From 4eabef166f6a05e5701c28e9460e579464784ad5 Mon Sep 17 00:00:00 2001
From: Matan Ryngler <matanryngler@gmail.com>
Date: Thu, 12 Feb 2026 10:03:52 +0200
Subject: [PATCH] fix: use correct hooks.json format with event names as object
 keys

The previous array-with-event-field format was not recognized by the
Claude Code plugin system, causing hooks to silently not register.
---
 hooks/hooks.json | 46 ++++++++++++++++++++++++----------------------
 1 file changed, 24 insertions(+), 22 deletions(-)

diff --git a/hooks/hooks.json b/hooks/hooks.json
index a24d2ae..0f0066d 100644
--- a/hooks/hooks.json
+++ b/hooks/hooks.json
@@ -1,24 +1,26 @@
 {
-  "hooks": [
-    {
-      "event": "PreToolUse",
-      "matcher": "Bash",
-      "hooks": [
-        {
-          "type": "command",
-          "command": "${CLAUDE_PLUGIN_ROOT}/hooks/scripts/validate-cloud-command.py"
-        }
-      ]
-    },
-    {
-      "event": "SessionStart",
-      "matcher": "*",
-      "hooks": [
-        {
-          "type": "command",
-          "command": "echo '{\"hookSpecificOutput\":{\"hookEventName\":\"SessionStart\",\"contextForAgent\":\"DeployShield is active. Write/mutating operations are blocked for: cloud CLIs (aws, gcloud, az, kubectl, helm, terraform, pulumi), database CLIs (psql, mysql, mongosh, redis-cli), IaC tools (cdk, sam, serverless, ansible-playbook), secrets (vault), GitHub CLI (gh), container runtimes (docker, podman), and package publishing (npm/yarn/pnpm publish, twine, gem, cargo). Only read-only commands are allowed. Suggest --dry-run flags and terraform plan instead of terraform apply where appropriate.\"}}'"
-        }
-      ]
-    }
-  ]
+  "hooks": {
+    "PreToolUse": [
+      {
+        "matcher": "Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "${CLAUDE_PLUGIN_ROOT}/hooks/scripts/validate-cloud-command.py"
+          }
+        ]
+      }
+    ],
+    "SessionStart": [
+      {
+        "matcher": "*",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "echo '{\"hookSpecificOutput\":{\"hookEventName\":\"SessionStart\",\"contextForAgent\":\"DeployShield is active. Write/mutating operations are blocked for: cloud CLIs (aws, gcloud, az, kubectl, helm, terraform, pulumi), database CLIs (psql, mysql, mongosh, redis-cli), IaC tools (cdk, sam, serverless, ansible-playbook), secrets (vault), GitHub CLI (gh), container runtimes (docker, podman), and package publishing (npm/yarn/pnpm publish, twine, gem, cargo). Only read-only commands are allowed. Suggest --dry-run flags and terraform plan instead of terraform apply where appropriate.\"}}'"
+          }
+        ]
+      }
+    ]
+  }
 }