chore(hooks): add precommit and push hooks (#186)#190
Open
natashaannn wants to merge 1 commit into
Open
Conversation
Eight checks run on branch-changed files vs main: package safety (pnpm audit + manual review gate on new dependencies), secret scanning (gitleaks v8.27.2), unsafe TypeScript casts (`as any`, `as unknown as X` in source files), lint and type suppression comments (`eslint-disable`, `oxlint-disable`, `@ts-ignore`, `@ts-nocheck`, `@ts-expect-error` outside test files), `tsc --noEmit`, `go test ./...`, `golangci-lint run`, and `pnpm test` (gated on `vitest.config.ts`). Each check has a `SKIP_*` env var override that prints a warning and requires justification in the PR description. `git push --no-verify` bypasses all checks. Also: gitleaks added to Makefile `tools` target; `lint-staged` extended with `*.go: make lint`; Git Hooks section added to CONTRIBUTING.md with full check table and override reference; `SKIP_*` vars documented as comments in `.env.example`; test harness at `scripts/test-pre-push.sh` (32 assertions, all passing). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🚀 Summary
Adds Husky git hooks to catch AI coding mispractices and enforce quality gates before code enters the shared branch.
mainThe pre-push hook specifically guards against patterns AI agents commonly produce: unsafe double casts (
as unknown as),as any, lint/type suppression comments, and supply-chain risks from unreviewed packages.✏️ Changes
.husky/pre-push: new hook with 8 checks — package safety (pnpm audit + new-dependency gate), gitleaks secret scanning, unsafe TS casts, lint/type suppression comments,tsc --noEmit,go test ./...,golangci-lint run, and frontend testsMakefile: addedgitleaksinstall target andmake secrets BASE=...target; added Windows EXE suffix handling; updatedmake toolsto install both golangci-lint and gitleaks.lintstagedrc.js: added*.goentry that runsmake lint(golangci-lint project-wide)CONTRIBUTING.md: added## Git Hookssection documenting both hooks, all 8 pre-push checks with triggers, and per-checkSKIP_*override env vars.env.example: added commented-outSKIP_*override vars with descriptionsscripts/test-pre-push.sh: 32-assertion integration test covering all 8 checks, scoping logic, and all override env vars🧪 Test Plan
bash scripts/test-pre-push.sh— 32/32 assertions pass, 0 failed, 0 skippedpackage.jsonentry → blocked by check 1, lists packages and review checklistSKIP_PKG_CHECK=1 git push→ passes with warning and checklist reminderAKIA1234567890ABCDEFin diff → blocked by gitleaks (check 2)as unknown as Fooin source TS → blocked by check 3// oxlint-disablein TS → blocked by check 4@ts-expect-errorin*.test.tsonly → passes check 4git push --no-verify→ bypasses all checks (standard git behaviour)Issues Closes #186