惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

N
News and Events Feed by Topic
Malwarebytes
Malwarebytes
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
C
Cybersecurity and Infrastructure Security Agency CISA
F
Future of Privacy Forum
C
Cisco Blogs
T
The Exploit Database - CXSecurity.com
A
Arctic Wolf
S
Securelist
K
Kaspersky official blog
S
Schneier on Security
T
ThreatConnect
T
Tenable Blog
Spread Privacy
Spread Privacy
T
True Tiger Recordings
AWS News Blog
AWS News Blog
F
Fox-IT International blog
量子位
T
Threatpost
V
Vulnerabilities – Threatpost
C
CERT Recently Published Vulnerability Notes
Cisco Talos Blog
Cisco Talos Blog
GbyAI
GbyAI
宝玉的分享
宝玉的分享
腾讯CDC
G
Google Developers Blog
aimingoo的专栏
aimingoo的专栏
Cyberwarzone
Cyberwarzone
有赞技术团队
有赞技术团队
S
SegmentFault 最新的问题
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
V
Visual Studio Blog
U
Unit 42
雷峰网
雷峰网
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Simon Willison's Weblog
Simon Willison's Weblog
O
OpenAI News
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
The GitHub Blog
The GitHub Blog
The Register - Security
The Register - Security
MyScale Blog
MyScale Blog
小众软件
小众软件
A
About on SuperTechFans
Last Week in AI
Last Week in AI
Y
Y Combinator Blog
博客园 - 三生石上(FineUI控件)
美团技术团队
Google Online Security Blog
Google Online Security Blog
P
Proofpoint News Feed
MongoDB | Blog
MongoDB | Blog

DEV Community

How I Prepared for CKA: Resources, Labs, and Strategy That Worked for Me Stop Flying Blind: We Built an LLM Evaluation Framework That Works Across 17+ Agent Frameworks The Misleading "User is not authorized to access connection" Error in AWS CodeBuild — and Why Your IAM Policy Looks Fine I Resurrected a Dead F1 Project and Accidentally Built a Race Intelligence OS Remix Mini PC: After a Year of Dead Ends, the eMMC Finally Talks Not All Games Are Equal: The Real Difference Between a Trap and a Tool How to add Peppol e-invoicing to your SaaS without making it your team's problem I Built a Hermes Agent to Tell Me Which Hackathons to Enter. It Told Me to Enter This One. Powering Your Progress: Building Robust Solutions with Laravel I built a self-hosted CI/CD platform with persistent queue, encrypted secrets, and rollback UI — here's what I learned Antigravity 2.0 and the $1,000 OS: Why "Agent-First" Feels Like the Direction I've Been Building Toward Anyway I built an AI PR-triage agent in 30 lines of Markdown Core Web Vitals from 74 to 91: A Real Tax Practitioner Site Rebuild I Gave Gemma 4 150 Tools on Windows. Here's What Actually Happened. Beyond the Loop: Why Monolithic AI Agents Fail and How to Build a Microkernel Architecture The Hidden Tax of AI-Assisted Development (And How I Fixed It) I Ditched Cloud LLMs for Gemma 4 4B: A DevOps Engineer's 48-Hour Reality Check Building a Schema.org @graph That Validates on the First Try The "Lift and Shift" Trap: Why Your Integration Layer Needs More Than Just a Cloud Address All 7 OSI Layers Explained with Real-World Analogies Antigravity 2.0 in one day: the four shells and what each is good for Self-Hosting Google Fonts with size-adjust: Zero CLS Web Font Swap The Multi-Provider LLM Problem: Why “One API” Is Not Enough How I indexed 69,000 Claude Code skills (and what I learned doing it) RememberMe CareGrid: Local Gemma 4 for dementia memory and safety Google Is Killing Gemini CLI on June 18. Here Is What to Do Before Then Do Domínio ao Deploy: Hospedando Arquivos de Deep Links no Cloudflare Pages (Parte 7.1) Running Gemma 4 26B on an Old GTX 1080 with llama.cpp Devlog 1: I tried building an SNES game with the super FX chip Why Gemma 4 Feels Like an Important Moment for AI Developers✨ From Zero and Confused, This Is How I Started Learning to Code I Built a Local AI Gateway That Talks to Claude, ChatGPT, DeepSeek and Gemini — Without a Single API Key Bootstrapping with AI: Why Gemma 4 is the Micro-SaaS Founder’s Best Friend MyErp Architecture Series - #02 Cellular Architecture: Mapping Biology to Software Systems NodeJS vs Bun vs Go 🌍 RTL Arabic Style UI How Does an AI Agent Actually Buy Something? Google Just Published the Spec. Google I/O 2026 Is One Uncanny F.R.I.E.N.D.S Group Upgrade I Replaced 70MB Node.js Log Viewer with a 172KB Zig Binary The "MTTR Is All You Need" Trap The Quiet Revolution: How Firebase Became the First Agent-Native Backend at Google I/O 2026 I Built ResuMate! A 100% Private, Local AI Resume Optimizer with Google Gemma 4 Learning DirectX 12 - Part 2 Initialization Theory NeuralHats: I Put Edward de Bono’s Six Thinking Hats on Local LLMs Using Gemma 4 📝 Instant Auto Save Notes Engineering the "App-Like" Experience: A Deep Dive into PWA Architecture I built a local first AI CCTV assistant using Gemma 4 + Frigate CrowdShield AI — Smart Stadium Operating System & Crowd Intelligence Platform I built a free AI observability tool, prove your AI is useful, not just running Beyond Autocomplete: Why Google Antigravity 2.0 Changes the Rules for Indie Builders 터미널 AI 에이전트 구축 (v12) Building Instagram-Powered Apps with HikerAPI (Without Fighting Scrapers) Checkpoints, Not Transcripts: Rethinking AI Coding Agent Memory From Side Project to Student Savior: My AI PPT & Resume Tool Crossed 1.5K+ Users Why Story Points Don’t Work in the AI Era, And What Should Take Their Place Instead. Self-Hosted Document AI: How to Run Document Intelligence On Your Own Infrastructure (2026) How to Extract Tables from PDFs with AI: 4 Methods That Actually Work (2026) IDP vs OCR: What's the Difference — and Which Does Your Business Actually Need? Automated PII Detection and Redaction in Business Documents: A Practical Guide Human-in-the-Loop Document Review: When to Use It and How to Set It Up (2026) Document Processing Without RPA: A Modern Approach for Small Teams Reducto Alternative: When You Need More Than a Document Parser (2026) Hermes Agent vs LangChain vs CrewAI: When to Reach for Each SparshAI: I Built an Offline AI Tutor for Students Using Gemma 4 — Here's What Happened Building NeuroSense AI: A Human-Centered Stress Insight Assistant Powered by Gemma Why I Built a Privacy-First Dev Toolkit GAS Input Tags: Ability Activation Without Hardcoded Bindings AI Legal Document Advisor Supported By Gemm 4 Model Building Convertify in Public Week 10: PDF Cluster + Blog Launch CureNet AI: Decentralized Health Intelligence for India, Powered by Gemma 4 and ABHA Standardization When Open-Weights AI Meets a Broken Healthcare System: Deploying Gemma 4 in Rural India V.A.L.I.D. Google I/O 2026: The Year Google Stopped Building AI Assistants and Started Shipping AI Engineers Bondmap: AI-Powered Relationship Network That Maps How You're Connected to Everyone Using Gemma 4 Gemma 4 challenge inspired me to build my first app! 96. LoRA: Fine-Tune a Billion-Parameter Model on a Laptop From a Student Who Used CircuitVerse to a GSoC Contributor — My Community Bonding Story How Bf-Tree Keeps Mini-Pages Small, Hot, and Cheap to Evict I asked Claude to explain the chip war and ended up understanding modern geopolitics differently Stop Manually Checking for Server Updates: Automate With Email Notifications Nostalgia Meets Cybersecurity: Spotting Modern Scams in a Retro OS Simulator - Forward or Fraud CRACKING CODING INTERVIEW From Python to Production Pipeline :A Practical guide to Apache Airflow Antigravity 2.0: Google Just Changed What It Means to Be an Engineer I Built a Free Sticker Maker Because Every Other One Hid the Export How I bypassed Blazor WebAssembly's Virtual DOM using raw WASM pointers Distributed Tracing for LLM Agents: When MCP Makes Tool Calls Observable The Zero-Budget Memory Setup Behind My AI Agent Workflow No database. No framework. Just files, startup order, correction logs, and discipline. I Built an AI Second Brain with Gemma 4 The Most Exciting Google I/O 2026 Announcement for Me: HTML-in-Canvas CrisisLens: Compressing Disaster Scenes into 200-Byte Emergency Payloads with Gemma 4 I'm 15 and I built a todo app with Telegram Stars payments — only legal way for me to monetize before turning 18 Crypto Branding After the Token Launch Building an on-chain alerts bot in Python without any blockchain library FinePrint — An AI Pocket Lawyer That Decodes Predatory Contracts Using Gemma 4 How to Connect OpenAI with Supabase in 10 Minutes for a Lightning-Fast AI MVP One AI Gateway for AWS Bedrock, Google Vertex AI, Gemini, and Anthropic Reading Log #9 — Aoashi The Tacit Dimension Thinking, Fast and Slow Web3 Onboarding Is Not a Wallet Problem. It Is a Trust Problem. FHE Prompt Privacy: The Metadata Leak Your Demo Still Has
The Five Hooks That Change How You Ship With Claude Code
Michael Tusz · 2026-05-25 · via DEV Community

Michael Tuszynski

The dotfiles piece from May 22 named hooks as one component of a personal AI stack and moved on. They deserve more than a passing mention. Hooks are the primitive that turns taste into code — the editor's auto-format-on-save for AI work, run on the agent's actions instead of yours.

Anthropic's hooks documentation lists eight event types. Most published examples wire up one of them, demo a tiny safety check, and stop. The real payoff is in pairing the right hook to the right invariant for your work. Below are the five hooks I run, with the actual invariants they enforce.

Hook 1: PreToolUse — Guard the Destructive Commands

PreToolUse fires before any tool call, with the tool name and arguments. The hook can approve, deny, or rewrite. The high-yield use is denying classes of commands you never want the agent to run unattended — rm -rf, git reset --hard, git push --force to main, gcloud auth revoke, kubectl delete against production, anything with a flag that turns "ask first" into "do it now."

The shape of the hook is a small shell script that reads the tool call from stdin, pattern-matches on dangerous combinations, and exits with a non-zero status to deny. Examples in production:

  • Deny rm -rf against any path outside /tmp.
  • Deny git push --force to main or master regardless of remote.
  • Deny --no-verify on git commit unless ALLOW_NO_VERIFY=1 is set explicitly in the session env.
  • Deny any gh pr command with --admin or auto-merge flags.

The hook is a safety net, not a configuration. The agent already knows not to do these things. The hook catches the case where it almost did anyway.

Hook 2: PostToolUse — Auto-Lint Every Write

PostToolUse fires after a tool call completes, with the tool name, arguments, and result. The hook reads, runs whatever side effect you want, and returns. For file writes, this is where you run linting, formatting, type checking, and any project-specific guard.

The shape: a hook that filters for tool_name == "Write" || tool_name == "Edit", then runs the relevant linter against the file path that was written. In my setup this means prettier --write for JS/TS, ruff check --fix for Python, shellcheck for bash scripts. The hook does not block the agent's next action — by the time PostToolUse runs, the write has already happened. It does silently fix what it can and report what it cannot.

The win is consistency. Every file the agent writes ends up formatted the same way as every file I write. The agent's "I wrote this fast and ugly" output is indistinguishable from a deliberate commit.

Hook 3: Stop — Session-End Auto-Commit with Stale-Lock Defense

Stop fires when the agent finishes responding. This is the hook most people skip and where the highest payoff lives.

My Stop hook runs git add -A && git commit -m "<auto-commit message>" against any repo I have configured in ~/.claude/hooks/session-end-commit.sh. Every Claude Code session ends with a snapshot. I can always see what changed in the session because it is a real commit in real history.

The interesting part is the stale-lock defense. On May 15 I discovered the session-end hook had been silently failing for eleven days against a 0-byte .git/index.lock file left behind by a crashed git process on May 3. The fix was a five-line block that checks for the lock file, verifies its mtime is older than five minutes, verifies no process holds it via lsof, and only then removes it. Live process: preserved. Stale lock: cleaned. Healthy auto-commits complete in under a second, so the five-minute threshold cannot race a real concurrent run.

The lesson generalizes. Hooks accumulate edge cases. The first version of any hook works on the happy path. The version that survives a year of daily use is the one that handles the failure modes you discovered along the way.

Hook 4: SessionStart — Auto-Load Context

SessionStart fires when a new Claude Code session opens. This is where you pre-load the context your work needs every single time. The point is removing the recurring "read these three files first" prompt from your routine.

Mine loads:

  • The current state of the project's SESSION-STATE.md — what's in progress, what's blocked, what's next.
  • The relevant agent context file from ~/nexus/agents/ based on the directory I am working in.
  • A condensed log of yesterday's work — the last day's commits across the active projects.
  • The active tasks from the queue file if one exists in the project.

The hook returns text that gets injected into the session as a system reminder, the same shape as the auto-memory mechanism. By the time I type my first prompt, the agent already knows where I left off, what I am working on, and what is on the next-action list.

This is the hook that turns Claude Code from a stateless assistant into a continuous-with-me collaborator without changing anything about the underlying model.

Hook 5: UserPromptSubmit — Prompt-Level Guards

UserPromptSubmit fires before the agent sees your prompt. The hook can rewrite the prompt, append context, or block submission. Most uses I see in the wild are filters for safety words, which is the boring case. The interesting cases are project-specific guards.

Examples I run:

  • If the prompt contains "ship" or "publish" or "deploy" against the content-engine repo, the hook injects a reminder of the --ship flag protection and the manual-publish pattern.
  • If the prompt is a single command verb against a production directory (run, start, deploy), the hook injects the relevant CLAUDE.md section that explains the safer alternative.
  • If the prompt mentions a person whose name appears in ~/nexus/agents/personal-contacts.md, the hook injects the relevant context — old college roommate, current employer relationship, the prior interaction — so the agent does not treat the message as cold-outreach.

The hook does not block the prompt. It supplements it. The agent sees a richer version of what I typed, with context I would have had to remember to include otherwise.

What Hooks Are Actually For

The pattern across all five is the same. The hook encodes a rule I will not enforce manually because I will forget. The forcing function is that the hook runs every single time, regardless of whether I remembered to invoke it.

This is the same reason auto-format-on-save changed how teams write code in the 2010s. Not because format-on-save is technically interesting. Because the alternative — remembering to run the formatter every time — fails reliably enough that the team's code drifts from the style guide within a quarter.

Hooks for AI work are the same primitive at a different layer. They are how individual operators encode the rules the institutional plan is still drafting. The team that ships with the same lint, the same auto-commit, the same context-loading, every single Claude Code session — across every engineer — has built something the enterprise rollout document will be eighteen months catching up to.

Build yours. The five above are a working starting point.

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。