Clawback releases Claude Code hook layer for stop-checks and PostToolUse enforcement

• A Reddit post announcing Clawback turns the leaked USER_TYPE === 'ant' verification pattern into a public hook kit, and the Clawback repo says its stop hook blocks Claude Code from finishing until typecheck and lint pass.
• The same post splits the design into mechanical hooks and a behavioral CLAUDE.md, while the official hooks guide describes hooks as a way to get deterministic control instead of hoping the model chooses to run checks.
• Alex Kim's leak analysis and the main HN thread helped establish the backdrop: fake-tool anti-distillation, frustration regexes, compaction quirks, and other internal guardrails were sitting in a leaked source map.
• Claude Code Unpacked mapped the leaked CLI at 50 plus tools and 70 plus commands, and its HN discussion framed that complexity as the state-management cost of making an agent CLI behave consistently.

You can read the Clawback repo, compare it with iamfakeguru's claude-md, and cross-check the public extension points in Anthropic's hooks reference. Claude Code Unpacked also gives a quick visual map of the agent loop, tool system, and the unreleased features people kept pulling out of the leak.

Clawback is a small but telling follow-up to the Claude Code source-map leak. Instead of copying internal flags, the repo uses Claude Code's public hooks API to recreate the part people actually wanted: hard stop-checks.

Its five-hook layout is very literal:

• protect-files on PreToolUse blocks edits to .env, lockfiles, and .git/
• post-edit on PostToolUse runs formatting and report-only lint after edits
• stop-verify on Stop runs full typecheck plus lint, with a three-strike circuit breaker
• post-compact on PostCompact re-injects git state and gotchas.md
• notification on Notification surfaces desktop alerts

The interesting design choice is the split between prompt guidance and enforced checks. The Reddit write-up explicitly calls prompts requests and hooks guarantees, which is almost a direct answer to iamfakeguru's claude-md: prompt engineering can reconstruct behavior, but it can still be skipped under context pressure.

That framing matches Anthropic's own wording. In the official hooks guide, hooks are described as deterministic controls that ensure actions happen at specific lifecycle points, including validation, formatting, and project rule enforcement.

The broader story is how fast the leak turned into reference material and third-party tooling. Claude Code Unpacked turned the codebase into an explorable map of the agent loop, source tree, tool system, and hidden features, while its HN thread treated the 500K line size as evidence of how much defensive machinery sits behind a coding agent CLI.

Clawback takes a narrower path than the leak tourism. It picks one concrete internal pattern, verification before completion, and ships it back as an installable layer on top of documented hook events such as PreToolUse, PostToolUse, Stop, and PostCompact in Anthropic's hooks reference.