feat: add block-no-verify hook for Claude Code and Cursor (#649)

Adds npx block-no-verify@1.1.2 as a PreToolUse Bash hook in hooks/hooks.json and a beforeShellExecution hook in .cursor/hooks.json to prevent AI agents from bypassing git hooks via the hook-bypass flag. This closes the last enforcement gap in the ECC security stack — the bypass flag silently skips pre-commit, commit-msg, and pre-push hooks. Closes #648 Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-30 13:43:26 +08:00 · 2026-03-20 15:50:31 +07:00
parent 8511d84042
commit c8f631b046
2 changed files with 15 additions and 0 deletions
--- a/hooks/hooks.json
+++ b/hooks/hooks.json
@@ -2,6 +2,16 @@
  "$schema": "https://json.schemastore.org/claude-code-settings.json",
  "hooks": {
    "PreToolUse": [
+      {
+        "matcher": "Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "npx block-no-verify@1.1.2"
+          }
+        ],
+        "description": "Block git hook-bypass flag to protect pre-commit, commit-msg, and pre-push hooks from being skipped"
+      },
      {
        "matcher": "Bash",
        "hooks": [