Skip to content

Commit c5a94f0

Browse files
Merge pull request #147 from mq-rest-admin-project/feature/146-hook-guard
chore(hooks): add Claude Code hook guard, scrub legacy hooksPath refs
2 parents 25147de + feebc22 commit c5a94f0

5 files changed

Lines changed: 56 additions & 17 deletions

File tree

.claude/hooks/guard.sh

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
#!/usr/bin/env bash
2+
# Claude Code PreToolUse hook shim.
3+
# Delegates to vrg-hook-guard if available; falls back to a
4+
# jq-based git/gh check that hard-denies when vergil-tooling
5+
# is not installed.
6+
set -euo pipefail
7+
8+
if command -v vrg-hook-guard &>/dev/null; then
9+
exec vrg-hook-guard
10+
fi
11+
12+
input=$(cat)
13+
command=$(printf '%s' "$input" | jq -r '.tool_input.command // empty')
14+
bin=$(printf '%s' "$command" | awk '{print $1}')
15+
base=$(basename "$bin" 2>/dev/null || printf '%s' "$bin")
16+
17+
case "$base" in
18+
git|gh)
19+
jq -n '{
20+
hookSpecificOutput: {
21+
hookEventName: "PreToolUse",
22+
permissionDecision: "deny",
23+
permissionDecisionReason: "vergil-tooling is not available. This repository requires a correctly configured environment — all git/gh operations are blocked until resolved."
24+
}
25+
}'
26+
exit 0
27+
;;
28+
esac
29+
30+
exit 0

.claude/settings.json

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,22 @@
11
{
2+
"permissions": {
3+
"allow": [
4+
"Bash(vrg-*)"
5+
]
6+
},
7+
"hooks": {
8+
"PreToolUse": [
9+
{
10+
"matcher": "Bash",
11+
"hooks": [
12+
{
13+
"type": "command",
14+
"command": "${CLAUDE_PROJECT_DIR}/.claude/hooks/guard.sh"
15+
}
16+
]
17+
}
18+
]
19+
},
220
"extraKnownMarketplaces": {
321
"vergil-marketplace": {
422
"source": {

CLAUDE.md

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -103,11 +103,9 @@ translation between Ruby idioms and native MQSC parameter names.
103103

104104
### Standard Tooling
105105

106-
```bash
107-
cd ../vergil-tooling && uv sync # Install vergil-tooling
108-
export PATH="../vergil-tooling/.venv/bin:../vergil-tooling/scripts/bin:$PATH" # Put tools on PATH
109-
git config core.hooksPath ../vergil-tooling/scripts/lib/git-hooks # Enable git hooks
110-
```
106+
The Claude Code PreToolUse hook guard (`.claude/hooks/guard.sh`)
107+
blocks raw `git` and `gh` commands — use `vrg-git` / `vrg-gh`
108+
wrappers.
111109

112110
### Environment Setup
113111

docs/repository-standards.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@
1414
- Before modifying any files, check the current branch with `git status -sb`.
1515
- If on `develop`, create a short-lived `feature/*` branch or ask for explicit approval to proceed on `develop`.
1616
- If approval is granted to work on `develop`, call it out in the response and proceed only for that user-approved scope.
17-
- Enable repository git hooks before committing: `git config core.hooksPath .githooks`.
17+
- The Claude Code hook guard (`.claude/hooks/guard.sh`) blocks raw `git`/`gh` — use `vrg-git`/`vrg-gh`.
1818

1919
## Local validation
2020

docs/site/docs/development/developer-setup.md

Lines changed: 4 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -65,18 +65,11 @@ bundle exec rubocop -A # Auto-fix
6565
gem build mq-rest-admin.gemspec
6666
```
6767

68-
## Git hooks
68+
## Claude Code hook guard
6969

70-
Enable repository git hooks before committing:
71-
72-
```bash
73-
git config core.hooksPath scripts/git-hooks
74-
```
75-
76-
The hooks enforce:
77-
78-
- **pre-commit**: Branch naming conventions and protected branch rules
79-
- **commit-msg**: Conventional Commits format and co-author trailer validation
70+
The `.claude/hooks/guard.sh` PreToolUse hook blocks raw `git` and
71+
`gh` commands in AI agent sessions — all operations must go through
72+
the `vrg-git` / `vrg-gh` wrappers.
8073

8174
## Documentation
8275

0 commit comments

Comments
 (0)