fix: add missing post-tool-use.sh (broken on fresh installs)#12
Merged
fix: add missing post-tool-use.sh (broken on fresh installs)#12
Conversation
setup.sh registers a PostToolUse hook pointing to openexp/hooks/post-tool-use.sh, but the file was missing from the public repo — fresh ./setup.sh runs would register a hook to a non-existent script and Claude Code would error on every Write/Edit/ Bash. The README's "Four hooks run automatically" claim was unbacked. This commits a generic version of the hook: - Captures Write, Edit, Bash; writes observations to ~/.openexp/observations/observations-YYYY-MM-DD.jsonl as JSONL. - Skips read-only commands (ls, cat, head, tail, find, etc.). - Skips sensitive files (.env, *.token.json, *.pem, .ssh/*, etc.). - Redacts Bearer tokens and token/password/secret/credential values from summaries; flags TOKEN/SECRET/KEY/PASSWORD env-var setup as REDACTED entirely. - Honors OPENEXP_OBSERVATIONS_DIR for output location. - All observations get type="feature" with empty tags. Per-project classification is not built into the hook by design — when a user needs custom classifications, that should come from a config file (tracked in private#44). Smoke-tested: write capture, edit capture, bash with redaction, read-only skip, sensitive-file skip, non-Write/Edit/Bash skip — all behave correctly.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Critical: fresh installs were broken
setup.shregisters a PostToolUse hook pointing toopenexp/hooks/post-tool-use.sh— but the file was never in the public repo. After./setup.sh, Claude Code had a hook configured to a non-existent script, and everyWrite/Edit/Bashtool call would error or fail silently.The README's "Four hooks run automatically" claim was un-backed by code. This PR closes that gap.
What's in the hook
Write,Edit,Bashtool calls.${OPENEXP_OBSERVATIONS_DIR:-~/.openexp/observations}/observations-YYYY-MM-DD.jsonl.ls,cat,head,tail,find, etc.) — those don't change state, no point capturing..env,*token.json,*credentials.json,*.pem,*.key,.ssh/*.Bearer X,token=X,password=X,api_key=X,secret=X,credential=X(whereXis 8+ chars).export TOKEN=.../export SECRET=.../export KEY=.../export PASSWORD=...→ entire summary becomes[env variable setup - REDACTED].type: "feature"with emptytags: []. No path-based classification — that's intentional, since the right defaults differ per user / per project. Custom classifications should come from a config file when there's demand for it.Smoke test
Ran the hook with simulated input for six cases — all passed:
Writeto a normal fileBashwithexport SECRET_TOKEN=...Bashwithls -laWriteto~/.envReadtool callTest plan after merge
./setup.shon a clean machine — confirm hook gets registered, then run any Edit/Write and confirm a new line lands in~/.openexp/observations/observations-YYYY-MM-DD.jsonl.