
| Install | | | | |
| Config | | | | |
| Citations | ||||
| Claim | Unclaimed | Unclaimed | Unclaimed | Unclaimed |
Source-backed guides for putting this to work.
Set autoMode.hard_deny rules to block risky actions in auto mode.
Loading live community signals…
A short, calm digest of reviewed Claude resources. Unsubscribe any time.