Skip to content

feat: add Claude and Cursor hook support#118

Merged
jy-tan merged 2 commits intomainfrom
support-hooks
Apr 14, 2026
Merged

feat: add Claude and Cursor hook support#118
jy-tan merged 2 commits intomainfrom
support-hooks

Conversation

@jy-tan
Copy link
Copy Markdown
Contributor

@jy-tan jy-tan commented Apr 14, 2026

Summary

Add hook-based shell wrapping for Claude Code and Cursor so Fence can sandbox shell tool calls even when the agent is running outside Fence. The hook helpers share one shell-hook core that resolves policy from the tool cwd, denies blocked commands before rewrite, and avoids nested sandbox relaunches when Fence is already active.

Changes

  • Add fence hooks print, install, and uninstall commands plus hidden --claude-pre-tool-use and --cursor-pre-tool-use helpers
  • Add thin Claude and Cursor JSON adapters around a shared shell-hook core for shell tool evaluation and command rewriting
  • Preflight shell commands with Fence policy using payload cwd plus optional --settings or --template overrides, and return hook-level denies for blocked commands
  • Accept either Claude or Cursor hook payloads so Cursor can reuse Claude hook settings when present
  • Preserve direct policy error messages for blocked commands instead of prefixing them with wrap failures
  • Document hook-based usage for Claude and Cursor and add regression tests for wrapping, deny behavior, pinned policy, cwd handling, and cross-payload compatibility

cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Apr 14, 2026
View reviewed changes
Copy link
Copy Markdown

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

2 issues found across 12 files

Prompt for AI agents (unresolved issues) 

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="cmd/fence/hooks_runtime.go">

<violation number="1" location="cmd/fence/hooks_runtime.go:212">
P1: Security bypass: `isPureCDCommand` does not check for `$` or backtick command substitution. A command like `cd $(malicious)` is treated as a harmless cd and skips both the deny check and sandbox wrapping entirely.</violation>
</file>

<file name="cmd/fence/hooks_doc.go">

<violation number="1" location="cmd/fence/hooks_doc.go:184">
P2: Hook command detection uses substring matching, which can incorrectly remove or overwrite unrelated hook entries that happen to contain the helper flag text.</violation>
</file>

Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review, or fix all with cubic.

Comment thread cmd/fence/hooks_runtime.go
Comment thread cmd/fence/hooks_doc.go Outdated
@jy-tan jy-tan merged commit e1618e3 into main Apr 14, 2026
6 checks passed
@jy-tan jy-tan deleted the support-hooks branch April 14, 2026 09:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jy-tan