feat: add 3 example hooks (destructive, secret, branch guard)#7
feat: add 3 example hooks (destructive, secret, branch guard)#7yurukusa wants to merge 1 commit intoGowayLee:mainfrom
Conversation
- destructive_guard.py — blocks rm -rf, git reset --hard (#36339) - secret_guard.py — blocks git add .env, credential files (#16561) - branch_guard.py — blocks push to main, force-push Each example demonstrates the create_context() + output.block() pattern. All born from real GitHub Issues with links.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: a44a02b06d
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| cmd = ctx.tool_input.get("command", "") | ||
|
|
||
| if re.search(r'\bgit\s+push\b.*\b(main|master)\b', cmd, re.I): | ||
| ctx.output.block(reason="Direct push to main/master branch") |
There was a problem hiding this comment.
output.block calls
PreToolUseOutput has no block() method, so ctx.output.block(...) raises AttributeError whenever a rule matches. That turns an intended deny into a hook crash (exit code 1/non-blocking), so commands like git push origin main are not actually denied. The same pattern appears across the three new examples and should use a supported PreToolUse API such as deny(...) or exit_block(...).
Useful? React with 👍 / 👎.
| Install: Add to PreToolUse hooks matching "Bash" in settings.json. | ||
|
|
||
| Born from: https://github.com/anthropics/claude-code/issues/36339 | ||
| (User lost entire C:\Users directory to rm -rf via NTFS junctions) |
There was a problem hiding this comment.
The docstring includes C:\Users as C:\Users text with a single backslash in source (C:\Users intended), and Python interprets \U as a Unicode escape starter, causing SyntaxError: truncated \UXXXXXXXX escape during parsing. Because this fails at import time, the example script cannot run at all until that path text is escaped (e.g., C:\\Users) or made raw.
Useful? React with 👍 / 👎.
1 participant
Summary
Adds an
examples/directory with 3 practical hooks demonstrating the cchooks SDK:destructive_guard.pysecret_guard.pybranch_guard.pyEach example uses the
create_context()+output.block()pattern from the SDK.Why
The README shows great API design but has no runnable examples users can copy. These fill that gap with real-world safety hooks born from actual GitHub Issues.
Test plan