feat(hooks): block bundled test+commit, require full suite before commit

I tightened the before-committing rule in verification.md and commits.md from "run tests" to "run the full suite as its own step and commit only on zero failures." A PreToolUse hook now backs it: it denies a test runner chained into git commit through an ungated connector, and lets the gated && form pass. I added a respond_deny helper. Tests cover the connector cases.

1 files changed, 18 insertions, 0 deletions

diff --git a/hooks/_common.py b/hooks/_common.py
index e82f7ed..c1e0578 100644
--- a/hooks/_common.py
+++ b/hooks/_common.py
@@ -65,6 +65,24 @@ def respond_ask(reason: str, system_message: Optional[str] = None) -> None:
     print(json.dumps(output))
 
 
+def respond_deny(reason: str, system_message: Optional[str] = None) -> None:
+    """Emit a PreToolUse response that blocks the tool call outright.
+
+    Unlike `respond_ask`, the user gets no approve option — the call is denied
+    and `reason` tells the agent why, so it can restructure and retry.
+    """
+    output: dict = {
+        "hookSpecificOutput": {
+            "hookEventName": "PreToolUse",
+            "permissionDecision": "deny",
+            "permissionDecisionReason": reason,
+        }
+    }
+    if system_message:
+        output["systemMessage"] = system_message
+    print(json.dumps(output))
+
+
 def read_referenced_file(path: str, max_bytes: int = 1_000_000) -> Optional[str]:
     """Read a local file referenced by -F/--file/--body-file so its text can be
     attribution-scanned. Return the text, or None if it can't be safely read