Hookify Rules
Author Hookify markdown rules with YAML frontmatter so Claude hooks warn or block risky bash, file, prompt, and stop events.
Overview
Hookify Rules is an agent skill most often used in Build (also ship review, operate iterate) that teaches how to write .claude hookify.local.md guardrail rules with events, patterns, and warn/block actions.
Install
npx skills add https://github.com/affaan-m/everything-claude-code --skill hookify-rulesWhat is this skill?
- Defines Hookify rule format: YAML frontmatter plus markdown message body in .claude/hookify.{rule-name}.local.md
- Documents five hook events: bash, file, stop, prompt, and all
- Supports warn versus block actions and regex pattern matching on hook payloads
- Advanced rules use multiple conditions with field operators (file_path, new_text, contains, regex_match)
- Naming convention: verb-first kebab-case identifiers such as warn-* and block-*
- 5 hook event types documented: bash, file, stop, prompt, all
- Frontmatter table covers name, enabled, event, optional action, and pattern or conditions
Adoption & trust: 3k installs on skills.sh; 210k GitHub stars; 3/3 security scanners passed (skills.sh audits).
What problem does it solve?
Your coding agent repeats dangerous bash, leaks secrets into files, or ignores stop hooks because you have no structured Hookify rule syntax.
Who is it for?
Solo builders standardizing Claude Code hooks for env files, destructive shell, or custom prompt policies in a git-backed .claude folder.
Skip if: Teams needing enterprise IAM, non-Claude agents without Hookify support, or security compliance solely via cloud MCP without local hook files.
When should I use this skill?
User asks to create a hookify rule, write a hook rule, configure hookify, add a hookify rule, or needs hookify rule syntax and patterns.
What do I get? / Deliverables
You ship enabled Hookify rules with clear regex or multi-condition triggers and markdown messages so Claude warns or blocks before bad operations complete.
- Hookify .local.md rule file with frontmatter and trigger message
- Multi-condition rule definitions for file and bash events
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Build → agent-tooling is the first place solo builders codify local agent guardrails in .claude hookify files before those rules matter in Ship review and Operate maintenance. Agent-tooling fits rule files under .claude/hookify.*.local.md—configuration for the coding agent, not product feature frontend.
Where it fits
Add a warn-env-api-keys rule when the agent edits .env files containing key-like strings.
Enable block-* bash rules before a large refactor week so rm -rf patterns never run unattended.
Introduce a stop-event rule reminding the agent to run tests after long autonomous sessions.
How it compares
Local Hookify rule authoring—not a hosted policy engine or generic pre-commit hook tutorial for all languages.
Common Questions / FAQ
Who is hookify-rules for?
Indie developers and agent-first small teams using Claude Code who want repeatable, versionable guardrails in .claude/hookify rule files.
When should I use hookify-rules?
Use it in Build when adding agent tooling; in Ship when tightening rules before risky refactors; in Operate when encoding lessons from incidents into new warn- or block-* rules.
Is hookify-rules safe to install?
The skill documents rules that can block agent actions—review the Security Audits panel on this page and inspect any generated regex so you do not block legitimate workflows or leak paths in shared repos.
SKILL.md
READMESKILL.md - Hookify Rules
# Writing Hookify Rules ## Overview Hookify rules are markdown files with YAML frontmatter that define patterns to watch for and messages to show when those patterns match. Rules are stored in `.claude/hookify.{rule-name}.local.md` files. ## Rule File Format ### Basic Structure ```markdown --- name: rule-identifier enabled: true event: bash|file|stop|prompt|all pattern: regex-pattern-here --- Message to show Claude when this rule triggers. Can include markdown formatting, warnings, suggestions, etc. ``` ### Frontmatter Fields | Field | Required | Values | Description | |-------|----------|--------|-------------| | name | Yes | kebab-case string | Unique identifier (verb-first: warn-*, block-*, require-*) | | enabled | Yes | true/false | Toggle without deleting | | event | Yes | bash/file/stop/prompt/all | Which hook event triggers this | | action | No | warn/block | warn (default) shows message; block prevents operation | | pattern | Yes* | regex string | Pattern to match (*or use conditions for complex rules) | ### Advanced Format (Multiple Conditions) ```markdown --- name: warn-env-api-keys enabled: true event: file conditions: - field: file_path operator: regex_match pattern: \.env$ - field: new_text operator: contains pattern: API_KEY --- You're adding an API key to a .env file. Ensure this file is in .gitignore! ``` **Condition fields by event:** - bash: `command` - file: `file_path`, `new_text`, `old_text`, `content` - prompt: `user_prompt` **Operators:** `regex_match`, `contains`, `equals`, `not_contains`, `starts_with`, `ends_with` All conditions must match for rule to trigger. ## Event Type Guide ### bash Events Match Bash command patterns: - Dangerous commands: `rm\s+-rf`, `dd\s+if=`, `mkfs` - Privilege escalation: `sudo\s+`, `su\s+` - Permission issues: `chmod\s+777` ### file Events Match Edit/Write/MultiEdit operations: - Debug code: `console\.log\(`, `debugger` - Security risks: `eval\(`, `innerHTML\s*=` - Sensitive files: `\.env$`, `credentials`, `\.pem$` ### stop Events Completion checks and reminders. Pattern `.*` matches always. ### prompt Events Match user prompt content for workflow enforcement. ## Pattern Writing Tips ### Regex Basics - Escape special chars: `.` to `\.`, `(` to `\(` - `\s` whitespace, `\d` digit, `\w` word char - `+` one or more, `*` zero or more, `?` optional - `|` OR operator ### Common Pitfalls - **Too broad**: `log` matches "login", "dialog" — use `console\.log\(` - **Too specific**: `rm -rf /tmp` — use `rm\s+-rf` - **YAML escaping**: Use unquoted patterns; quoted strings need `\\s` ### Testing ```bash python3 -c "import re; print(re.search(r'your_pattern', 'test text'))" ``` ## File Organization - **Location**: `.claude/` directory in project root - **Naming**: `.claude/hookify.{descriptive-name}.local.md` - **Gitignore**: Add `.claude/*.local.md` to `.gitignore` ## Commands - `/hookify [description]` - Create new rules (auto-analyzes conversation if no args) - `/hookify-list` - View all rules in table format - `/hookify-configure` - Toggle rules on/off interactively - `/hookify-help` - Full documentation ## Quick Reference Minimum viable rule: ```markdown --- name: my-rule enabled: true event: bash pattern: dangerous_command --- Warning message here ```