Pre-use hooks block the call before it runs. Post-use hooks observe and log. Each hook is also tagged by intent — audit & safety or velocity — so the compliance story stays legible.
secret-scanner audit & safety Blocks writes containing AWS keys, tokens, private keys, or Stripe secrets.
push-guard audit & safety Refuses force-push to protected branches. Refuses auto-push when disabled.
dangerous-command-guard audit & safety Blocks rm -rf /, git reset --hard, curl | sh, and a dozen other footguns.
commit-validator velocity Enforces conventional commit format (configurable).
branch-guard audit & safety Prevents commits directly to main/master or other protected branches.
dependency-alert audit & safety Alerts on new npm deps outside your approved scopes. Block or warn.
audit-logger audit & safety Appends every tool use to fastpace/audit.log — hash-chained for tamper evidence.
