Documentation
¶
Overview ¶
Package integrity provides hook integrity verification via SHA-256.
TokMan installs a PreToolUse hook (tokman-rewrite.sh) that auto-approves rewritten commands. Because this hook bypasses Claude Code's permission prompts, any unauthorized modification represents a command injection vector.
This module provides:
- SHA-256 hash computation and storage at install time
- Runtime verification before command execution
- Manual verification via `tokman verify`
Index ¶
Constants ¶
const HashFilename = ".tokman-hook.sha256"
HashFilename is the filename for the stored hash (dotfile alongside hook)
const HookFilename = "tokman-rewrite.sh"
HookFilename is the expected hook script filename
Variables ¶
This section is empty.
Functions ¶
func ComputeHash ¶
ComputeHash computes SHA-256 hash of a file, returned as lowercase hex
func RemoveHash ¶
RemoveHash removes the stored hash file (called during uninstall)
func ResolveHookPath ¶
ResolveHookPath resolves the default hook path (~/.claude/hooks/tokman-rewrite.sh)
func RuntimeCheck ¶
func RuntimeCheck() error
RuntimeCheck performs a runtime integrity gate.
Behavior:
- Verified / NotInstalled / NoBaseline: silent, continue (returns nil)
- Tampered: returns error with details
- OrphanedHash: logs warning, continues (returns nil)
No env-var bypass is provided — if the hook is legitimately modified, re-run `tokman init` to re-establish the baseline.
func StoreHash ¶
StoreHash stores SHA-256 hash of the hook script after installation.
Format is compatible with `sha256sum -c`:
<hex_hash> tokman-rewrite.sh
The hash file is set to read-only (0444) as a speed bump against casual modification. Not a security boundary — an attacker with write access can chmod it — but forces a deliberate action rather than accidental overwrite.
Types ¶
type IntegrityStatus ¶
type IntegrityStatus int
IntegrityStatus represents the result of hook integrity verification
const ( // StatusVerified indicates hash matches - hook is unmodified since last install StatusVerified IntegrityStatus = iota // StatusTampered indicates hash mismatch - hook has been modified outside of tokman init StatusTampered // StatusNoBaseline indicates hook exists but no stored hash (installed before integrity checks) StatusNoBaseline // StatusNotInstalled indicates neither hook nor hash file exist (TokMan not installed) StatusNotInstalled // StatusOrphanedHash indicates hash file exists but hook was deleted StatusOrphanedHash )
func (IntegrityStatus) String ¶
func (s IntegrityStatus) String() string
String returns a human-readable status name
type VerificationResult ¶
type VerificationResult struct {
Status IntegrityStatus
Expected string // Expected hash (for StatusTampered)
Actual string // Actual hash (for StatusTampered)
HookPath string // Path to the hook file
HashPath string // Path to the hash file
}
VerificationResult contains detailed verification results
func VerifyHook ¶
func VerifyHook() (*VerificationResult, error)
VerifyHook verifies hook integrity against stored hash using default path
func VerifyHookAt ¶
func VerifyHookAt(hookPath string) (*VerificationResult, error)
VerifyHookAt verifies hook integrity for a specific hook path (testable)
Source Files