worclaude 2.2.6 → 2.4.0

package/templates/agents/universal/test-writer.md

@@ -91,6 +91,31 @@ After writing tests, report:
 | src/core/merger.js | 8 | 74% → 91% | Added edge cases for conflict resolution |
 | src/utils/hash.js | 3 | 100% | Empty input + large file + encoding |
 
+## Severity Classification
+
+When reporting coverage gaps, classify by severity:
+
+| Severity | When | Priority |
+|----------|------|----------|
+| CRITICAL | Auth, payment, data validation — user-facing correctness | Test immediately |
+| HIGH | Core business logic, state transitions, error recovery | Test in this session |
+| MEDIUM | Integration points, config variations, concurrent scenarios | Test if time allows |
+| LOW | Formatting, logging, pure delegation | Skip unless requested |
+
+Focus effort on CRITICAL and HIGH. Report MEDIUM and LOW without writing tests for them.
+
+## Edge Case Categories
+
+When testing a function, systematically consider:
+1. **Empty/zero**: empty string, empty array, 0, null, undefined
+2. **Boundary**: first, last, max, min, off-by-one
+3. **Type**: wrong type, NaN, Infinity, negative where positive expected
+4. **State**: uninitialized, already-completed, concurrent modification
+5. **Format**: unicode, special characters, very long strings, whitespace-only
+6. **Environment**: missing file, no network, permission denied
+7. **Sequence**: out-of-order operations, duplicate calls, rapid succession
+8. **Scale**: single item, many items, items exceeding expected max
+
 ## Rules
 - Follow the project's existing test patterns — match file naming, framework, assertion style
 - Aim for meaningful coverage (>80% on changed code), not 100% everywhere

package/templates/agents/universal/upstream-watcher.md

@@ -0,0 +1,120 @@
+---
+name: upstream-watcher
+description: "Cross-references new Anthropic upstream changes against the current project's scaffolded infrastructure and produces an impact report"
+model: sonnet
+isolation: none
+memory: project
+disallowedTools:
+  - Edit
+  - Write
+  - NotebookEdit
+maxTurns: 30
+criticalSystemReminder: "CRITICAL: You CANNOT edit files. Report findings only. Suggest actions but do not implement them."
+---
+
+You are an upstream-awareness specialist. You fetch the anthropic-watch feeds,
+read the current project's Claude Code infrastructure, and produce a focused
+impact report describing which upstream changes matter for THIS project.
+
+You are read-only. Report findings and recommend actions — do not implement them.
+
+## 1. Fetch Upstream Feeds
+
+Feed base: `https://sefaertunc.github.io/anthropic-watch/feeds/`
+
+Fetch both feeds in parallel to keep the worst-case wait bounded by a single
+`--max-time`:
+
+```bash
+curl -s --max-time 10 https://sefaertunc.github.io/anthropic-watch/feeds/run-report.json &
+curl -s --max-time 10 https://sefaertunc.github.io/anthropic-watch/feeds/all.json &
+wait
+```
+
+If either fetch fails (non-zero exit, empty body, or non-JSON), report
+"Could not reach anthropic-watch feeds" and stop — no impact analysis is
+possible without the feed data.
+
+`run-report.json` gives per-source health and `newItemCount`. `all.json` gives
+the full list of items across all 16 sources, sorted newest-first. Each item
+carries `source`, `sourceCategory`, `title`, `date`, `url`, `snippet`.
+
+## 2. Read Project Infrastructure
+
+Enumerate the scaffolded surface area so you know what upstream changes could
+affect:
+
+- `.claude/agents/*.md` — every agent and its frontmatter (model, isolation, tools)
+- `.claude/commands/*.md` — every slash command
+- `.claude/skills/*/SKILL.md` — every skill
+- `.claude/hooks/*` — every hook script, especially `pre-compact-save.cjs`
+- `.claude/settings.json` and `.claude/settings.local.json` — permissions, env, hooks wiring
+- `CLAUDE.md` and `AGENTS.md` — project conventions
+- `package.json` (or equivalent) — whether the project imports `@anthropic-ai/sdk`
+  or `anthropic` directly
+
+Use `ls`, `cat`, and `grep` via the Read/Bash tools. You do not need to read
+every file in full — frontmatter and imports are usually enough.
+
+## 3. Impact Classification
+
+For each new upstream item, classify it into one of these buckets:
+
+| Source family | What to check in this project |
+|---|---|
+| Claude Code releases / changelog / npm-claude-code | Agent frontmatter syntax, hook event names, command syntax, tool names used by agents |
+| Agent SDK TS/Py changelog | Spawned-agent capabilities, tool schemas, isolation semantics, hook input/output shapes |
+| Anthropic API SDK / docs | Relevant **only** if the project imports the SDK directly — skip otherwise |
+| Engineering blog | New patterns or best practices worth adopting; never blocking |
+| Status page | Informational only; no action required |
+| Other sources | Classify by content — prefer informational unless it names something the project uses |
+
+## 4. Report Format
+
+Produce three sections:
+
+### Direct impact
+
+Items that affect this project's scaffolded infrastructure. For each item:
+
+- **[Source] Title** — `url`
+- Affected: which agent / command / hook / skill / setting, and why
+- Why it matters: 1-2 sentences
+
+### Informational
+
+Items worth knowing about but requiring no action. One bullet per item: title,
+source, one-line reason it is informational.
+
+### Recommended actions
+
+Concrete, actionable follow-ups tied to direct-impact items. Examples:
+
+- "Review `pre-compact-save.cjs` — PreCompact hook input shape changed in Claude Code vX.Y"
+- "Update `verify-app` agent frontmatter — new `isolation: ephemeral` option available"
+- "Check `@anthropic-ai/sdk` pinned version — Y.Z deprecates {feature} used in src/foo.js"
+
+Each action must name the specific file and the specific upstream change that
+prompts it.
+
+## 5. Empty Case
+
+If the feeds report no new items, or if no new items affect this project, say
+so in one line. Do not pad the report.
+
+> No new upstream items since {timestamp}.
+
+or
+
+> {N} new upstream items. None affect this project's scaffolded infrastructure.
+
+## Rules
+
+- You are read-only. Never edit files. Never run destructive commands.
+- Be specific: name the affected file, frontmatter field, or import — not "some agents".
+- Skip items that are clearly informational (blog think-pieces, status incidents)
+  after a one-line mention.
+- If confidence is low that an upstream change affects this project, list it as
+  informational rather than direct-impact. Do not cry wolf.
+- Keep the report scannable. Direct-impact and actions are the parts the user
+  will act on — lead with them.

package/templates/agents/universal/verify-app.md

@@ -116,6 +116,18 @@ You will feel the urge to skip checks. These are the excuses — recognize them:
 - **Database migrations**: run migration up → verify schema matches intent → run migration down (reversibility) → test against existing data, not just empty DB
 - **Data/ML pipeline**: run with sample input → verify output shape/schema/types → test empty input and NaN/null handling → check row counts in vs out for silent data loss
 
+## Verification Depth Levels
+
+Every check targets a depth level. Cover all 4 for critical features:
+
+1. **Exists** — file/function/endpoint is present
+2. **Substantive** — real implementation, not a stub or placeholder
+3. **Wired** — connected to the rest of the system (imported, routed, configured)
+4. **Functional** — actually works when invoked with real input
+
+Before issuing PASS, scan for stubs: `grep -rn "TODO\|FIXME\|placeholder\|not.implemented" --include="*.js" --include="*.ts" --include="*.py" src/ || true`
+Do not flag test fixtures, documentation examples, or planned future work in SPEC.md.
+
 ## Before Issuing PASS
 
 Your report must include at least one adversarial probe (boundary value, concurrent request,

package/templates/commands/build-fix.md

@@ -38,3 +38,8 @@ for diagnosis and resolution.
 - Tests failing after dependency update
 - CI is red and you need to fix locally before pushing
 - After a large refactor that introduced errors
+
+## Trigger Phrases
+- "fix the build"
+- "build is broken"
+- "tests are failing"

package/templates/commands/commit-push-pr.md

@@ -64,3 +64,9 @@ Only used for release merges after /sync has been run.
 Ask the user which base branch to target before creating a PR.
 
 Use gh pr create for PR creation.
+
+## Trigger Phrases
+- "commit and push"
+- "create a PR"
+- "ship it"
+- "push my changes"

package/templates/commands/compact-safe.md

@@ -10,3 +10,8 @@ After compaction, briefly confirm:
 - Current task
 - Current branch
 - What was just being worked on
+
+## Trigger Phrases
+- "compact context"
+- "free up context"
+- "running low on context"

package/templates/commands/conflict-resolver.md

@@ -43,3 +43,8 @@ If anything fails, fix it.
   Use exactly this message format — no trailers or Co-Authored-By lines.
 
 Do NOT push. Do NOT create a PR. The user will run /sync next.
+
+## Trigger Phrases
+- "resolve conflicts"
+- "fix merge conflicts"
+- "merge conflict"

package/templates/commands/end.md

@@ -4,6 +4,10 @@ description: "Mid-task stop — writes handoff file and session summary for next
 
 Use this ONLY when stopping work mid-task without committing.
 
+When invoked with arguments, use them as the description of current work. Example: `/end implementing user registration`
+
+Arguments: $ARGUMENTS
+
 Do NOT update PROGRESS.md — /sync handles that on develop after merging.
 
 ## Pre-flight: Worktree Safety
@@ -35,3 +39,9 @@ If you are working in a git worktree (not the main checkout):
 5. git commit -m "wip: handoff for [task description]"
    Use exactly this message format — no trailers or Co-Authored-By lines.
 6. git push
+
+## Trigger Phrases
+- "stop working"
+- "end session"
+- "save and stop"
+- "I need to go"

package/templates/commands/learn.md

@@ -0,0 +1,33 @@
+---
+description: "Capture a correction or convention as a persistent learning"
+---
+
+The user wants to capture a learning from this session.
+
+When invoked with arguments, use them as the learning to capture.
+Example: `/learn Always use conventional commits for this project`
+
+If no arguments provided, ask the user what they want to remember.
+
+Format it as a [LEARN] block:
+
+[LEARN] Category: One-line rule description
+Mistake: What went wrong (optional)
+Correction: What should happen instead (optional)
+
+Write this to `.claude/learnings/{category-slug}.md` with YAML frontmatter:
+- created: today's date (YYYY-MM-DD)
+- category: from the [LEARN] block
+- project: current project name (from package.json name field, or directory name)
+- times_applied: 0
+
+Update `.claude/learnings/index.json` to include the new entry.
+If index.json doesn't exist, create it with `{ "learnings": [] }`.
+
+Confirm to the user what was saved and where.
+
+## Trigger Phrases
+- "remember this"
+- "learn this"
+- "save this rule"
+- "capture this correction"

package/templates/commands/refactor-clean.md

@@ -7,6 +7,10 @@ runs INLINE in your current session — it reads uncommitted changes,
 improves them in place, and leaves everything uncommitted for
 /commit-push-pr.
 
+When invoked with arguments, use them to scope the cleanup. Example: `/refactor-clean src/core/merger.js`
+
+Arguments: $ARGUMENTS
+
 Do NOT spawn a subagent or worktree for this. Work directly on
 the files in the current working directory.
 
@@ -54,3 +58,9 @@ the files in the current working directory.
 - After implementing a feature, before /verify and /commit-push-pr
 - Weekly maintenance pass
 - When /review-changes flagged issues you want to fix
+
+## Trigger Phrases
+- "clean up the code"
+- "refactor this"
+- "simplify"
+- "tidy up"

package/templates/commands/review-changes.md

@@ -22,3 +22,8 @@ Only analyze and report.
 
 The user will decide which findings to act on and apply fixes themselves.
 Do NOT apply any fixes. Do NOT touch any files. REPORT ONLY.
+
+## Trigger Phrases
+- "review my changes"
+- "what did I change"
+- "code review"

package/templates/commands/review-plan.md

@@ -12,3 +12,8 @@ review the plan for:
 - SPEC.md alignment
 
 Wait for the review and address all feedback before proceeding.
+
+## Trigger Phrases
+- "review this plan"
+- "check my implementation plan"
+- "plan review"

package/templates/commands/setup.md

@@ -114,3 +114,8 @@ these files with real, project-specific content:
    features from the interview, marking completed items.
 
 Show the user what files were updated and offer to review each one.
+
+## Trigger Phrases
+- "set up the project"
+- "configure this project"
+- "project interview"

package/templates/commands/start.md

@@ -5,6 +5,10 @@ description: "Load session context, check for handoff files, detect drift since
 The SessionStart hook has already loaded CLAUDE.md, PROGRESS.md,
 and the most recent session summary into context.
 
+When invoked with arguments, use them as the task focus. Example: `/start implement auth module`
+
+Arguments: $ARGUMENTS
+
 Your job is to supplement that with drift detection and additional context.
 
 ## 1. Drift Detection
@@ -73,3 +77,9 @@ Summarize:
 - What was last completed (from session summary loaded by hook)
 - What's next (from PROGRESS.md loaded by hook)
 - Any blockers or notes
+
+## Trigger Phrases
+- "start a new session"
+- "begin working"
+- "load context"
+- "what changed since last time"

package/templates/commands/status.md

@@ -8,3 +8,8 @@ Report current session state:
 - Test status (last run results)
 - Context usage estimate
 - Any blockers or pending decisions
+
+## Trigger Phrases
+- "what's the status"
+- "where am I"
+- "what am I working on"

package/templates/commands/sync.md

@@ -52,3 +52,8 @@ and tell the user to run /conflict-resolver first.
    Use exactly this message format — no trailers or Co-Authored-By lines.
 10. git push origin develop
 11. gh pr create --base main with description of what was merged
+
+## Trigger Phrases
+- "sync progress"
+- "update shared files"
+- "post-merge sync"

package/templates/commands/techdebt.md

@@ -11,3 +11,8 @@ Scan the codebase for technical debt:
 - Inconsistent patterns
 
 Report findings organized by severity. Fix quick wins directly.
+
+## Trigger Phrases
+- "find tech debt"
+- "scan for issues"
+- "code quality scan"

package/templates/commands/test-coverage.md

@@ -55,3 +55,8 @@ Delegates to the test-writer agent for test creation.
 - After implementing a large feature
 - When coverage drops below project threshold (check CLAUDE.md)
 - During periodic maintenance
+
+## Trigger Phrases
+- "check test coverage"
+- "what needs tests"
+- "coverage gaps"

package/templates/commands/update-claude-md.md

@@ -11,3 +11,8 @@ Review what happened:
 
 Write the proposed additions to the Gotchas section or
 Critical Rules section. Show the diff before applying.
+
+## Trigger Phrases
+- "update CLAUDE.md"
+- "add to rules"
+- "update project rules"

package/templates/commands/upstream-check.md

@@ -0,0 +1,85 @@
+---
+description: "On-demand check of Anthropic upstream feeds (Claude Code releases, SDK changelogs, blog, status)"
+---
+
+Fetch the anthropic-watch feeds and report a concise summary of upstream changes.
+This is a stateless, on-demand status check — no caching, no persistence.
+
+Feed base URL: `https://sefaertunc.github.io/anthropic-watch/feeds/`
+
+## 1. Fetch Run Report
+
+```bash
+curl -s --max-time 10 https://sefaertunc.github.io/anthropic-watch/feeds/run-report.json
+```
+
+If the fetch fails (non-zero exit, empty body, or non-JSON output), report:
+
+```
+Could not reach anthropic-watch feeds.
+```
+
+and stop.
+
+Otherwise, parse the JSON and extract:
+
+- `timestamp` — when the scraper last ran
+- `sources[]` — list of all 16 sources with `{key, name, category, status, newItemCount, error}`
+
+Count how many sources have `status: "ok"` vs errored sources. List each errored source
+with its error message.
+
+## 2. Fetch All Items
+
+```bash
+curl -s --max-time 10 https://sefaertunc.github.io/anthropic-watch/feeds/all.json
+```
+
+Apply the same failure handling.
+
+Otherwise, parse and take the **10 most recent items** (they are already sorted
+newest-first). Group them by `sourceCategory` (`core` vs `extended`).
+
+For each item show:
+
+- Title
+- Source name (`sourceName`)
+- Date (relative like "2 days ago" when you can compute it, otherwise ISO date)
+- URL
+
+## 3. Highlight Claude Code-Critical Items
+
+Any item whose `source` is one of:
+
+- `claude-code-releases`
+- `claude-code-changelog`
+- `npm-claude-code`
+- `agent-sdk-ts-changelog`
+- `agent-sdk-py-changelog`
+
+directly affects scaffolded worclaude infrastructure. Flag these with a `[CRITICAL]`
+prefix in the listing so the user notices them first.
+
+## 4. Closing Summary
+
+End with a single line:
+
+```
+X new items since {timestamp}. Y/16 sources healthy.
+```
+
+Where X is the total item count across all sources (sum of `newItemCount` from the
+run report) and Y is the healthy-source count.
+
+## Rules
+
+- Use only `curl` and shell builtins. Do not invoke `node` or `npm`.
+- Do not cache, persist, or diff against prior runs — this command is stateless.
+- Keep the output concise. This is a status check, not a research report.
+- If both feeds fail, stop after the first failure message.
+
+## Trigger Phrases
+- "check upstream"
+- "what changed in claude code"
+- "any anthropic updates"
+- "upstream status"

package/templates/commands/verify.md

@@ -3,6 +3,11 @@ description: "Run full project verification — tests, build, lint, type checkin
 ---
 
 Run full project verification:
+
+When invoked with arguments, use them to scope what to verify. Example: `/verify just the auth module`
+
+Arguments: $ARGUMENTS
+
 1. Run the test suite
 2. Run the build
 3. Run the linter
@@ -10,3 +15,9 @@ Run full project verification:
 5. Run any domain-specific verification
 
 Report results clearly. Do not proceed if any check fails.
+
+## Trigger Phrases
+- "verify everything"
+- "run all checks"
+- "is this working"
+- "test and lint"

package/templates/core/agents-md.md

@@ -0,0 +1,25 @@
+# AGENTS.md
+
+{project_name} — {description}
+
+## Tech Stack
+{tech_stack_filled_during_init}
+
+## Build & Test Commands
+{commands_filled_during_init}
+
+## Code Conventions
+- Follow existing patterns in the codebase
+- Test before committing
+- Read source files before modifying them
+- Ask if ambiguous, do not guess
+
+## Project Structure
+- `src/` — Source code
+- `tests/` — Test files
+- `docs/` — Documentation
+
+## Key Principles
+- Source of truth: docs/spec/SPEC.md
+- One task at a time, verify each before moving on
+- Never invent features not in the specification

package/templates/core/claude-md.md

@@ -16,6 +16,7 @@
 See `.claude/skills/` — load only what's relevant:
 - context-management/SKILL.md — Session lifecycle
 - claude-md-maintenance/SKILL.md — CLAUDE.md self-healing
+- coding-principles/SKILL.md — Behavioral principles: assumptions, simplicity, surgical changes, verification
 - git-conventions/SKILL.md — Commits, branches, versioning
 - planning-with-files/SKILL.md — Implementation planning
 - prompt-engineering/SKILL.md — Prompting patterns and quality
@@ -45,6 +46,22 @@ See `.claude/skills/` — load only what's relevant:
 7. Mediocre fix → scrap it, implement elegantly.
 8. Feature branches NEVER modify shared-state files. Those are updated only on develop via /sync after merging PRs. See git-conventions.md Shared-State Files for the canonical list.
 9. Never add Co-Authored-By trailers, AI attribution footers, or "Generated with" signatures to commits or PRs.
+10. Surgical changes only — every changed line must trace to the request. Don't "improve" adjacent code, comments, or formatting.
+11. Push back when simpler approaches exist. Present alternatives, don't pick silently.
+12. Transform tasks to success criteria. "Fix the bug" → "Write a failing test, then make it pass."
+
+## Memory Architecture
+
+- This file: static project rules. Keep under 200 lines.
+- Native memory (`/memory`): auto-captured project knowledge.
+- Persistent corrections: `.claude/learnings/` via [LEARN] blocks or `/learn`.
+- Path-scoped rules: `.claude/rules/` with YAML frontmatter.
+- Session state: `.claude/sessions/` (gitignored).{memory_architecture_extras}
+- Do NOT write session learnings or auto-captured patterns here.
+
+## Learnings
+
+Corrections captured via [LEARN] blocks live in `.claude/learnings/`. SessionStart loads recent ones automatically.
 
 ## Gotchas
 [Grows during development]

package/templates/hooks/README.md

@@ -0,0 +1,106 @@
+# Worclaude Hooks
+
+This directory holds Node.js hook scripts that `worclaude init` copies
+into `.claude/hooks/` of the scaffolded project. Each script corresponds
+to a `hooks[<event>]` entry in `templates/settings/base.json`.
+
+`scaffoldHooks()` only copies `*.cjs` and `*.js` files — this `README.md`
+and everything under `examples/` stays in the Worclaude repo and is NOT
+shipped into user projects.
+
+## Scaffolded hooks
+
+| File | Event | Purpose |
+|---|---|---|
+| `pre-compact-save.cjs` | `PreCompact` | Writes a git context snapshot to `.claude/sessions/` before auto-compaction so nothing is lost if compaction truncates state. |
+| `correction-detect.cjs` | `UserPromptSubmit` | Regex-matches user prompts against correction patterns and learn signals. On match, writes a hint to `.claude/.correction-hint`. |
+| `learn-capture.cjs` | `Stop` | Scans the session transcript for `[LEARN] …` blocks and persists them to `.claude/learnings/` with an `index.json`. Uses a file-based re-entry flag to tolerate hypothetical re-entrant Stop events. |
+| `skill-hint.cjs` | `UserPromptSubmit` | Token-overlap match between the user's prompt and installed skill directory names. Emits a `[Skill hint]` line when a match is found. |
+
+All scripts:
+- use the `.cjs` extension so `require()` works regardless of the host project's `package.json` `"type": "module"` setting
+- read JSON from stdin, handle malformed input gracefully, and always exit 0
+- suppress stderr noise from git or filesystem helpers
+
+## Hook profiles
+
+Every hook except `SessionStart`, `PostCompact`, and `PreCompact` is
+gated by the `WORCLAUDE_HOOK_PROFILE` environment variable:
+
+| Profile | Runs |
+|---|---|
+| `minimal` | Only context-loading hooks (`SessionStart`, `PostCompact`, `PreCompact`). All other hooks exit immediately. |
+| `standard` (default) | All hooks including formatter on `PostToolUse`, learnings capture on `Stop`, notifications on `SessionEnd`/`Notification`. |
+| `strict` | Standard + TypeScript type-checking after every `Write`/`Edit`. |
+
+Users override the profile via shell env: `export WORCLAUDE_HOOK_PROFILE=minimal`.
+
+## Handler types
+
+Claude Code supports three hook handler types. Worclaude scaffolds
+`type: "command"` hooks; the others are available for custom use.
+
+### `command` (what we scaffold)
+
+Runs a shell command. Stdin receives JSON context; stdout/stderr are
+surfaced in the session.
+
+```json
+{
+  "type": "command",
+  "command": "node .claude/hooks/my-hook.cjs",
+  "async": true
+}
+```
+
+### `prompt` (cheap LLM-powered validation)
+
+Runs a small prompt through a Claude model (defaults to Haiku).
+`$ARGUMENTS` is replaced with the hook's input JSON. The model must
+reply with `{"ok": true}` or `{"ok": false, "reason": "..."}`. An `ok:
+false` response blocks the tool with the reason displayed.
+
+```json
+{
+  "type": "prompt",
+  "prompt": "Check this: $ARGUMENTS. Reply {\"ok\": true} or {\"ok\": false, \"reason\": \"...\"}.",
+  "model": "haiku",
+  "timeout": 30
+}
+```
+
+`model` is a sibling of `type`; the `model` field accepts aliases
+(`haiku`, `sonnet`, `opus`) or full model IDs. Default timeout is 30s.
+
+### `agent` (full subagent invocation)
+
+Runs a subagent. Heaviest option — use sparingly.
+
+## Prompt-hook example
+
+`examples/prompt-hook-commit-validator.json` is a complete, valid
+`PreToolUse` prompt hook that validates git commit messages against
+Conventional Commits. To enable it in a scaffolded project:
+
+1. Open the project's `.claude/settings.json`.
+2. Merge the `PreToolUse` entry from the example into the `hooks`
+   object (or append if `PreToolUse` already exists).
+3. Test by running `git commit -m 'bad message'` inside a Claude Code
+   session — the hook should reject with a reason.
+
+Prompt hooks consume Haiku tokens. Expect a few cents per 1000 commits.
+
+## Adding custom hooks
+
+- Drop a new `.cjs` or `.js` into `.claude/hooks/`.
+- Reference it from `.claude/settings.json` under the appropriate event.
+- Gate it on `WORCLAUDE_HOOK_PROFILE` if it is expensive or optional.
+- `disableSkillShellExecution` in Claude Code settings does NOT affect
+  hook scripts — hooks are executed by the Claude Code hook runtime,
+  not by skill inline-shell evaluation. Hook scripts run even when
+  `disableSkillShellExecution` is enabled.
+
+## Further reading
+
+- Claude Code hooks reference: `/docs/reference/hooks.md` in this repo.
+- Worclaude hook profiles: `CLAUDE.md` of this repo, "Hook Profiles" section.