Fix Claude hook installation trust boundary#7
Merged
bob-codedaptive merged 1 commit intoJul 6, 2026
Merged
Conversation
Contributor
|
Thank you for your contribution to MOOTx01. Before it can be merged we need you to sign our Contributor License Agreement. You can read it here: CLA.md. To sign, post a comment on this pull request with exactly the following text: I have read the CLA Document and I hereby sign the CLA You can retrigger this bot by commenting recheck in this Pull Request. Posted by the CLA Assistant Lite bot. |
bob-codedaptive
pushed a commit
that referenced
this pull request
Jul 7, 2026
… monitoring parity #14: release.yml signing steps now require both startsWith(refs/tags/) AND github.event_name == 'push'. workflow_dispatch on a tag ref no longer triggers cert import, signing, or publishing. #13: candidate.yml validates version from Cargo.toml with strict semver regex before any shell interpolation (supply-chain guard). #5: candidate notarization steps guard APPLE_API_KEY_P8 presence before xcrun notarytool — missing secrets skip gracefully. #6: Swift InvertedIndexStore.remove() and deleteAll() now nil cachedPair + RAM mirrors immediately on destructive ops. Rust already nils cached on both paths. #1: Rust vault import response reports COMPLETE with actual stats instead of RUNNING (the Rust import is synchronous). #7: Rust monitoring migration recognizes "unknown" source — no longer re-enables monitoring for Swift-preserved opt-outs. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
settings.jsonwired lifecycle hooks to runpython3 "$CLAUDE_PROJECT_DIR/.claude/hooks/moot_hooks.py", which is safe only when the hook scripts are the trusted files shipped with the adapter and the settings are installed per-project; the README previously recommended copying the adapter into a user-level Claude config, which would allow a malicious project to supply and execute arbitrary hook code.Description
apps/moot-agent-skills/claude/README.mdto require installing hook settings only into a trusted repository root and to explicitly warn against installing.claude/settings.jsonin a user-level Claude configuration.$CLAUDE_PROJECT_DIR/.claude/hooksand that global installs would execute hook scripts supplied by the active project.CLAUDE.md, rules, skills, or commands) and that lifecycle hooks remain disabled until installed per trusted project."hooks"block only after trusting project contents.Testing
python3 -m py_compile apps/moot-agent-skills/claude/.claude/hooks/moot_hooks.py apps/moot-agent-skills/claude/.claude/hooks/moot_update_check.pyand it succeeded.git diff --check(whitespace/format checks) and it reported no problems.Codex Task