[BUG] generating `_apm_source` into `.claude/settings.json` invalidates against schema

[petemounce]

Describe the bug
Installing a plugin that comes with a claude hook causes the .claude/settings.json file to become invalid if its schema is subject to pre-commit validation.

To Reproduce

1. Add to .pre-commit-config.yaml:

   repos:
     - repo: 'https://github.com/python-jsonschema/check-jsonschema'
       rev: 0.37.2
       hooks:       
         - id: check-jsonschema
           name: Validate Claude Code settings
           files: '\.claude/settings\.json$'
           args:
             - "--schemafile=https://json.schemastore.org/claude-code-settings.json"

2. Add trailofbits/skills/plugins/modern-python#e8cc5baf9329ccb491bfa200e82eacbac83b1ead into apm.yml's .dependencies.apm (it happens to install a claude hook)

3. Run apm install

4. Run git add .claude/settings.json

5. Run pre-commit run

6. Observe validation error

Expected behavior
Ideally, the settings.json remains valid to the schema.

(Perhaps this might be done with an extension to the lock file for apm-installed hooks, or perhaps modifying the payload to identify them via naming convention...?)

Environment (please complete the following information):

• OS: macos m3
• Python Version: 3.14.3
• APM Version: 0.12.2
• VSCode Version (if relevant): n/a

Logs

  Schema validation errors were encountered.
    .claude/settings.json::$.hooks.SessionStart[0]: Additional properties are not allowed ('_apm_source' was unexpected)

Additional context
I didn't find a way to supply flags to check-jsonschema to suppress that particular error, or mitm the downloaded schema through jq to monkey-patch it (though that did feel like perhaps maybe I was reaching).