nhcarrigan/hikari-desktop
9
0
Fork 0
generated from nhcarrigan/template
Code Issues 9 Pull Requests 36 Actions Releases 22 Activity

chore: review hook security fixes from CLI 2.1.51 #163

New Issue
Closed
opened 2026-02-25 08:51:32 -08:00 by hikari · 0 comments
hikari commented 2026-02-25 08:51:32 -08:00
Owner
Copy Link
Copy Source

Context

Claude CLI v2.1.51 included two security fixes related to hooks:

  1. statusLine & fileSuggestion hooks: These could previously execute without workspace trust acceptance in interactive mode. Fixed in v2.1.51.
  2. HTTP hooks: Could previously interpolate arbitrary environment variables from header values. Fixed in v2.1.51.

Hikari Desktop uses hooks (including statusLine) to communicate character state and receive data from Claude Code.

Action Required

  • Review our hook implementation in the codebase to understand which hook types we use
  • Verify our hooks behave correctly after the security fixes (no regressions)
  • If we use HTTP hooks, audit header values for any env variable interpolation patterns
  • Update our Claude CLI dependency to v2.1.51+ if not already done

This issue was created with help from Hikari~ 🌸

## Context Claude CLI v2.1.51 included two security fixes related to hooks: 1. **statusLine & fileSuggestion hooks**: These could previously execute without workspace trust acceptance in interactive mode. Fixed in v2.1.51. 2. **HTTP hooks**: Could previously interpolate arbitrary environment variables from header values. Fixed in v2.1.51. Hikari Desktop uses hooks (including `statusLine`) to communicate character state and receive data from Claude Code. ## Action Required - [ ] Review our hook implementation in the codebase to understand which hook types we use - [ ] Verify our hooks behave correctly after the security fixes (no regressions) - [ ] If we use HTTP hooks, audit header values for any env variable interpolation patterns - [ ] Update our Claude CLI dependency to v2.1.51+ if not already done ✨ This issue was created with help from Hikari~ 🌸
naomi closed this issue 2026-02-25 22:55:48 -08:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
aspect
code
Concerns the software code in the repository
aspect
dx
Concerns developers' experience with the codebase
aspect
interface
Concerns end-users' experience with the software
aspect
text
Concerns the documentation material in the repository
contribute
good first issue
A great opportunity for a team member to learn a new codebase
contribute
help wanted
Open for anyone on our team to grab.
contribute
staff only
Restricted to our executive leadership.
goal
addition
Addition of new feature
goal
fix
Bug fix
goal
improvement
Improvement to an existing feature
points
1
Very simple issue requiring minimal effort and complexity.
points
13
Extremely complex issue representing major undertakings. Should be broken down into smaller pieces.
points
2
Simple issue that requires a bit more thought or investigation.
points
3
Moderate complexity issue requiring more substantial work.
points
5
Complex issue requiring significant effort and expertise.
points
8
Very complex issue requiring extensive work and deep expertise.
priority
critical
1
Must be fixed ASAP
priority
high
2
Stalls work on the project or its dependents
priority
low
4
Low priority and doesn't need to be rushed
priority
medium
3
Not blocking but should be fixed soon
priority
none
5
No priority, should only be performed when a developer is available
status
awaiting triage
Has not been triaged & therefore, not ready for work
status
blocked
Blocked and therefore not ready for work
status
discarded
Will not be worked on
status
discontinued
Not suitable for work as repo is in maintenance
status
label work required
Needs proper labelling before it can be worked on
status
ready for dev
Ready for work
status
ticket work required
Needs more details before it can be worked on
talk
discussion
Open for discussions and feedback
talk
question
Can be resolved with an answer
time
1 day
Approximately one full day of development work.
time
1-2 weeks
One to two weeks of focused development effort.
time
2-3 days
Two to three days of development effort.
time
4-5 days
Approximately one week of development work.
time
<1 day
Less than one day of focused work. Quick fixes or simple tasks.
time
>2 weeks
More than two weeks of development work. Must be broken down into smaller pieces.
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
gurkirat hanna (Hanna Rose) hikari (Hikari) minori (Minori) naomi (Naomi Carrigan) rain teklu tim
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: nhcarrigan/hikari-desktop#163
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?