From 36af850dcb4a2edcf9b219c8d00c9e9ba5a06287 Mon Sep 17 00:00:00 2001 From: Craig Jennings Date: Tue, 21 Apr 2026 09:26:18 -0500 Subject: hooks: git-commit-confirm becomes silent-unless-suspicious MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The hook used to emit a confirmation modal on every git commit. That produced too many benign interruptions — the modal fired even on clean, well-formed, attribution-free commits. Now it only emits a modal when one of these safety checks fires: - AI-attribution patterns in the commit message (Co-Authored-By: Claude, robot emoji, Generated-with-AI footers, etc.) — the primary leak - Message not parseable from command line (editor would open, which silently blocks Claude) - No files staged (the commit would fail anyway) - Git author unusable (user.name / user.email not configured) Clean commits pass through silent. The AI-attribution scan is unchanged; the always-on review is gone. README updated to describe the new behavior. --- hooks/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'hooks/README.md') diff --git a/hooks/README.md b/hooks/README.md index 5555514..09abe09 100644 --- a/hooks/README.md +++ b/hooks/README.md @@ -7,7 +7,7 @@ Machine-wide Claude Code hooks that install into `~/.claude/hooks/` and apply to | Hook | Trigger | Purpose | |---|---|---| | `precompact-priorities.sh` | `PreCompact` | Injects a priority-preservation block into Claude's compaction prompt so the generated summary retains information most expensive to reconstruct (unanswered questions, root causes with `file:line`, subagent findings, exact numbers/IDs, A-vs-B decisions, open TODOs, classified-data handling). | -| `git-commit-confirm.py` | `PreToolUse(Bash)` | Gates `git commit` behind a confirmation modal showing the parsed message, staged files, diff stats, and git author. Parses both HEREDOC and `-m`/`--message` forms. | +| `git-commit-confirm.py` | `PreToolUse(Bash)` | Silent-unless-suspicious gate on `git commit`. Only prompts when the message contains AI-attribution patterns, the message can't be parsed (editor would open), no files are staged, or the git author is unusable. Clean commits pass through without a modal. Parses both HEREDOC and `-m`/`--message` forms. | | `gh-pr-create-confirm.py` | `PreToolUse(Bash)` | Gates `gh pr create` behind a confirmation modal showing title, base←head, reviewers, labels, assignees, milestone, draft flag, and body (HEREDOC or quoted). | | `destructive-bash-confirm.py` | `PreToolUse(Bash)` | Gates destructive commands (`git push --force`, `git reset --hard`, `git clean -f`, `git branch -D`, `rm -rf`) with a modal showing the command, local context (branch, uncommitted file counts, targeted paths), and a warning banner. Elevates severity when force-pushing protected branches or targeting root/home/wildcard paths. | -- cgit v1.2.3