[FEATURE] Have SessionStart (or a new hook) that can prevent the session from starting up at all

Resolved 💬 4 comments Opened Apr 6, 2026 by Drizzt321 Closed May 18, 2026

Preflight Checklist

  • [x] I have searched existing requests and this feature hasn't been requested yet
  • [x] This is a single feature request (not multiple features)

Problem Statement

I'm trying to add a CLAUDE.md and other critical files integrity check, to try and prevent malicious updating/overwriting of CLAUDE.md (at least the ~/.claude/CLAUDE.md). I did find that UserPromptSubmit can block (and then present the user with the error message), but that's messy and annoying and an additional thing to have run every time I submit a prompt, even if all it's doing is checking if a file exists from the SessionStart hook which found the critical files integrity (via sha256 hash) has changed, and so creates a known file to block user input.

Proposed Solution

Have SessionStart or new hook (perhaps SystemStartup?) allow exit status 2 to block/terminate from things starting up and display the STDERR.

Alternative Solutions

SessionStart performs the integrity check, if fails, sets a known file.
UserPromptSubmit then checks, on every user input, if that file exists. If it does, blocks input and STDERR an error message to be displayed to the user.

Priority

Medium - Would be very helpful

Feature Category

Configuration and settings

Use Case Example

When updating CLAUDE.md, after doing so, run update-integrity-check.sh, this:

  1. Takes sha256 of set of critical files, stores them to a .integrity file
  2. Ensures that file is 400 permissions

On Claude Code startup:

  1. startup-guard-hook.ts goes through the same list of critical files, for each
  2. Take sha256 of each file, compares to the sha256 in .integrity file
  3. If one doesn't match, exit 2 with error message
  4. Assuming all pass, exit cleanly

I do have a separate PreToolUse hook which is checking for various attempts to read/edit/etc the .integrity or the startup hook or the update shell script, to help prevent an agent which has been compromised from possibly modifying/preventing detection. Not perfect, but layered protections.

Additional Context

_No response_

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗