From c8f631b0466ee963abc001b14421471ea6221176 Mon Sep 17 00:00:00 2001 From: Ofek Gabay <61761153+tupe12334@users.noreply.github.com> Date: Fri, 20 Mar 2026 15:50:31 +0700 Subject: [PATCH] feat: add block-no-verify hook for Claude Code and Cursor (#649) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adds npx block-no-verify@1.1.2 as a PreToolUse Bash hook in hooks/hooks.json and a beforeShellExecution hook in .cursor/hooks.json to prevent AI agents from bypassing git hooks via the hook-bypass flag. This closes the last enforcement gap in the ECC security stack — the bypass flag silently skips pre-commit, commit-msg, and pre-push hooks. Closes #648 Co-authored-by: Claude Sonnet 4.6 --- .cursor/hooks.json | 5 +++++ hooks/hooks.json | 10 ++++++++++ 2 files changed, 15 insertions(+) diff --git a/.cursor/hooks.json b/.cursor/hooks.json index f46121b8..56969a1f 100644 --- a/.cursor/hooks.json +++ b/.cursor/hooks.json @@ -15,6 +15,11 @@ } ], "beforeShellExecution": [ + { + "command": "npx block-no-verify@1.1.2", + "event": "beforeShellExecution", + "description": "Block git hook-bypass flag to protect pre-commit, commit-msg, and pre-push hooks from being skipped" + }, { "command": "node .cursor/hooks/before-shell-execution.js", "event": "beforeShellExecution", diff --git a/hooks/hooks.json b/hooks/hooks.json index a3d23262..d3432a2f 100644 --- a/hooks/hooks.json +++ b/hooks/hooks.json @@ -2,6 +2,16 @@ "$schema": "https://json.schemastore.org/claude-code-settings.json", "hooks": { "PreToolUse": [ + { + "matcher": "Bash", + "hooks": [ + { + "type": "command", + "command": "npx block-no-verify@1.1.2" + } + ], + "description": "Block git hook-bypass flag to protect pre-commit, commit-msg, and pre-push hooks from being skipped" + }, { "matcher": "Bash", "hooks": [