Skip to content

[FEATURE] Framework-level enforced hook priority that cannot be overridden #1594

New issue
New issue
Open
Open
[FEATURE] Framework-level enforced hook priority that cannot be overridden#1594
Labels
enhancementNew feature or request
@nagabharann

Description

@nagabharann
nagabharann
opened on Jan 29, 2026

Problem Statement

There is no mechanism to enforce hook execution order at the framework level. Even with a priority API, users could potentially override or circumvent security-critical hook ordering. Security hooks need guaranteed execution order that cannot be bypassed.

Proposed Solution

Provide a mechanism for "system" or "framework" level hooks with enforced priority:

  1. Reserved priority levels that user hooks cannot access
  2. A separate registration path for framework-enforced hooks
  3. Configuration to lock certain priority ranges

Use Case

For enterprise and compliance use cases:

  1. Security scanning hooks must always run first—users should not be able to register hooks that run before them
  2. Audit logging hooks must always run last—users should not be able to suppress or run after them
  3. Compliance checks must have deterministic, tamper-proof execution order

Alternatives Solutions

Without framework enforcement, we must rely on documentation and trust, which is insufficient for security-critical scenarios.

Additional Context

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions