Skip to main content
This document explains how failproofai works internally: how the hook system intercepts agent tool calls, how configuration is loaded and merged, how policies are evaluated, and how the dashboard monitors agent activity.

Overview

failproofai has two independent subsystems:
  1. Hook handler - A fast CLI subprocess that Claude Code invokes on every agent tool call. Evaluates policies and returns a decision.
  2. Agent Monitor (Dashboard) - A Next.js web application for monitoring agent sessions and managing policies.
Both subsystems share configuration files in ~/.failproofai/ and the project’s .failproofai/ directory, but they run as separate processes and communicate only through the filesystem.

Hook handler

Integration with Claude Code

When you run failproofai policies --install, it writes entries like this into ~/.claude/settings.json:
Claude Code then invokes failproofai --hook PreToolUse as a subprocess before each tool call, passing a JSON payload on stdin.

Payload format

For PostToolUse events, the payload also contains tool_result with the tool’s output. The handler enforces a 1 MB stdin limit. Payloads exceeding this are discarded and all policies implicitly allow.

Response format

Deny (PreToolUse):
Deny (PostToolUse):
Instruct (any event except Stop):
Stop event instruct:
  • Exit code: 2
  • Reason written to stderr (not stdout)
Allow:
  • Exit code: 0
  • Empty stdout
Allow with message: allow(message) lets a policy send informational context back to Claude even when the operation is permitted. The hook handler writes the following JSON to stdout (not a config file — this is the handler’s response to Claude Code, just like deny and instruct responses above):
  • Exit code: 0 (operation is allowed)
  • When multiple policies return allow with a message, their messages are joined with newlines into a single additionalContext string
  • If no policy provides a message, stdout is empty (same as before)

Processing pipeline

src/hooks/handler.ts implements the full pipeline:
The entire process runs in under 100ms for typical payloads with no LLM calls.

Configuration loading

src/hooks/hooks-config.ts implements three-scope config loading.
Merge logic:
  • enabledPolicies - deduplicated union across all three files
  • policyParams - per-policy key, first file that defines it wins entirely
  • customPoliciesPath - first file that defines it wins
  • llm - first file that defines it wins
The web dashboard uses readHooksConfig() (global only) for reading and writing, since it is not invoked with a project cwd.

Policy evaluation

src/hooks/policy-evaluator.ts runs policies in order. For each policy:
  1. Look up the policy’s params schema (if it has one).
  2. Read policyParams[policy.name] from the merged config.
  3. Merge user-provided values over schema defaults to produce ctx.params.
  4. Call policy.fn(ctx) with the resolved context.
  5. If the result is deny, stop immediately and return that decision.
  6. If the result is instruct, accumulate the message and continue.
  7. If the result is allow, continue to the next policy.
After all policies run:
  • If any deny was returned, emit the deny response.
  • If any instruct returns were collected, emit a single instruct response with all messages joined.
  • Otherwise, emit an allow response (empty stdout, exit 0).

Builtin policies

src/hooks/builtin-policies.ts defines all 39 built-in policies as BuiltinPolicyDefinition objects:
Policies that accept params declare a PolicyParamsSchema with types and defaults for each parameter. The policy evaluator injects resolved values into ctx.params before calling fn. Policy functions read ctx.params without null-guarding because defaults are always applied first. Pattern matching inside policies uses parsed command tokens (argv), not raw string matching. This prevents bypass via shell operator injection (e.g. a pattern for sudo systemctl status * cannot be bypassed by appending ; rm -rf / to the command).

Custom policies

src/hooks/custom-hooks-registry.ts implements a globalThis-backed registry:
src/hooks/custom-hooks-loader.ts loads the user’s policy file:
  1. Read customPoliciesPath from config; skip if absent.
  2. Resolve to absolute path; check file exists.
  3. Rewrite all from "failproofai" imports to the actual dist path so customPolicies resolves to the same globalThis registry.
  4. Recursively rewrite transitive local imports to ensure ESM compatibility.
  5. Write temporary .mjs files and import() the entry file.
  6. Call getCustomHooks() to retrieve registered hooks.
  7. Clean up all temp files in a finally block.
On any error (file not found, syntax error, import failure), the error is logged to ~/.failproofai/hook.log and the loader returns an empty array. Built-in policies are unaffected. Custom policies are evaluated after all built-in policies. A custom policy deny still short-circuits further custom policies (but all built-ins have already run by that point).

Activity logging

After each hook event, the handler appends a JSONL line to ~/.failproofai/hook-activity.jsonl:
One line per policy that made a non-allow decision. Allow decisions are not logged (to keep the file small).

Dashboard architecture

The dashboard is a Next.js 16 application using the App Router with React Server Components and Server Actions.
Data flow:
  • Page components call lib/projects.ts and lib/log-entries.ts to read project/session data directly from the filesystem (no API layer for reads).
  • The Policies page uses Server Actions for all mutations (toggle, params update, install/remove).
  • The session viewer parses Claude’s JSONL transcript format and renders a timeline of messages and tool calls.
Key design decisions:
  • No database - all persistent state is in plain files (~/.failproofai/, ~/.claude/projects/).
  • Server Actions for mutations - no REST API needed for CRUD operations.
  • React Server Components for read pages - faster initial load, no client bundle for data fetching.
  • Client components only where interactivity is needed (policy toggles, activity search, log viewer).

File layout