Summary
SecurityValidator.hook.ts runs silently in fail-open/permissive mode after a fresh v4.0.x install because the PAISECURITYSYSTEM/patterns.yaml and PAISECURITYSYSTEM/patterns.example.yaml files were not carried forward from v3.0. Additionally, the hook fails entirely on startup due to a missing yaml npm package dependency.
Impact
- Security: All destructive command protections are inactive (rm -rf /, git push --force, disk operations, etc.) without any warning to the user
- Hook errors: Every Bash, Write, and Edit tool call produces a
PreToolUse error in the Claude Code UI until the package is installed
- Silent failure: The hook fails open by design, so users have no indication their security layer is non-functional
Root Causes
1. Missing yaml package dependency
SecurityValidator.hook.ts imports from 'yaml' but there is no package.json or node_modules in ~/.claude/. On a fresh v4.0.x install, every hook invocation fails at module load time:
error: Cannot find package 'yaml' from '/Users/asdf/.claude/hooks/SecurityValidator.hook.ts'
Fix: Add a package.json to ~/.claude/ with "yaml": "^2.7.0" and run bun install during the install process.
2. PAISECURITYSYSTEM directory not included in v4.0.x releases
The hook looks for patterns at two paths:
~/.claude/PAI/USER/PAISECURITYSYSTEM/patterns.yaml (user custom rules)~/.claude/PAI/PAISECURITYSYSTEM/patterns.example.yaml (system default)
Both files exist in v3.0 but are absent from v4.0.0, v4.0.1, v4.0.2, and v4.0.3 releases. The hook was retained and still references these paths.
Steps to Reproduce
- Fresh install from any v4.0.x release
- Open Claude Code — every Bash/Write/Edit tool call shows
PreToolUse:* error
- Check:
ls ~/.claude/PAI/PAISECURITYSYSTEM/ → directory does not exist
- Run hook manually:
echo '{"session_id":"test","tool_name":"Bash","tool_input":{"command":"rm -rf /"}}' | bun ~/.claude/hooks/SecurityValidator.hook.ts → Cannot find package 'yaml'
Manual Fix (applied locally)
# 1. Install missing yaml package
cat > ~/.claude/package.json << 'JSON'
{
"name": "pai-hooks",
"private": true,
"dependencies": {
"yaml": "^2.7.0"
}
}
JSON
cd ~/.claude && bun install
# 2. Copy patterns from v3.0 (most recent version that has them)
mkdir -p ~/.claude/PAI/PAISECURITYSYSTEM ~/.claude/PAI/USER/PAISECURITYSYSTEM
cp ~/repo/PAI/Releases/v3.0/.claude/skills/PAI/PAISECURITYSYSTEM/patterns.example.yaml \
~/.claude/PAI/PAISECURITYSYSTEM/patterns.example.yaml
cp ~/repo/PAI/Releases/v3.0/.claude/skills/PAI/USER/PAISECURITYSYSTEM/patterns.yaml \
~/.claude/PAI/USER/PAISECURITYSYSTEM/patterns.yamlAfter the fix, all four behaviors verified working:
- Safe commands →
{"continue":true}
rm -rf / → hard block, exit 2git push --force → confirm prompt- Write to
settings.json → confirm prompt
Suggested Fixes for v4.0.4+
- Add
package.json with yaml dependency to ~/.claude/ and call bun install in install.sh
- Restore
PAISECURITYSYSTEM/patterns.example.yaml and USER/PAISECURITYSYSTEM/patterns.yaml to the release package
- Consider adding a self-check to
install.sh that verifies the hook runs correctly post-install
Environment
- PAI version: 4.0.3
- Bun version: 1.3.10
- OS: macOS arm64 (Darwin 24.6.0)
Summary
SecurityValidator.hook.tsruns silently in fail-open/permissive mode after a fresh v4.0.x install because thePAISECURITYSYSTEM/patterns.yamlandPAISECURITYSYSTEM/patterns.example.yamlfiles were not carried forward from v3.0. Additionally, the hook fails entirely on startup due to a missingyamlnpm package dependency.Impact
PreToolUseerror in the Claude Code UI until the package is installedRoot Causes
1. Missing
yamlpackage dependencySecurityValidator.hook.tsimportsfrom 'yaml'but there is nopackage.jsonornode_modulesin~/.claude/. On a fresh v4.0.x install, every hook invocation fails at module load time:Fix: Add a
package.jsonto~/.claude/with"yaml": "^2.7.0"and runbun installduring the install process.2.
PAISECURITYSYSTEMdirectory not included in v4.0.x releasesThe hook looks for patterns at two paths:
~/.claude/PAI/USER/PAISECURITYSYSTEM/patterns.yaml(user custom rules)~/.claude/PAI/PAISECURITYSYSTEM/patterns.example.yaml(system default)Both files exist in v3.0 but are absent from v4.0.0, v4.0.1, v4.0.2, and v4.0.3 releases. The hook was retained and still references these paths.
Steps to Reproduce
PreToolUse:*errorls ~/.claude/PAI/PAISECURITYSYSTEM/→ directory does not existecho '{"session_id":"test","tool_name":"Bash","tool_input":{"command":"rm -rf /"}}' | bun ~/.claude/hooks/SecurityValidator.hook.ts→Cannot find package 'yaml'Manual Fix (applied locally)
After the fix, all four behaviors verified working:
{"continue":true}rm -rf /→ hard block, exit 2git push --force→ confirm promptsettings.json→ confirm promptSuggested Fixes for v4.0.4+
package.jsonwithyamldependency to~/.claude/and callbun installininstall.shPAISECURITYSYSTEM/patterns.example.yamlandUSER/PAISECURITYSYSTEM/patterns.yamlto the release packageinstall.shthat verifies the hook runs correctly post-installEnvironment