ui-tokenize
PreToolUse hook that rewrites hardcoded UI values to design-token references before they hit disk.
๐ก๏ธ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for ui-tokenize, derived from its capabilities.
AIVSS 7.8 ยท High
View MAESTRO 7-layer threat model โOverview
A Claude Code plugin that blocks hardcoded UI literals from LLM-written code: a rewrite-first PreToolUse hook silently corrects literals to design-token references on the way to disk, denies uncertain matches with suggestions in strict mode, and can surface advisories in PostToolUse. It intercepts and mutates file writes, so it sits directly on the write trust boundary.
Key features
- Rewrite-first PreToolUse hook
- Strict/advisory enforcement modes
- token-reviewer agent for semantic checks
Use cases
- Enforce design tokens in generated UI
- Block hardcoded colors/spacing on write