feat: add block-no-verify hook for Claude Code and Cursor

[tupe12334]

What Changed

Added block-no-verify@1.1.2 as a hook entry in two files:

• hooks/hooks.json — new first PreToolUse Bash hook running npx block-no-verify@1.1.2
• .cursor/hooks.json — new first beforeShellExecution hook running npx block-no-verify@1.1.2

Why This Change

ECC already has an excellent security stack: dev-server blocking, git push reminders, secret scanning, quality gates. But there's one remaining bypass vector: the git hook-skip flag silently disables pre-commit, commit-msg, and pre-push hooks entirely.

Claude Code, Codex, and Cursor agents will reach for this flag when a hook blocks them. Adding block-no-verify@1.1.2 closes this gap without any custom logic — the package reads stdin, detects the flag pattern (all variants), and exits 2 to block the command.

This is the enforcement layer to complement the existing pre:bash:git-push-reminder.

Testing Done

• Manual testing completed
• JSON files validate cleanly
• No secrets or API keys committed

Type of Change

• feat: New feature

Security & Quality Checklist

• No secrets or API keys committed
• JSON files validate cleanly
• Follows conventional commits format

Documentation

No README changes needed — the hook is self-describing via its description field.

---

Closes #648

Disclosure: I am the author and maintainer of block-no-verify.

---

Summary by cubic

Add block-no-verify@1.1.2 hooks for Claude Code and Cursor to block the git --no-verify flag and protect pre-commit, commit-msg, and pre-push hooks. Closes #648 by enforcing our security checks during local shell commands.

• New Features
  • Added PreToolUse Bash hook in hooks/hooks.json running npx block-no-verify@1.1.2.
  • Added beforeShellExecution hook in .cursor/hooks.json running npx block-no-verify@1.1.2.

^{Written for commit 2478df1. Summary will update on new commits.}

Summary by CodeRabbit

• Chores
  • Added development environment security enhancements to enforce additional validation checks during Git operations.

[coderabbitai]

📝 Walkthrough

Walkthrough

The PR adds block-no-verify@1.1.2 hooks to two configuration files (Cursor and Claude Code) to prevent AI agents from bypassing git hooks using the --no-verify flag, protecting pre-commit, commit-msg, and pre-push hooks from being skipped.

Changes

Cohort / File(s)	Summary
Cursor Hook Configuration .cursor/hooks.json	Added beforeShellExecution hook entry that runs npx block-no-verify@1.1.2 to block git hook-bypass flags before shell execution.
Claude Code Hook Configuration hooks/hooks.json	Added PreToolUse hook entry for Bash matching that runs npx block-no-verify@1.1.2 to block git hook-bypass flags before Bash tool use.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 Two hooks now guard the gate so tight,
No --no-verify escapes my sight,
Block-no-verify stands proud and tall,
Protecting commits for one and all,
No sneaky AI shall bypass the call! 🛡️

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding block-no-verify hooks for Claude Code and Cursor environments.
Linked Issues check	✅ Passed	The PR implements both required code changes from issue #648: adding block-no-verify@1.1.2 to hooks/hooks.json PreToolUse Bash and to .cursor/hooks.json beforeShellExecution.
Out of Scope Changes check	✅ Passed	All changes are directly aligned with issue #648 requirements; no unrelated modifications or scope creep detected.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

CodeRabbit can approve the review once all CodeRabbit's comments are resolved.

Enable the reviews.request_changes_workflow setting to automatically approve the review once all CodeRabbit's comments are resolved.

[greptile-apps]

Greptile Summary

This PR adds npx block-no-verify@1.1.2 as a pre-command hook in both hooks/hooks.json (Claude Code) and .cursor/hooks.json (Cursor) to prevent AI agents from bypassing git hooks via --no-verify. The goal is legitimate and complements the existing security stack, but the implementation has several concerns worth addressing before merging.

Key issues found:

• No timeout set in either hook — if the npm registry is unreachable or the package download stalls, the hook will hang indefinitely and block every shell command in the session. Other hooks in this repo with blocking potential (e.g., insaits-security) explicitly set a "timeout" field.
• Bypasses the established opt-out system — all other hooks in hooks/hooks.json use the run-with-flags.js wrapper with a feature-flag string (e.g., "standard,strict"), allowing users to disable them via ECC profiles. This hook calls npx directly, with no way to opt out.
• Supply-chain trust concern — the PR author self-discloses they are the maintainer of block-no-verify. Merging adds an unconditional dependency on an external npm package (re-fetched from the registry via npx) that runs before every shell command and receives the full command text on stdin. The detection logic itself (checking for --no-verify flag variants) is simple enough to implement locally without an external dependency, which would eliminate the trust and availability risks entirely.

Confidence Score: 2/5

• Not safe to merge as-is — the hook lacks a timeout (risk of hanging all shell commands) and introduces an unconditional external npm dependency authored by the PR submitter that runs on every command.
• The intent is sound, but three concrete issues — missing timeout, no opt-out via the existing flags system, and supply-chain risk from an externally-maintained package authored by the PR submitter running on every shell command — each warrant resolution before this lands in a shared plugin used by many developers.
• Both hooks/hooks.json and .cursor/hooks.json need attention: timeout fields must be added, and the approach of pulling in an external npm package per-command should be reconsidered.

Important Files Changed

Filename	Overview
hooks/hooks.json	Adds a new first-position PreToolUse/Bash hook invoking npx block-no-verify@1.1.2 before every shell command. Missing timeout (risks indefinite hang), no opt-out via the established flags system, and introduces an external npm dependency authored by the PR submitter that reads every command from stdin.
.cursor/hooks.json	Adds npx block-no-verify@1.1.2 as the first beforeShellExecution hook in Cursor. Same concerns as hooks/hooks.json: no timeout, no opt-out mechanism, and the same supply-chain trust question around an externally-maintained npm package running on every shell command.

Sequence Diagram

sequenceDiagram
    participant Agent as Claude Code / Cursor Agent
    participant Hook as PreToolUse Hook (hooks.json)
    participant npx as npx block-no-verify@1.1.2
    participant npm as npm Registry
    participant Shell as Shell / Git

    Agent->>Hook: Bash command (stdin: full command text)
    Hook->>npx: spawn process, pipe stdin
    npx->>npm: fetch package (on cache miss)
    npm-->>npx: package download
    npx->>npx: parse stdin for --no-verify / -n flags
    alt Flag detected
        npx-->>Hook: exit code 2 (blocked)
        Hook-->>Agent: command blocked
    else No flag
        npx-->>Hook: exit code 0 (allowed)
        Hook->>Shell: execute command
        Shell-->>Agent: result
    end

Loading

_{Last reviewed commit: "feat: add block-no-v..."}

[greptile-apps]

Missing timeout may block all Bash commands indefinitely

npx block-no-verify@1.1.2 runs before every Bash command via the PreToolUse hook. If the npm registry is unreachable, DNS resolution stalls, or the package download hangs, the hook will block indefinitely and freeze every single shell operation in the session — there is no safety valve.

Compare with the insaits-security hook directly below, which sets "timeout": 15. Given this hook is even higher-priority (first in the list) and similarly unconditional, it should carry a timeout as well.

Suggested change

	"hooks": [
	{
	"type": "command",
	"command": "npx block-no-verify@1.1.2"
	}
	],
	{
	"type": "command",
	"command": "npx block-no-verify@1.1.2",
	"timeout": 10
	}

[greptile-apps]

No timeout — can hang all shell executions

Same issue as hooks/hooks.json: npx block-no-verify@1.1.2 is the first beforeShellExecution hook and has no timeout. If npm is unavailable (offline CI, restricted network, cold npm cache), this hook will stall indefinitely and block every shell command Cursor tries to run for the entire session.

[greptile-apps]

No opt-out mechanism — bypasses the established flags pattern

Every other hook in this file uses the run-with-flags.js / run-with-flags-shell.sh wrapper with a feature-flag string (e.g., "standard,strict", "minimal,standard,strict"). This wrapper pattern lets users disable individual hooks by setting ECC feature flags. The new entry calls npx block-no-verify@1.1.2 directly, completely bypassing that system.

This means the hook is unconditionally applied to all users of the plugin regardless of their chosen ECC profile, with no documented way to opt out. Consider wrapping it the same way other hooks are wrapped, so it respects the existing flag/profile system.

[greptile-apps]

Supply-chain risk: external package runs on every command, authored by the PR submitter

The PR description explicitly states: "Disclosure: I am the author and maintainer of block-no-verify." Merging this hook means every user of everything-claude-code will execute a package maintained by the PR author before every Bash command, with stdin containing the full command text.

Concrete risks to consider:

• Elevated trust surface: A compromised npm account (tupe12334) or a malicious republish of 1.1.2 could run arbitrary code with access to the command being executed by Claude Code.
• npx re-fetches on cache miss: Even with a pinned version, npx hits the registry on first run per machine, so users on fresh environments silently download and execute this package.
• Reads stdin on every command: The package design (per its docs) reads stdin containing the full shell command. A malicious version could exfiltrate every command issued by the AI agent.

The package's purpose is legitimate, but pulling an external npm package authored by the PR submitter into a pre-command security hook is a significant trust ask. Consider either vendoring the detection logic locally (the --no-verify flag pattern is trivial to match), or at minimum documenting this dependency and its trust assumptions clearly in the README.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@hooks/hooks.json`:
- Line 10: The pre-commit hook command "npx block-no-verify@1.1.2" is
interactive on cold caches; update the hooks.json entry to append the
non-interactive flag by changing the command value for the hook that currently
contains "npx block-no-verify@1.1.2" to include "--yes" (i.e., "npx
block-no-verify@1.1.2 --yes") so CI and non-interactive environments won't be
blocked by prompts.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 49ab9219-3b13-4554-b734-95f952d3caac

📥 Commits

Reviewing files that changed from the base of the PR and between 4bdbf57 and 2478df1.

📒 Files selected for processing (2)

• .cursor/hooks.json
• hooks/hooks.json

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/usr/bin/env bash
set -euo pipefail

payload='{"command":"git commit --no-verify"}'

echo "== without --yes (cold cache) =="
cache1="$(mktemp -d)"
set +e
printf '%s' "$payload" | npm_config_cache="$cache1" npx block-no-verify@1.1.2 >/tmp/bnv-out-1 2>/tmp/bnv-err-1
code1=$?
set -e
echo "exit_code=$code1"
sed -n '1,20p' /tmp/bnv-err-1

echo "== with --yes (cold cache) =="
cache2="$(mktemp -d)"
set +e
printf '%s' "$payload" | npm_config_cache="$cache2" npx --yes block-no-verify@1.1.2 >/tmp/bnv-out-2 2>/tmp/bnv-err-2
code2=$?
set -e
echo "exit_code=$code2"
sed -n '1,20p' /tmp/bnv-err-2

Repository: affaan-m/everything-claude-code

Length of output: 436

---

🏁 Script executed:

grep -n "npx" hooks/hooks.json

Repository: affaan-m/everything-claude-code

Length of output: 128

---

🏁 Script executed:

fd -t f '\.(json|sh|yaml|yml)$' -x grep -l "npx" {} \;

Repository: affaan-m/everything-claude-code

Length of output: 139

---

🏁 Script executed:

cat -n hooks/hooks.json

Repository: affaan-m/everything-claude-code

Length of output: 11901

---

Add --yes flag to make the npx command non-interactive.

Line 10 uses npx without --yes, which produces installation warnings on cold package caches and can interfere with non-interactive hook execution in CI environments.

Suggested fix

-            "command": "npx block-no-verify@1.1.2"
+            "command": "npx --yes block-no-verify@1.1.2"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"command": "npx block-no-verify@1.1.2"
	"command": "npx --yes block-no-verify@1.1.2"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@hooks/hooks.json` at line 10, The pre-commit hook command "npx
block-no-verify@1.1.2" is interactive on cold caches; update the hooks.json
entry to append the non-interactive flag by changing the command value for the
hook that currently contains "npx block-no-verify@1.1.2" to include "--yes"
(i.e., "npx block-no-verify@1.1.2 --yes") so CI and non-interactive environments
won't be blocked by prompts.

[cubic-dev-ai]

2 issues found across 2 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="hooks/hooks.json">

<violation number="1" location="hooks/hooks.json:10">
P2: Security enforcement hook depends on runtime `npx` execution of a third-party package, introducing avoidable supply-chain and availability risk versus repo-local enforcement scripts.</violation>
</file>

<file name=".cursor/hooks.json">

<violation number="1" location=".cursor/hooks.json:19">
P1: Using `npx` to execute an external package in `beforeShellExecution` introduces avoidable supply-chain and availability risk on a critical hook path.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[cubic-dev-ai]

P1: Using npx to execute an external package in beforeShellExecution introduces avoidable supply-chain and availability risk on a critical hook path.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At .cursor/hooks.json, line 19:

<comment>Using `npx` to execute an external package in `beforeShellExecution` introduces avoidable supply-chain and availability risk on a critical hook path.</comment>

<file context>
@@ -15,6 +15,11 @@
     ],
     "beforeShellExecution": [
+      {
+        "command": "npx block-no-verify@1.1.2",
+        "event": "beforeShellExecution",
+        "description": "Block git hook-bypass flag to protect pre-commit, commit-msg, and pre-push hooks from being skipped"
</file context>

[cubic-dev-ai]

P2: Security enforcement hook depends on runtime npx execution of a third-party package, introducing avoidable supply-chain and availability risk versus repo-local enforcement scripts.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At hooks/hooks.json, line 10:

<comment>Security enforcement hook depends on runtime `npx` execution of a third-party package, introducing avoidable supply-chain and availability risk versus repo-local enforcement scripts.</comment>

<file context>
@@ -2,6 +2,16 @@
+        "hooks": [
+          {
+            "type": "command",
+            "command": "npx block-no-verify@1.1.2"
+          }
+        ],
</file context>