Patched fork of the official hookify plugin with bug fixes and enhancements.
Bug fixes:
- Claude can now see hook messages via
additionalContext(upstream issue #282) - Disabled rules are checked in rule engine (defense in depth)
Enhancements:
hook: pre/postfield to target only PreToolUse or PostToolUsemessage_userfield for separate user-facing alerts (body goes to Claude)
See commit history for details. These changes may be submitted upstream via issue #282.
/plugin marketplace add villeodell/cc-hookify-patched
/plugin install hookify-patched@cc-hookify-patched
git clone https://github.com/villeodell/cc-hookify-patched.git/plugin marketplace add /path/to/cc-hookify-patched
/plugin install hookify-patched@cc-hookify-patched
claude --plugin-dir /path/to/cc-hookify-patchedNote: --plugin-dir must be specified each time you launch Claude Code.
For the official (unpatched) hookify, use the Claude Code Marketplace.
The hookify plugin makes it simple to create hooks without editing complex hooks.json files. Instead, you create lightweight markdown configuration files that define patterns to watch for and messages to show when those patterns match.
Key features:
- 🎯 Analyze conversations to find unwanted behaviors automatically
- 📝 Simple markdown configuration files with YAML frontmatter
- 🔍 Regex pattern matching for powerful rules
- 🚀 No coding required - just describe the behavior
- 🔄 Easy enable/disable without restarting
/hookify Warn me when I use rm -rf commandsThis analyzes your request and creates .claude/hookify.warn-rm.local.md.
No restart needed! Rules take effect on the very next tool use.
Ask Claude to run a command that should trigger the rule:
Run rm -rf /tmp/test
You should see the warning message immediately!
With arguments:
/hookify Don't use console.log in TypeScript files
Creates a rule from your explicit instructions.
Without arguments:
/hookify
Analyzes recent conversation to find behaviors you've corrected or been frustrated by.
List all rules:
/hookify:list
Configure rules interactively:
/hookify:configure
Enable/disable existing rules through an interactive interface.
Get help:
/hookify:help
.claude/hookify.dangerous-rm.local.md:
---
name: block-dangerous-rm
enabled: true
event: bash
pattern: rm\s+-rf
action: block
---
⚠️ **Dangerous rm command detected!**
This command could delete important files. Please:
- Verify the path is correct
- Consider using a safer approach
- Make sure you have backupsAction field:
warn: Shows warning but allows operation (default)block: Prevents operation from executing (PreToolUse) or stops session (Stop events)
Hook field (optional):
pre: Only trigger on PreToolUse (before execution)post: Only trigger on PostToolUse (after execution)- Omit to trigger on both phases
Message handling:
- The markdown body is sent to Claude as guidance (via
additionalContext) - Add
message_userin frontmatter for a separate user-facing alert (viasystemMessage) - If
message_useris omitted, only Claude sees the message
.claude/hookify.sensitive-files.local.md:
---
name: warn-sensitive-files
enabled: true
event: file
action: warn
conditions:
- field: file_path
operator: regex_match
pattern: \.env$|credentials|secrets
- field: new_text
operator: contains
pattern: KEY
---
🔐 **Sensitive file edit detected!**
Ensure credentials are not hardcoded and file is in .gitignore.All conditions must match for the rule to trigger.
bash: Triggers on Bash tool commandsfile: Triggers on Edit, Write, MultiEdit toolsstop: Triggers when Claude wants to stop (for completion checks)prompt: Triggers on user prompt submissionall: Triggers on all events
Use Python regex syntax:
| Pattern | Matches | Example |
|---|---|---|
rm\s+-rf |
rm -rf | rm -rf /tmp |
console\.log\( |
console.log( | console.log("test") |
(eval|exec)\( |
eval( or exec( | eval("code") |
\.env$ |
files ending in .env | .env, .env.local |
chmod\s+777 |
chmod 777 | chmod 777 file.txt |
Tips:
- Use
\sfor whitespace - Escape special chars:
\.for literal dot - Use
|for OR:(foo|bar) - Use
.*to match anything - Set
action: blockfor dangerous operations - Set
action: warn(or omit) for informational warnings
---
name: block-destructive-ops
enabled: true
event: bash
pattern: rm\s+-rf|dd\s+if=|mkfs|format
action: block
---
🛑 **Destructive operation detected!**
This command can cause data loss. Operation blocked for safety.
Please verify the exact path and use a safer approach.This rule blocks the operation - Claude will not be allowed to execute these commands.
---
name: warn-debug-code
enabled: true
event: file
pattern: console\.log\(|debugger;|print\(
action: warn
---
🐛 **Debug code detected**
Remember to remove debugging statements before committing.This rule warns but allows - Claude sees the message but can still proceed.
---
name: git-commit-guidance
enabled: true
event: bash
hook: pre
pattern: git\s+add
message_user: "Checking commit readiness..."
---
Before staging files, verify:
- Tests pass for changed code
- Documentation is updated if needed
- No debug code or credentials in staged files
If any of these are missing, remind the user before they commit.The user sees a brief alert, while Claude receives detailed guidance on what to check.
---
name: require-tests-run
enabled: false
event: stop
action: block
conditions:
- field: transcript
operator: not_contains
pattern: npm test|pytest|cargo test
---
**Tests not detected in transcript!**
Before stopping, please run tests to verify your changes work correctly.This blocks Claude from stopping if no test commands appear in the session transcript. Enable only when you want strict enforcement.
Check multiple fields simultaneously:
---
name: api-key-in-typescript
enabled: true
event: file
conditions:
- field: file_path
operator: regex_match
pattern: \.tsx?$
- field: new_text
operator: regex_match
pattern: (API_KEY|SECRET|TOKEN)\s*=\s*["']
---
🔐 **Hardcoded credential in TypeScript!**
Use environment variables instead of hardcoded values.regex_match: Pattern must match (most common)contains: String must contain patternequals: Exact string matchnot_contains: String must NOT contain patternstarts_with: String starts with patternends_with: String ends with pattern
For bash events:
command: The bash command string
For file events:
file_path: Path to file being editednew_text: New content being added (Edit, Write)old_text: Old content being replaced (Edit only)content: File content (Write only)
For prompt events:
user_prompt: The user's submitted prompt text
For stop events:
- Use general matching on session state
Temporarily disable:
Edit the .local.md file and set enabled: false
Re-enable:
Set enabled: true
Or use interactive tool:
/hookify:configure
Simply delete the .local.md file:
rm .claude/hookify.my-rule.local.md/hookify:list
- Python 3.7+
- No external dependencies (uses stdlib only)
Rule not triggering:
- Check rule file exists in
.claude/directory (in project root, not plugin directory) - Verify
enabled: truein frontmatter - Test regex pattern separately
- Rules should work immediately - no restart needed
- Try
/hookify:listto see if rule is loaded
Import errors:
- Ensure Python 3 is available:
python3 --version - Check hookify plugin is installed
Pattern not matching:
- Test regex:
python3 -c "import re; print(re.search(r'pattern', 'text'))" - Use unquoted patterns in YAML to avoid escaping issues
- Start simple, then add complexity
Hook seems slow:
- Keep patterns simple (avoid complex regex)
- Use specific event types (bash, file) instead of "all"
- Limit number of active rules
Found a useful rule pattern? Consider sharing example files via PR!
- Severity levels (error/warning/info distinctions)
- Rule templates library
- Interactive pattern builder
- Hook testing utilities
- JSON format support (in addition to markdown)
MIT License