From cas
Verifies CAS safety hooks are correctly installed, removes obsolete duplicate entries, and tests hook behavior. Use when approvals are missing, duplicated, or unexpectedly noisy.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cas:setup-hooksThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Verify the current CAS hook contract. The plugin owns its hooks through `${CLAUDE_PLUGIN_ROOT}`; no version-pinned manual installation is required.
Verify the current CAS hook contract. The plugin owns its hooks through ${CLAUDE_PLUGIN_ROOT}; no version-pinned manual installation is required.
| Guard | Tool matcher | Decision |
|---|---|---|
| Secret and environment protection | `Read | Edit |
| Sensitive command approval | Bash | Ask for every rm, git commit, git commit-tree, or git push, including common wrappers and nested shell commands |
| GPT Architect backend guard | Agent | While GPT Architect is ON, deny native Claude teammates and direct delegation to Codex instead |
Ordinary builds, tests, formatters, package managers, file edits, and non-sensitive shell commands must remain automatic. The broad legacy dangerous-commands.js and push-guard.js hooks are retired and no longer ship.
Read ~/.claude/settings.json and confirm enabledPlugins["cas@claude-agent-system"] is true.
If it is not enabled, stop and tell the user to run:
/plugin marketplace add Kasempiternal/Claude-Agent-System
/plugin install cas
Locate the active CAS plugin root, read hooks/hooks.json, and verify these commands are registered exactly once:
protect-secrets.jssensitive-command-approval.cjsgpt-architect-native-agent-guard.cjsAlso verify orchestrate-resume.js remains the sole CAS SessionStart hook.
Do not add a second user-level copy of an automatic plugin hook.
Inspect only hooks.PreToolUse entries in ~/.claude/settings.json. Mark an entry as obsolete when its command contains any of:
plugins/cache/claude-agent-system/cas/push-guard.jsdangerous-commands.jsprotect-secrets.jsclaude-sensitive-command-approval.cjssensitive-command-approval.cjsgpt-architect-native-agent-guard.cjsThese entries duplicate the current plugin-owned hooks or point at a cache version that will disappear on update.
Before changing settings, show the exact CAS entries you intend to remove and ask for confirmation. Remove only those confirmed entries. Preserve every non-CAS hook and every unrelated setting byte-for-byte where practical.
Feed representative PreToolUse JSON directly to the installed hook scripts and verify:
swift test --disable-sandbox produces no approval decision.npm test produces no approval decision.rm build.tmp returns permissionDecision: "ask".git commit -m "test" returns permissionDecision: "ask".git push origin main returns permissionDecision: "ask"..env returns permissionDecision: "ask" from secret protection.The probes must not execute the commands; they only pass JSON into the hook scripts.
Use this compact format:
CAS Safety Hooks
────────────────
✓ Secrets and environment: protected
✓ rm / git commit / git push: approval required
✓ Builds, tests, and ordinary commands: automatic
✓ GPT Architect native-agent guard: registered
Legacy duplicates: none | removed N
Logs: ~/.claude/hooks-logs/
If a check fails, name the exact missing or duplicate hook and the safest repair. Do not claim protection that was not verified.
rm, git commit, or git push.npx claudepluginhub p/kasempiternal-cas-claude-agent-system-pluginGuides creating Claude Code hooks with security-first design. Covers JSON and Python SDK hooks for validation, logging, and enforcement.
Creates, modifies, and debugs Claude Code hooks including PreToolUse, PostToolUse, Stop, and more. Covers plugin vs. user config formats, matchers, security patterns, and lifecycle limitations.
Guides completion of development work by verifying tests, detecting environment, and presenting structured options for merge, PR, or cleanup.