Add Claude Code plugin for Overwatch#1
Conversation
Two-plugin marketplace (overwatch-mac, overwatch-windows) that routes Claude Code hook events (PreToolUse, PostToolUse, UserPromptSubmit, SessionStart, Stop, Notification) to Cerberus for real-time security evaluation. Fail-open on missing API key or network failure. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces the Highflame Overwatch plugin for Claude Code, providing hook adapters for macOS, Linux, and Windows to route security events to the Cerberus backend. Feedback suggests handling empty stdin in the shell script to prevent invalid JSON and reducing network timeouts in both the shell and PowerShell scripts to improve CLI responsiveness.
| EVENT="${2:-unknown}" | ||
|
|
||
| # Read IDE payload from stdin | ||
| payload=$(cat) |
There was a problem hiding this comment.
If stdin is empty, the payload variable will be empty, which results in invalid JSON being constructed on line 33 (e.g., ...,"payload":}). While Claude Code hooks typically provide a payload, it's safer to handle the empty case explicitly to ensure the request to Cerberus is always valid JSON, as is done in the PowerShell version.
| payload=$(cat) | |
| payload=$(cat) | |
| [ -z "$payload" ] && payload="{}" |
| $resp = Invoke-WebRequest ` | ||
| -Uri "$BaseUrl/v1/hooks/evaluate?format=ide" ` | ||
| -Method Post ` | ||
| -TimeoutSec 10 ` | ||
| -Headers @{ "Authorization" = "Bearer $ApiKey" } ` | ||
| -ContentType "application/json" ` | ||
| -Body $body ` | ||
| -UseBasicParsing |
There was a problem hiding this comment.
Similar to the shell script, a 10-second timeout for a blocking IDE hook can negatively impact the user experience during network latency. Reducing -TimeoutSec to 2 or 3 seconds is recommended for a more responsive feel.
$resp = Invoke-WebRequest `
-Uri "$BaseUrl/v1/hooks/evaluate?format=ide" `
-Method Post `
-TimeoutSec 2 `
-Headers @{ "Authorization" = "Bearer $ApiKey" } `
-ContentType "application/json" `
-Body $body `
-UseBasicParsing
- .sh: default payload to "{}" if stdin is empty (.ps1 already did)
- .sh / .ps1: drop HTTP timeout from 10s to 3s so fail-open doesn't
block interactive Claude Code tool calls on slow/unreachable Cerberus
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
Addressed the review feedback in 0a1afe2:
|
3 participants
Summary
overwatch-mac,overwatch-windows) routing Claude Code hook events to Cerberus (/v1/hooks/evaluate?format=ide).PreToolUse(matcher.*),PostToolUse(matcher.*),UserPromptSubmit,SessionStart,Stop,Notification.HIGHFLAME_API_KEYor network failure.Test plan
/plugin marketplace add file:///absolute/path/to/overwatch-claude-code+/plugin install overwatch-macin Claude CodeHIGHFLAME_API_KEY(andHIGHFLAME_URLfor local Cerberus); trigger a tool call; confirmPreToolUse+PostToolUsePOSTs land on the backendHIGHFLAME_API_KEY; confirm hook exits 0 silently (fail-open)overwatch-windows, verify.ps1executes and posts to Cerberus🤖 Generated with Claude Code