Skip to main content
This cookbook shows how to use hooks to validate code changes, enforce security policies, and maintain code quality standards before Droid makes changes.

How it works

Validation hooks can:
  1. Block unsafe operations: Prevent edits to sensitive files or directories
  2. Enforce standards: Check code against style guides and best practices
  3. Validate security: Scan for secrets, vulnerabilities, and security issues
  4. Provide feedback: Give Droid specific guidance on what to fix
  5. Run checks: Execute linters, type checkers, and custom validators

Prerequisites

Install validation tools for your stack:

Basic validation

Block sensitive file edits

Prevent Droid from modifying critical files. Create .factory/hooks/protect-files.sh:
Add to .factory/hooks.json:

Validate TypeScript syntax

Check TypeScript files for type errors before accepting edits. Create .factory/hooks/validate-typescript.sh:
For PostToolUse validation:

Security validation

Secret detection

Prevent committing secrets and credentials. Create .factory/hooks/scan-secrets.sh:
Add to .factory/hooks.json:

Dependency security scanning

Check for vulnerable dependencies. Create .factory/hooks/check-deps.sh:
Add to .factory/hooks.json:

Code quality validation

Enforce linting rules

Validate code against linting rules before accepting changes. Create .factory/hooks/lint-check.sh:
Add to .factory/hooks.json:

Complexity checks

Reject overly complex code. Create .factory/hooks/check-complexity.py:
Add to .factory/hooks.json:

Advanced validation

Custom business logic validation

Enforce domain-specific rules. Create .factory/hooks/validate-business-logic.sh:
Add to .factory/hooks.json:

Architecture compliance

Ensure code follows architecture patterns. Create .factory/hooks/check-architecture.py:
Add to .factory/hooks.json:

Best practices

1

Provide clear feedback

When blocking operations, explain what’s wrong and how to fix it:
2

Use warnings vs. errors appropriately

Not everything needs to block Droid:
3

Performance matters

Keep validation fast:
4

Make rules configurable

Allow teams to customize validation:
5

Test your validators

Create test files that should pass and fail:

Troubleshooting

False positives

Problem: Validation blocks legitimate code Solution: Add exclusion patterns:

Validation too slow

Problem: Hooks take too long to run Solution: Optimize validation:

Inconsistent with CI

Problem: Hook passes but CI fails Solution: Use same tools and configs:

See also