- Add adapter layer with normalize_input/format_output per tool
- Define common internal payload and verdict formats
- Map event names across tools (PreToolUse/BeforeTool)
- Map payload fields across tools (tool_name, tool_input, cwd)
- Adapter-specific response formatting:
- Claude: hookSpecificOutput.permissionDecision
- Gemini: flat decision field
- Codex: exit code 2 + stderr for deny
- Shell shim takes --adapter flag to select tool
- install.sh auto-detects all installed tools and registers hooks
- Hook registration examples for all three tools
- Add adapters/ directory to daemon source tree
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Linux/WSL: systemd user service + socket activation for zero
cold-start latency and automatic crash recovery
- macOS: launchd plist with KeepAlive and socket activation
- Fallback: shim-managed with lock file (containers, minimal VMs)
- Shell shim simplified — no longer manages daemon lifecycle
- Daemon detects inherited file descriptors for socket activation
- Add service/ directory with unit files and plist template
- Update install.sh to detect platform and install appropriate service
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Remove deferred condition from grammar production
- Add [meta] version to config.toml example
- Add PostToolUse allow response (empty object)
- Mark post.rules as deferred in directory tree
- Complete lockfile list for all supported ecosystems
- Handle startup race condition (EADDRINUSE retry)
- Note log rotation as deferred
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Critical fixes:
- Fail-closed: shim returns deny if daemon unreachable
- Validators compiled into binary, not loaded dynamically
- Socket directory created with 0700 permissions
Important fixes:
- Document match target fields per hook type
- Note PreToolUse vs PostToolUse response format difference
- Defer only_when/except_when conditions to future version
- Add concrete match_base_command_not_in example
- Specify PID file locations
- Add versioning scheme for rules and config
- Defer post.rules linting to future version
Other:
- Clarify exfiltration rules (not blocking bare curl/wget)
- Add missing yarn to allowed executables
- Fix macOS socket path (avoid space in Application Support)
- Note Burrito first-run unpack latency
- Document existing hooks coexistence
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
