Skip to main content

hookify-rules

A Claude Code skill from Affaan M's everything-claude-code repo that writes Hookify rule files — markdown-with-frontmatter regex patterns stored at .claude/hookify.<name>.local.md — to warn or block on bash commands, file edits, prompts, or stop events. Different system from Claude Code's native PreToolUse / PostToolUse hooks; Hookify is a pattern-to-message rule layer.

Author Hookify regex rules for dangerous bash patterns, sensitive file edits, or workflow enforcement

Source Affaan M
License MIT
First documented
Receipts TODO
Hooks

Trigger phrases

Phrases that activate this skill when typed to Claude Code:

  • write a Hookify rule for rm -rf
  • block edits to .env files with Hookify
  • configure hookify for sudo commands

What it does

hookify-rules is the rule-authoring skill in Affaan M’s everything-claude-code — see skills/hookify-rules. It covers Hookify rule files: markdown files with YAML frontmatter that define a pattern to watch for and a message to surface when the pattern matches. Rules live at .claude/hookify.<rule-name>.local.md in the project root and are gitignored by convention (.claude/*.local.md added to .gitignore).

Hookify is a different system from Claude Code’s native PreToolUse / PostToolUse hooks — important to keep distinct. Native hooks are tool-event hooks (run a command before / after a tool call). Hookify is a regex-pattern-to-message rule system: every rule watches one event type (bash / file / stop / prompt / all), matches against an event field (command, file_path, new_text, user_prompt, etc.), and either warns (action: warn, default) or blocks (action: block) when the pattern hits.

The frontmatter contract is six fields: name (kebab-case, verb-first — warn-* / block-* / require-*), enabled (toggle without deleting), event, action, pattern (regex) or conditions (multi-field). For multi-condition rules, every condition must match — operators include regex_match, contains, equals, not_contains, starts_with, ends_with. The body of the markdown file is the message Claude sees when the rule fires; it can include warnings, suggestions, or safer alternatives.

When to use it

  • Authoring a Hookify regex rule for a dangerous bash command (rm\s+-rf, sudo\s+rm, chmod\s+777, dd\s+if=, mkfs)
  • File-edit rule that warns when a .env file gets an API_KEY added (multi-condition rule with file_path + new_text)
  • Workflow-enforcement rule on the prompt event — block or warn when the user uses a banned framing
  • Completion-check rules on the stop event with pattern .* (always-on reminder)
  • Toggling rules on / off with enabled: false instead of deleting

When not to reach for it:

  • Native Claude Code PreToolUse / PostToolUse hooks — those are configured in settings.json and run shell commands, not regex rules. The wiki has a separate hooks topic covering those.
  • Heavy logic that needs a real script — Hookify is regex-on-events, not arbitrary code
  • Pattern matching across many event types in one rule — Hookify rules are scoped to one event each

Install

From affaan-m/everything-claude-code at skills/hookify-rules/. Drop the folder into ~/.claude/skills/hookify-rules/. The skill itself is markdown documentation for the rule format; the Hookify rule system has slash commands of its own (/hookify, /hookify-list, /hookify-configure, /hookify-help) that the rule files are consumed by. Rules go at .claude/hookify.<name>.local.md in the project root; add .claude/*.local.md to .gitignore so they stay local.

What a session looks like

  1. Operator names the danger. “I want a Hookify rule that warns me whenever a bash command contains rm -rf anywhere except inside /tmp.”
  2. Skill picks the event + matcher. Event is bash, matcher is the command field, pattern is rm\s+-rf with a negative lookahead or post-match filter.
  3. Frontmatter scaffold. Name warn-rm-rf, enabled: true, event: bash, action: warn, pattern: rm\s+-rf. Body is the message Claude will see.
  4. Test the regex. The skill points at the Python one-liner: python3 -c "import re; print(re.search(r'rm\s+-rf', 'rm -rf /'))". Catches the common pitfalls (too-broad patterns like bare log matching “login”, too-specific patterns like rm -rf /tmp missing other paths).
  5. Save to .claude/hookify.warn-rm-rf.local.md. Gitignored by convention.
  6. Verify with /hookify-list. Table view confirms the rule is registered and enabled.
  7. Iterate. If the pattern triggers too eagerly, tighten with multi-condition rules — command matches rm\s+-rf AND command does not contain /tmp/.

The discipline that makes it work: verb-first names. warn-rm-rf reads as “this rule warns when rm-rf appears.” block-secrets-env blocks. require-tests-before-commit requires. The convention makes a /hookify-list table scannable instead of a wall of opaque rule names.

Receipts

TODO — to be filled in from a real session. Once a Hookify rule has been authored and triggered in a real workflow, this section will capture: which regex pattern matched too broadly on first try (the upstream skill calls out log → “login” / “dialog” as the canonical bad-pattern example — receipts will document a similar one), how multi-condition rules behaved vs. single-pattern rules for the same workflow, and whether the warn vs. block action choice was right on first try or needed downgrading after false-positive friction.

Source and attribution

From Affaan M’s everything-claude-code — an MIT-licensed skill collection covering harness construction, agent ops, video, payments, and platform-specific patterns.

License: MIT.

Related skills (by topic)

Related posts (by topic)