feat: enforce feature branch workflow with PreToolUse hook

Add a guard script that blocks git commit/push on protected branches (develop, main, master) via a PreToolUse hook. Update CLAUDE.md with stricter branching rules: one commit per task, immediate commits on feature branches, no direct commits to protected branches. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-21 10:45:58 +01:00
parent 93a90f4ba7
commit 0d6174067e
3 changed files with 40 additions and 9 deletions
--- a/.claude/guard-branch.sh
+++ b/.claude/guard-branch.sh
@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# PreToolUse hook for Bash tool: blocks git commit/push on protected branches.
+# TOOL_INPUT is JSON with a "command" field containing the bash command.
+
+PROTECTED_BRANCHES=("develop" "main" "master")
+
+COMMAND="${TOOL_INPUT:-}"
+
+# Only check commands that look like git commit or git push
+if ! echo "$COMMAND" | grep -qE '\bgit\b.*(commit|push)'; then
+  exit 0
+fi
+
+BRANCH="$(git rev-parse --abbrev-ref HEAD 2>/dev/null || echo "")"
+
+for protected in "${PROTECTED_BRANCHES[@]}"; do
+  if [[ "$BRANCH" == "$protected" ]]; then
+    echo "BLOCKED: Cannot commit or push on protected branch '$BRANCH'."
+    echo "Create a feature branch first: git checkout -b feature/<name>"
+    exit 2
+  fi
+done
+
+exit 0