feat: Add pre/post-install script hooks to module installation#38
Merged
mrbrandao merged 9 commits intoRedHatProductSecurity:mainfrom Feb 10, 2026
Merged
Conversation
Add pre_install_hook and post_install_hook fields to Module dataclass. Add auto-discovery of hooks from lola.yaml file in module content directory. - Add optional hook fields to Module (default: None) - Parse lola.yaml and extract hooks.pre-install and hooks.post-install - Handle malformed YAML gracefully (ignore and continue) - Support both root and module/ subdirectory layouts - Add comprehensive tests for hook discovery Related to RedHatProductSecurity#37 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Add validation for pre_install_hook and post_install_hook fields. Ensure hook scripts exist and are within module directory boundary. - Validate hook script paths exist in content_path - Prevent path traversal attacks (../../ patterns) - Add comprehensive security and validation tests - Handle missing hooks gracefully (None values skip validation) Related to RedHatProductSecurity#37 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Add core hook execution function with security validation and timeout. Execute bash scripts with environment context and proper error handling. - Add _run_install_hook() to targets/install.py - Validate script exists and is within module directory - Set environment variables (LOLA_MODULE_NAME, LOLA_HOOK, etc.) - Execute with subprocess.run() from project directory - Handle timeouts (5 minute max) - Capture and display stdout/stderr - Raise InstallationError on failure - Add comprehensive unit tests for all scenarios Related to RedHatProductSecurity#37 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Add CLI flags to specify hook scripts during installation. Implement precedence logic where CLI flags override module metadata. - Add --pre-install and --post-install options to install command - Update install_to_assistant() signature to accept hook parameters - Implement precedence: CLI flags > module lola.yaml - Add tests for CLI flag acceptance - Pass effective hooks to install orchestrator Related to RedHatProductSecurity#37 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Add pre-install hook execution after module copy, before skill installation. Implement cleanup on pre-install failure to maintain clean state. - Execute pre-install hook if provided (after copy_module_to_local) - Clean up copied module on pre-install failure (shutil.rmtree) - Re-raise InstallationError to abort installation - Hook runs before any skills/commands/agents are installed Related to RedHatProductSecurity#37 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Add post-install hook execution after registry update. Show warning on failure but keep installation (no rollback). - Execute post-install hook if provided (after registry.add) - Catch InstallationError and display warning - Do not rollback installation on post-install failure - Installation is already complete and functional Related to RedHatProductSecurity#37 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Support hooks defined in marketplace YAML module entries. Implement full precedence: CLI flags > module lola.yaml > marketplace. - Modify _fetch_from_marketplace() to return module metadata - Extract marketplace hooks from module dict - Apply three-level precedence in install_cmd - Add test for hook precedence - Marketplace hooks are lowest priority fallback Related to RedHatProductSecurity#37 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Add comprehensive documentation for pre/post-install hooks feature. Include usage examples, configuration options, and security warnings. - Document CLI flags and module metadata configuration - Add marketplace hooks example - Explain hook environment variables and precedence - Provide example scripts (sed, python version checks) - Include security warnings about script execution Related to RedHatProductSecurity#37 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Collaborator
Author
|
cc: @jeremychoi , @SecKatie |
Connect stdin/stdout/stderr to terminal so scripts can prompt for user input and display output in real-time. Remove capture_output=True which was blocking interactive prompts. Fixes issue where scripts using read -rp or other interactive commands didn't show prompts to the user. Related to RedHatProductSecurity#37 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
rjeffman
reviewed
Feb 10, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Three ways to specify hooks:
--pre-installand--post-installlola.yamlfile in the modulePrecedence: CLI flags > module lola.yaml > marketplace
Example usage:
Scripts receive environment variables like
LOLA_MODULE_NAME,LOLA_PROJECT_PATH,LOLA_HOOKfor context.Related Issues
Fixes #37
Checklist
pytest)ruff check src tests)uv run ruff format --check src tests)AI Disclosure
AI-assisted with Claude Code