You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Q&A: SpecLock vs writing custom hooks — when should I use which?
Got this question a few times this week so I want to answer it honestly, including the cases where you should NOT use SpecLock.
TL;DR
Use case
Recommendation
Block edits to .env or binary files
Custom hook (5 lines, done)
Enforce "no force pushes to main"
Custom hook (git hook)
Enforce rules written in natural language in CLAUDE.md
SpecLock
Catch synonym/rewording drift
SpecLock
Track decisions across sessions
SpecLock
One-off project with 2 rules
Custom hook
20+ rules, multiple AI tools (Claude/Cursor/Copilot)
SpecLock
When custom hooks are the right call
If your rule is binary and file-based, just write a hook. Example: "Never let Claude edit production.env."
#!/bin/bash# .git/hooks/pre-commitif git diff --cached --name-only | grep -q "production.env";thenecho"Error: production.env is locked."exit 1
fi
Done. Five lines. You don't need SpecLock for this. Anyone telling you otherwise is selling something.
Where SpecLock earns its keep
The moment your rules become semantic — i.e., written as prose in CLAUDE.md like "always use the repository pattern for database access" or "never delete tests, only skip them" — naive grep hooks fall apart because:
Auto-extraction: SpecLock parses your CLAUDE.md and turns prose rules into enforceable locks automatically. You don't hand-write regex per rule.
Synonym taxonomy: "delete", "remove", "purge", "wipe", "sweep away", "clean up", "drop" all map to the same intent. A grep hook catches one. SpecLock catches all of them.
Intent detection: "refactor out the auth middleware" reads as a refactor. SpecLock recognizes it as a delete-with-extra-steps.
Multi-tool coverage: Claude Code, Cursor, and Copilot all read from the same lock registry. You don't maintain three sets of hooks.
Concrete example
Your CLAUDE.md has this rule:
Never remove the rate limiter middleware from api/middleware/. It's protecting us from a specific abuse pattern.
With a custom hook, you'd write:
if git diff --cached | grep -q "rate.*limit";then ... fi
This breaks when the AI:
Renames the file instead of deleting it
Inlines the logic somewhere else and removes the file
Comments out the app.use(rateLimiter) line
With SpecLock, you run:
npx speclock protect
It extracts the rule, builds a semantic lock, and catches all three cases because it understands "removing a middleware" means more than "deleting a file with 'rate' in the name."
So which should I use?
Both. For simple file-level stuff, use git hooks. For natural-language rules from CLAUDE.md, use SpecLock. They're not competitors — they solve different problems.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Q&A: SpecLock vs writing custom hooks — when should I use which?
Got this question a few times this week so I want to answer it honestly, including the cases where you should NOT use SpecLock.
TL;DR
.envor binary filesCLAUDE.mdWhen custom hooks are the right call
If your rule is binary and file-based, just write a hook. Example: "Never let Claude edit
production.env."Done. Five lines. You don't need SpecLock for this. Anyone telling you otherwise is selling something.
Where SpecLock earns its keep
The moment your rules become semantic — i.e., written as prose in
CLAUDE.mdlike "always use the repository pattern for database access" or "never delete tests, only skip them" — naive grep hooks fall apart because:CLAUDE.mdand turns prose rules into enforceable locks automatically. You don't hand-write regex per rule.Concrete example
Your
CLAUDE.mdhas this rule:With a custom hook, you'd write:
This breaks when the AI:
app.use(rateLimiter)lineWith SpecLock, you run:
It extracts the rule, builds a semantic lock, and catches all three cases because it understands "removing a middleware" means more than "deleting a file with 'rate' in the name."
So which should I use?
Both. For simple file-level stuff, use git hooks. For natural-language rules from
CLAUDE.md, use SpecLock. They're not competitors — they solve different problems.Questions? Drop them below.
Beta Was this translation helpful? Give feedback.
All reactions