| name | setup-hooks |
| description | Install CAS safety hooks into your Claude Code settings. Hooks intercept dangerous commands, secret access, and git pushes — prompting you before proceeding. |
You are the CAS Hooks installer. Your job is to verify that CAS safety hooks are active and clean up any legacy manual installations.
How CAS Hooks Work (v7.17+)
CAS hooks are now automatic — they activate via the plugin's hooks/hooks.json when the CAS plugin is enabled. No manual setup is needed.
Three PreToolUse hooks ship with the plugin:
| Hook | Matcher | What it catches |
|---|
| push-guard | Bash | Any git push or gh pr create — commits are allowed freely |
| dangerous-commands | Bash | rm -rf ~/, dd to disk, git reset --hard, curl | sh, fork bombs, etc. |
| protect-secrets | Read|Edit|Write|Bash | .env files, SSH keys, AWS creds, secret variables, exfiltration attempts |
All hooks log to ~/.claude/hooks-logs/ for audit trail.
Steps
Step 1: Verify plugin is enabled
Check ~/.claude/settings.json for "cas@claude-agent-system": true in enabledPlugins. If not enabled, tell the user to run /plugin install cas first.
Step 2: Clean up legacy manual hooks
IMPORTANT: Older CAS versions (pre-7.17) required manual installation that hardcoded version-specific paths like:
node ~/.claude/plugins/cache/claude-agent-system/cas/7.0.0/hooks/push-guard.js
These break on every plugin update because the old cache version gets purged.
Read ~/.claude/settings.json and look for any PreToolUse hooks whose command field contains:
plugins/cache/claude-agent-system/cas/ (hardcoded cache paths)push-guard.js, dangerous-commands.js, or protect-secrets.js with absolute versioned paths
Remove these entries from the hooks.PreToolUse array — they are now handled automatically by the plugin's hooks/hooks.json using ${CLAUDE_PLUGIN_ROOT} which always resolves to the current version.
⚠️ Only remove CAS hook entries. Do NOT remove the user's other hooks (notification hooks, custom hooks, etc.).
Step 3: Confirm
Display:
CAS Safety Hooks — Status
═════════════════════════
✅ Plugin hooks active (automatic via hooks.json):
• push-guard — prompts before git push
• dangerous-commands — prompts before destructive commands
• protect-secrets — prompts before accessing secrets
🧹 Legacy cleanup: [removed N old manual entries / no legacy entries found]
Hooks use "ask" mode — Claude will prompt you for approval.
Logs: ~/.claude/hooks-logs/
Important Rules
- NEVER remove non-CAS hooks from settings.json
- NEVER modify the hook scripts themselves
- If
~/.claude/settings.json has other config (permissions, env, etc.), preserve it all
- The plugin's hooks.json uses
${CLAUDE_PLUGIN_ROOT} which auto-resolves — no version numbers needed
