Wake hook events marked untrusted to close security gap

eleqtrizit

·Apr 6, 2026·#62003fix(hooks): mark wake hook events untrusted

External wake-hook payloads no longer enter the main session as trusted input after a one-line fix closes a security gap in how system events are queued.

External wake-hook content was being queued as a trusted system event, meaning it entered the main session with the same privileges as internal system operations. A single parameter change now marks these events as untrusted, blocking external content from masquerading as trusted input. The fix applies to both direct wake-hook requests and mapped action wake routes through the shared dispatch path. The change is narrow and surgical—only wake-hook payloads are affected, leaving other system-event producers untouched.

View Original GitHub Description

Summary

Marks wake-hook system events as untrusted when they are queued for the main session
Covers both direct /hooks/wake requests and mapped action: "wake" hook routes through the shared dispatch path

Changes

Passed trusted: false when dispatchWakeHook(...) enqueues hook wake text
Added a regression test that verifies direct and mapped wake payloads are queued as untrusted system events

Validation

Ran corepack pnpm test src/gateway/server.hooks.test.ts
Ran corepack pnpm test src/infra/system-events.test.ts
Attempted corepack pnpm build and confirmed the failure is due to unrelated pre-existing type errors in other packages/files outside this change
Attempted claude -p "/review", but the local reviewer exited before review output because it requested interactive GitHub approval

Notes

This change is intentionally narrow and only downgrades externally supplied wake-hook payloads; it does not alter other internal system-event producers