fix(fp-check): remove top-level Stop hook to stop firing on unrelated sessions (#143)#165
Open
remiforall wants to merge 1 commit into
Open
fix(fp-check): remove top-level Stop hook to stop firing on unrelated sessions (#143)#165remiforall wants to merge 1 commit into
remiforall wants to merge 1 commit into
Conversation
… sessions
The Stop hook in plugins/fp-check/hooks/hooks.json was registered with
matcher "*", so it fired on every Claude Code session stop — including
sessions that had nothing to do with fp-check verification. This burned
a full 30-second LLM turn on every unrelated stop and polluted the
parent context with stop-feedback blocks.
The hook's own fallback rule ("if the conversation is not about
fp-check verification at all, return 'approve'") did not prevent the
issue: the hook still fired, the model still ran, the turn was still
consumed — just to discover that it should no-op.
The companion SubagentStop hook stays. It is the right place to enforce
structured-output completeness, because it only matches actual fp-check
subagents (data-flow-analyzer, exploitability-verifier, poc-builder)
and never fires on unrelated sessions. Verification rigor is preserved
at the level where it is actionable.
Closes trailofbits#143.
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
|
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes #143.
The
Stophook inplugins/fp-check/hooks/hooks.jsonis registered with"matcher": "*", so it fires on every Claude Code session stop — including sessions that have nothing to do with fp-check verification. This burns a full 30-second LLM turn on every unrelated stop and pollutes the parent context with stop-feedback blocks.The hook's own fallback rule (
"If the conversation is not about fp-check verification at all, return 'approve'") does not prevent the issue: the hook still fires, the model still runs, the turn is still consumed — just to discover that it should no-op.Fix
Removes the top-level
Stophook entirely (option 3 of three workarounds discussed in #143).The companion
SubagentStophook stays. It is the right place to enforce structured-output completeness, because it only matches actual fp-check subagents (data-flow-analyzer,exploitability-verifier,poc-builder) and never fires on unrelated sessions. Verification rigor is preserved at the level where it is actionable.Impact
SubagentStopcontinues to enforce phase-output completeness on every fp-check subagent.Stop.1.0.0to1.0.1(per repo CLAUDE.md guidance: substantive change to hook behavior).Validation
CODEOWNERS unchanged (
/plugins/fp-check/ @ahpaleus @dguido).Test plan