Production-ready hooks, skills, and configurations for Claude Code
Battle-tested from running a 50-agent AI command center daily.
Hooks • Skills • Configs • Install
A collection of hooks, skills, and configuration templates extracted from running MAX HQ -- a 6-department, 50-agent AI command center built entirely on Claude Code. These are the tools that keep sessions persistent, credentials safe, and context under control across hundreds of daily interactions.
Hooks run automatically at lifecycle events (session start, before tool use, before compaction).
Skills are reusable prompt templates that Claude Code can invoke on command.
Configs are settings.json templates you can drop into your .claude/ directory.
| Problem | Solution |
|---|---|
| Lost context between sessions | session-auto-save + session-auto-resume hooks |
Accidentally committed .env files |
protect-credentials hook blocks it before it happens |
| No idea how much context window is left | context-monitor hook warns you at 35% and 25% remaining |
| Starting every session cold | morning-briefing skill auto-generates a status dashboard |
| Protected directories getting modified | protect-directory hook blocks writes to specified paths |
- Copy hook files into your project's
.claude/hooks/directory - Copy skill files into your project's
.claude/skills/directory - Update your
.claude/settings.jsonto register the hooks (see Configurations)
# Clone the repo
git clone https://github.com/GopalGB/claude-code-toolkit.git
# Copy hooks to your project
cp claude-code-toolkit/hooks/* your-project/.claude/hooks/
# Copy skills
cp -r claude-code-toolkit/skills/* your-project/.claude/skills/
# Copy and customize settings
cp claude-code-toolkit/configs/settings.json your-project/.claude/settings.json- Claude Code (desktop or CLI)
jq(for shell hooks) --brew install jqon macOS- Node.js 18+ (for JS hooks)
Hooks fire automatically at Claude Code lifecycle events. They receive JSON on stdin and can block operations (exit code 2) or inject context into the conversation.
Event: PreToolUse (Write, Edit, Bash)
Blocks accidental modification, commit, or exposure of credential files. Covers .env, .pem, .key, SSH keys, credentials.json, and more.
What it blocks:
- Writing or editing credential files directly
git add .envorgit add -A(which may include secrets)cat .env(credential exposure in terminal)- Redirecting secret values to files
- Copying credential files to insecure locations
What it allows:
- Reading credential files with the Read tool (for debugging)
- Referencing environment variables in code
# Example: this gets blocked
git add .env.production
# BLOCKED: Command would stage a credential file for git commit.
# Example: this is allowed
echo $DATABASE_URL # referencing env var is fineProtected file patterns
.env,.env.*,env.local,env.production,env.staging*.pem,*.key,*.p12,*.pfx,*.jks,*.keystore,*.ppkid_rsa,id_ed25519,id_ecdsa,id_dsacredentials.json,credentials.*,secrets.*service-account*.json,*-credentials.json.npmrc,.pypirc,jwt_secret- Files under
~/.ssh/or custom secured directories
Event: PostToolUse
Tracks context window usage and injects warnings when you're running low. Prevents the "suddenly ran out of context" surprise.
| Threshold | Remaining | Action |
|---|---|---|
| WARNING | <= 35% | Advises against starting new complex work |
| CRITICAL | <= 25% | Recommends stopping and saving state |
Features:
- Reads metrics from a bridge file written by the statusline hook
- Debounces warnings (5 tool uses between alerts) to avoid spam
- Severity escalation bypasses debounce (WARNING -> CRITICAL fires immediately)
- Detects GSD/planning workflows and adjusts advice accordingly
- 60-second staleness check on metrics
Event: PreCompact
Automatically saves a session snapshot before context compaction. Captures git status, recent commits, and diff stats so the next session has full continuity.
The snapshot includes:
- Git status (modified/untracked files)
- Git diff stats
- Recent commit history
- Session ID and timestamp
Event: SessionStart
Reads the most recent session snapshot on startup and injects context about where the last session left off.
Surfaces:
- How long ago the last session was
- What the next step should be
- What approaches failed (so you don't retry them)
- Current system state
Event: SessionEnd
Saves a lightweight session snapshot when a session ends (timeout, user stop, etc.). Also logs session metadata (duration, context usage) for tracking.
Event: PreToolUse (Write, Edit, Bash)
Blocks all write operations to a specified protected directory. Useful for keeping reference code, production configs, or other critical paths untouched.
# Configure the protected path in the script
PROTECTED_DIR="path/to/protected"Skills are structured prompt templates that Claude Code can invoke. Each skill has a SKILL.md file that defines its trigger, behavior, and output format.
Trigger: /morning, good morning, brief me
Generates a JARVIS-style morning briefing with:
- System status dashboard (services, departments, health)
- Security pulse (latest scan results)
- Today's focus priorities (derived from pending work)
- Specific action items (3, numbered, completable today)
Reads from your project's state files, session history, and schedules to produce a data-driven briefing -- not generic motivation.
Trigger: /save-session, save session, save progress
Captures a complete session snapshot:
- What was built (files changed, with paths)
- What worked (with evidence)
- What FAILED (critical -- prevents retrying broken approaches)
- Decisions made and trade-offs considered
- Exact next step for the next session
Trigger: /resume-session, where did we leave off, continue
Reads the latest session snapshot and delivers a structured briefing:
- Time since last session
- What was being worked on
- Failed approaches (highlighted to avoid repetition)
- Blockers and next step
Trigger: /status, system status, what's running
One-command system health dashboard:
- Department/project health
- Running services
- Skill and agent counts
- Recent git activity
- Disk usage and uptime
- Alert summary
Drop-in configuration that registers all hooks at the correct lifecycle events.
{
"hooks": {
"PreToolUse": [
{
"matcher": "Write|Edit|Bash",
"hooks": [
{
"type": "command",
"command": "\"$CLAUDE_PROJECT_DIR/.claude/hooks/protect-credentials.sh\""
}
]
}
],
"PostToolUse": [
{
"hooks": [
{
"type": "command",
"command": "node \"$CLAUDE_PROJECT_DIR/.claude/hooks/context-monitor.js\""
}
]
}
],
"PreCompact": [
{
"hooks": [
{
"type": "command",
"command": "node \"$CLAUDE_PROJECT_DIR/.claude/hooks/session-auto-save.js\"",
"timeout": 5000
}
]
}
],
"SessionStart": [
{
"hooks": [
{
"type": "command",
"command": "node \"$CLAUDE_PROJECT_DIR/.claude/hooks/session-auto-resume.js\"",
"timeout": 3000
}
]
}
],
"SessionEnd": [
{
"hooks": [
{
"type": "command",
"command": "node \"$CLAUDE_PROJECT_DIR/.claude/hooks/session-stop-save.js\"",
"timeout": 5000
}
]
}
]
}
}Each hook and skill is designed to be modified. Common customizations:
| What | Where | How |
|---|---|---|
| Add protected file patterns | protect-credentials.sh |
Add patterns to is_credential_path() |
| Change context thresholds | context-monitor.js |
Edit WARNING_THRESHOLD and CRITICAL_THRESHOLD |
| Change session save location | session-auto-save.js |
Edit sessionsDir path |
| Add protected directories | protect-directory.sh |
Edit PROTECTED_DIR variable |
| Customize briefing format | morning-briefing/SKILL.md |
Edit the template sections |
claude-code-toolkit/
├── hooks/
│ ├── protect-credentials.sh # Block credential file modifications
│ ├── protect-directory.sh # Block writes to protected directories
│ ├── context-monitor.js # Context window usage warnings
│ ├── session-auto-save.js # Auto-save before compaction
│ ├── session-auto-resume.js # Auto-resume on session start
│ └── session-stop-save.js # Save + log on session end
├── skills/
│ ├── morning-briefing/
│ │ └── SKILL.md # JARVIS-style daily briefing
│ ├── save-session/
│ │ └── SKILL.md # Manual session snapshot
│ ├── resume-session/
│ │ └── SKILL.md # Resume from last session
│ └── status/
│ └── SKILL.md # System health dashboard
├── configs/
│ └── settings.json # Drop-in hook registration
├── LICENSE
└── README.md
Claude Code hooks fire at specific lifecycle events. Each hook receives a JSON payload on stdin containing session info, tool details, and context.
| Event | When | Can Block? | Use Case |
|---|---|---|---|
PreToolUse |
Before any tool executes | Yes (exit 2) | Credential protection, directory guards |
PostToolUse |
After a tool completes | No | Context monitoring, action logging |
PreCompact |
Before context compaction | No | Session state preservation |
SessionStart |
When a new session begins | No | Context restoration |
SessionEnd |
When a session ends | No | Final state save, usage logging |
Hooks that exit with code 2 block the operation and show the stderr message to the user.
These tools were extracted from MAX HQ -- a 6-department AI command center running 50+ agents, 28 cron schedules, and 130+ skills on Claude Code. They've been tested across hundreds of sessions spanning code generation, research, deployment, and social media automation.
Found a bug? Have a useful hook? PRs welcome.
- Fork the repo
- Create a branch (
feat/your-hook-name) - Add your hook with a clear description in this README
- Submit a PR
MIT License. See LICENSE for details.
Built by GopalGB -- powering autonomous AI workflows since 2026.