feat(claude): refactor Stop hook to use external notification script

[kimchanhyung98]

This pull request updates the notification mechanism for Claude by introducing a new shell script to handle notifications and updating the related configuration to use this script. The main improvement is that notifications now display the last prompt from Claude's history, providing more context in the notification.

Notification system improvements:

• Added a new shell script notify.sh in .claude/hooks/ that reads the last prompt from the Claude history file and sends a macOS notification with this content.
• Updated .claude/settings.json to use the new notify.sh script for notifications instead of a static message.

Greptile Summary

Refactored notification system to extract and display the last Claude prompt from history, moving from inline osascript to an external notify.sh script.

• Created new notify.sh script that reads ~/.claude/history.jsonl, extracts the .display field, and shows it in macOS notifications
• Updated .claude/settings.json Stop hook to call the new script
• Critical security issue: Command injection vulnerability in line 16 of notify.sh - unescaped variable interpolation in osascript command
• Path concern: Relative path in settings.json may fail if executed from different working directory

Confidence Score: 2/5

• This PR contains a command injection vulnerability that could allow arbitrary code execution
• The command injection vulnerability on line 16 of notify.sh is a critical security issue - if the .display field in the history file contains shell metacharacters (quotes, backticks, or command substitution), they will be executed. While this is a local configuration file, it's a security best practice to properly escape user-controlled data before passing to shell commands.
• .claude/hooks/notify.sh requires immediate attention to fix command injection vulnerability

Important Files Changed

Filename	Overview
.claude/hooks/notify.sh	New notification script with command injection vulnerability in osascript call
.claude/settings.json	Updated Stop hook command to use new notification script with relative path

Sequence Diagram

sequenceDiagram
    participant Claude
    participant Stop Hook
    participant notify.sh
    participant tail
    participant jq
    participant osascript
    participant macOS

    Claude->>Stop Hook: Task completed event
    Stop Hook->>notify.sh: Execute bash .claude/hooks/notify.sh
    notify.sh->>tail: Read last line of ~/.claude/history.jsonl
    tail-->>notify.sh: Last JSONL entry
    notify.sh->>jq: Parse .display field
    jq-->>notify.sh: Display text (or empty)
    notify.sh->>notify.sh: Truncate to 25 chars
    notify.sh->>osascript: display notification with message
    osascript->>macOS: Show system notification
    macOS-->>User: Notification with last prompt

Loading

[gemini-code-assist]

Summary of Changes

Hello @kimchanhyung98, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly upgrades the user notification experience for the Claude application. By centralizing notification logic into a dedicated shell script, the system can now dynamically fetch and display the last user prompt, offering immediate and relevant context rather than a generic 'Task completed' message. This change streamlines how users receive feedback from Claude, making interactions more informative and efficient.

Highlights

• Enhanced Notification System: The pull request refactors Claude's notification mechanism to provide more contextual information to the user.
• New Notification Script: A new shell script, .claude/hooks/notify.sh, has been introduced to handle the logic for generating notifications.
• Contextual Notifications: Notifications now display the last prompt from Claude's history, improving the relevance of the alerts.
• Configuration Update: The .claude/settings.json file has been updated to invoke the new notify.sh script for notifications.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request refactors the notification mechanism to use an external script, which is a good improvement for modularity. The new script notify.sh introduces some good features like showing the last prompt. However, I've identified a few issues related to robustness and correctness. Specifically, the script can fail if the prompt contains special characters, it doesn't handle the absence of the history file gracefully, and it has an unstated dependency on jq. Additionally, the path to the script in settings.json is fragile. My review includes suggestions to address these points to make the new notification system more reliable.

[greptile-apps]

_{2 files reviewed, 2 comments}

_{Edit Code Review Agent Settings | Greptile}

[Copilot]

Pull request overview

This pull request refactors the Stop hook notification system for Claude by extracting the notification logic into a dedicated shell script. The script reads the last prompt from Claude's history file and displays it in a macOS notification, providing more context than the previous static message.

Changes:

• Created a new notify.sh script that extracts the last prompt from Claude's JSONL history file and displays it in a macOS notification (truncated to 25 characters)
• Updated the Stop hook configuration to invoke the new script instead of using an inline osascript command

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 6 comments.

File	Description
.claude/settings.json	Updated Stop hook command to call the new notify.sh script
.claude/hooks/notify.sh	New shell script that reads Claude history and sends notifications with the last prompt text

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.