feat(claude): add Claude Code hookify plugin

[kimchanhyung98]

This pull request introduces several improvements to local development workflow automation and notification handling for the Claude Code environment. The main changes include enabling and configuring the hookify plugin with multiple local hooks to enforce best practices (such as blocking edits to dependency folders, warning about missing documentation updates, and detecting debug code or secrets), as well as replacing the previous simple notification command with an enhanced shell script that provides richer feedback upon task completion.

Key changes:

Hookify plugin and local hooks:

• Enabled the hookify plugin in .claude/settings.json to allow custom workflow automation hooks.
• Added .claude/hookify.block-packages.local.md to block direct edits to dependency and environment folders (e.g., node_modules/, vendor/, .venv/, .git/) with a clear message in both English and Korean.
• Added .claude/hookify.sync-docs.local.md to warn when code files are changed, reminding developers to update or add documentation in the relevant domain docs.
• Added .claude/hookify.warn-security.local.md to warn if debug code or hardcoded secrets are detected in code changes, helping prevent accidental leaks or debug artifacts.
• Added .claude/hookify.require-tests.local.md (currently disabled) to block completion if common test commands are not detected in the transcript, encouraging test execution before finishing work.

Notification improvements:

• Replaced the previous notification command with .claude/hooks/notify.sh, a shell script that shows a status icon, a preview of the last prompt, and uses different sounds based on the stop reason, providing more context in task completion notifications. [1] [2]

Greptile Overview

Greptile Summary

Enables the hookify plugin and adds four local workflow automation hooks to enforce development best practices: blocking edits to dependency folders, warning about documentation sync needs, detecting debug code and hardcoded secrets, and optionally requiring test execution. Also replaces the simple notification command with an enhanced shell script (notify.sh) that reads session history to display a preview of the last prompt along with context-aware notification sounds.

Major changes:

• Enabled hookify@claude-plugins-official plugin in settings
• Added .claude/hookify.block-packages.local.md to prevent accidental edits to node_modules/, vendor/, .venv/, and .git/
• Added .claude/hookify.warn-security.local.md to detect console.log, debugger, var_dump, and hardcoded secrets
• Added .claude/hookify.sync-docs.local.md to remind developers to update domain documentation
• Added .claude/hookify.require-tests.local.md (disabled by default) to enforce test execution
• Created .claude/hooks/notify.sh for richer task completion notifications with prompt preview
• Updated .gitignore to allow *.local.md hookify files while excluding settings.local.json

Notes:

• The notify.sh script requires jq and osascript (macOS-only), so this enhancement is platform-specific
• All hookify rules use appropriate regex patterns and provide clear bilingual (English/Korean) messages
• The security warning hook correctly avoids auto-removing code, leaving decisions to developers

Confidence Score: 5/5

• Safe to merge with no blocking issues
• The changes are well-structured configuration files and a notification script with no logic errors. Hookify rules use correct regex patterns, appropriate actions (block/warn), and clear messaging. The notify.sh script properly handles errors with set -euo pipefail, safely processes JSON input, and uses appropriate string interpolation. All changes are additive and improve the development workflow without affecting production code.
• No files require special attention - all changes are configuration files with clear purposes

Important Files Changed

Filename	Overview
.claude/hooks/notify.sh	Enhanced notification script with prompt preview and context-aware sounds; requires jq dependency and is macOS-only
.claude/settings.json	Enabled hookify plugin and updated notification command to use the new notify.sh script
.claude/hookify.warn-security.local.md	Detects debug code and hardcoded secrets with appropriate regex pattern; warns without auto-removing

Sequence Diagram

sequenceDiagram
    participant User
    participant Claude as Claude Code
    participant Hookify as Hookify Plugin
    participant NotifyScript as notify.sh
    participant History as ~/.claude/history.jsonl
    participant macOS as macOS Notification

    User->>Claude: Edits code file
    Claude->>Hookify: File event triggered
    
    alt File matches blocked patterns
        Hookify->>Hookify: Check block-packages rule
        Hookify-->>Claude: Block edit (node_modules, .git, etc.)
        Claude-->>User: Show block message
    else File is source code
        Hookify->>Hookify: Check warn-security rule
        alt Debug code or secrets detected
            Hookify-->>Claude: Warn about security issue
            Claude-->>User: Show warning
        end
        Hookify->>Hookify: Check sync-docs rule
        Hookify-->>Claude: Warn to update docs
        Claude-->>User: Show documentation reminder
    end

    User->>Claude: Task completion (stop event)
    Claude->>Hookify: Stop event triggered
    
    alt require-tests enabled
        Hookify->>Hookify: Check transcript for test commands
        alt No tests found
            Hookify-->>Claude: Block completion
            Claude-->>User: Request test execution
        end
    end
    
    Claude->>NotifyScript: Execute hook with JSON input
    NotifyScript->>NotifyScript: Parse session_id from stdin
    NotifyScript->>History: Read history.jsonl
    History-->>NotifyScript: Return last prompt for session
    NotifyScript->>NotifyScript: Determine status icon & sound
    NotifyScript->>macOS: osascript display notification
    macOS-->>User: Show notification with prompt preview

Loading

[gemini-code-assist]

Summary of Changes

Hello @kimchanhyung98, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the local development experience within the Claude Code environment by integrating the hookify plugin. This integration introduces a suite of automated checks designed to enforce coding best practices, such as preventing direct modifications to dependency folders, ensuring documentation is kept up-to-date, and identifying potential security vulnerabilities like debug code or hardcoded secrets. Furthermore, the existing notification system has been upgraded to provide more informative and context-aware feedback upon task completion.

Highlights

• Hookify Plugin Enabled: The hookify plugin has been enabled in .claude/settings.json to allow for custom workflow automation hooks.
• Dependency Folder Protection: A new local hook, .claude/hookify.block-packages.local.md, has been added to prevent direct edits to common dependency and environment folders like node_modules/, vendor/, and .venv/.
• Documentation Sync Reminder: A new local hook, .claude/hookify.sync-docs.local.md, will now warn developers to update or add documentation in relevant domain docs when code files (e.g., PHP, TypeScript, Python) are changed.
• Security Warning for Debug Code and Secrets: A new local hook, .claude/hookify.warn-security.local.md, has been implemented to detect and warn about the presence of debug code (e.g., console.log, var_dump) or hardcoded secrets (e.g., api_key, password) in new code.
• Test Requirement Hook (Disabled): A new local hook, .claude/hookify.require-tests.local.md, has been added to encourage test execution before task completion, though it is currently disabled.
• Enhanced Notification System: The previous simple notification command has been replaced with an advanced shell script, .claude/hooks/notify.sh, which provides richer feedback upon task completion, including a status icon, a preview of the last prompt, and different sounds based on the stop reason.
• Gitignore Update: The .gitignore file has been updated to specifically ignore .claude/settings.local.json and remove the broader .claude/*.local.* pattern.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request is a great initiative to improve the local development workflow using hookify and enhance notifications. The new hooks for blocking package edits, reminding about documentation, and warning about security issues are valuable additions. My review focuses on improving the robustness, security, and performance of the newly added scripts and configurations. I've provided suggestions to refine the regular expressions in the hooks for better accuracy and to address a critical command injection vulnerability in the notification script, along with other performance and reliability improvements for that script.

[greptile-apps]

_{No files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}

[Copilot]

Pull request overview

This PR enhances the Claude Code development environment by introducing workflow automation through the hookify plugin and improving task completion notifications. The changes establish guardrails for development practices and provide richer feedback through enhanced notifications.

Changes:

• Enabled the hookify plugin and added four local hook configurations to enforce best practices (blocking dependency folder edits, warning about documentation updates, detecting security issues, and optionally requiring tests)
• Replaced the simple notification command with a sophisticated shell script that extracts prompts from history and provides context-aware notifications with different sounds and status icons
• Updated .gitignore to allow tracking of .local.md hookify configuration files while maintaining privacy for .local.json settings

Reviewed changes

Copilot reviewed 6 out of 7 changed files in this pull request and generated 9 comments.

Show a summary per file

File	Description
.gitignore	Modified to specifically ignore only .claude/settings.local.json instead of all .local.* files, allowing hookify .local.md files to be tracked
.claude/settings.json	Enabled the hookify plugin and updated the Stop hook to use the new notification script instead of a simple osascript command
.claude/hooks/notify.sh	Added a new bash script that parses hook JSON input, extracts session information from history, and displays rich notifications with status icons and sounds based on stop reason
.claude/hookify.block-packages.local.md	Added hook to block direct edits to dependency folders like node_modules/, vendor/, .venv/, and .git/
.claude/hookify.sync-docs.local.md	Added hook to warn when code files are modified, prompting documentation updates in domain docs
.claude/hookify.warn-security.local.md	Added hook to detect debug code and hardcoded secrets in code changes
.claude/hookify.require-tests.local.md	Added (but disabled) hook to require test execution before task completion

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.