@codyswann/lisa 2.163.4 → 2.163.5

package/dist/codex/scripts/block-no-verify.sh

@@ -2,10 +2,10 @@
 # Lisa-managed Codex hook script (PreToolUse Bash).
 # Blocks git commands that bypass verification hooks: the --no-verify long flag,
 # HUSKY=0 / HUSKY_SKIP_HOOKS= (disables husky hooks), and core.hooksPath pointed
-# at /dev/null or set empty (disables all git hooks). The short `-n` form is
-# intentionally NOT matched (parity with block-no-verify.sh / .agy.sh): grep
-# cannot distinguish it from -n in commit-message prose or an unrelated piped
-# command, and -n is far more common than --no-verify.
+# at /dev/null or set empty (disables all git hooks). Shell-token matching
+# avoids false positives from issue bodies, heredocs, and commit-message prose
+# while still catching quoted real argv values such as
+# `git -c "core.hooksPath=/dev/null"`.
 set -euo pipefail
 
 input="$(cat 2>/dev/null || true)"
@@ -18,11 +18,65 @@ tool_name="$(printf '%s' "$input" | jq -r '.tool_name // empty' 2>/dev/null || t
 command_str="$(printf '%s' "$input" | jq -r '.tool_input.command // empty' 2>/dev/null || true)"
 [ -n "$command_str" ] || exit 0
 
-if printf '%s' "$command_str" | grep -Eq '(^|[^[:alnum:]_-])--no-verify($|[^[:alnum:]_-])' \
-  || printf '%s' "$command_str" | grep -Eq '(^|[^[:alnum:]_-])HUSKY=0($|[^[:alnum:]])' \
-  || printf '%s' "$command_str" | grep -Eq '(^|[^[:alnum:]_-])HUSKY_SKIP_HOOKS=' \
-  || printf '%s' "$command_str" | grep -Eq 'core\.hooksPath([[:space:]]*=)?[[:space:]]*/dev/null' \
-  || printf '%s' "$command_str" | grep -Eq 'core\.hooksPath[[:space:]]*=[[:space:]]*($|[[:space:];&|"'\''])'; then
+command -v python3 >/dev/null 2>&1 || exit 0
+
+if ! BLOCK_NO_VERIFY_COMMAND="$command_str" python3 - <<'PY'
+import os
+import re
+import shlex
+import sys
+
+command = os.environ.get("BLOCK_NO_VERIFY_COMMAND", "")
+
+
+def strip_heredocs(text: str) -> str:
+    lines = text.splitlines()
+    output = []
+    pending = []
+    marker_pattern = re.compile(
+        r"<<-?\s*(?:'([^']+)'|\"([^\"]+)\"|([A-Za-z_][A-Za-z0-9_]*))"
+    )
+    index = 0
+    while index < len(lines):
+        line = lines[index]
+        output.append(line)
+        pending.extend(
+            next(group for group in match.groups() if group)
+            for match in marker_pattern.finditer(line)
+        )
+        index += 1
+        while pending and index < len(lines):
+            if lines[index].strip() == pending[0]:
+                output.append(lines[index])
+                pending.pop(0)
+                index += 1
+                break
+            index += 1
+    return "\n".join(output)
+
+
+try:
+    tokens = shlex.split(strip_heredocs(command), posix=True)
+except ValueError:
+    sys.exit(0)
+
+normalized_tokens = [token.strip("();|&") for token in tokens]
+
+for i, token in enumerate(normalized_tokens):
+    if token == "--no-verify":
+        sys.exit(1)
+    if token == "HUSKY=0" or token.startswith("HUSKY_SKIP_HOOKS="):
+        sys.exit(1)
+    if token.startswith("core.hooksPath="):
+        value = token.split("=", 1)[1]
+        if value in ("", "/dev/null"):
+            sys.exit(1)
+    if token == "core.hooksPath" and i + 1 < len(normalized_tokens) and normalized_tokens[i + 1] in ("", "/dev/null"):
+        sys.exit(1)
+
+sys.exit(0)
+PY
+then
   jq -n '{
     "hookSpecificOutput": {
       "hookEventName": "PreToolUse",

package/package.json

@@ -85,7 +85,7 @@
     "lodash": ">=4.18.1"
   },
   "name": "@codyswann/lisa",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "Claude Code governance framework that applies guardrails, guidance, and automated enforcement to projects",
   "main": "dist/index.js",
   "exports": {

package/plugins/lisa/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "Universal governance — agents, skills, commands, hooks, and rules for all projects",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "Universal governance: agents, skills, commands, hooks, and rules for all projects.",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa/hooks/block-no-verify.agy.sh

@@ -3,8 +3,9 @@
 # git quality gates (exact parity with the Claude block-no-verify.sh): the
 # `--no-verify` long flag, `HUSKY=0`/`HUSKY_SKIP_HOOKS=` (disables husky hooks),
 # and `core.hooksPath` pointed at /dev/null or set empty (disables all git
-# hooks). The short `-n` form is intentionally NOT matched, to avoid false
-# positives (see the matching block below).
+# hooks). Shell-token matching avoids false positives from issue bodies,
+# heredocs, and commit-message prose while still catching quoted real argv
+# values such as `git -c "core.hooksPath=/dev/null"`.
 #
 # agy protocol (distinct from the Claude block-no-verify.sh exit-code protocol):
 #   - stdin  = JSON: { "toolCall": { "name": "run_command",
@@ -34,17 +35,65 @@ input="$(cat 2>/dev/null || true)"
 command_str="$(printf '%s' "$input" | jq -r '.toolCall.args.CommandLine // empty' 2>/dev/null || true)"
 [ -z "$command_str" ] && allow
 
-# Each pattern is bounded so longer flags (--no-verify-ssl) and legit values
-# (core.hooksPath=.husky, HUSKY=1) don't match, while every syntactic position
-# is caught (incl. subshells). Exact parity with the Claude block-no-verify.sh.
-# The short `-n` form is intentionally NOT matched — `-n` appears in commit
-# message prose (`git commit -m "fix -n flag"`) and unrelated piped commands
-# (`sort -n x; git commit`), so guarding it false-positives on valid work.
-if printf '%s' "$command_str" | grep -Eq '(^|[^[:alnum:]_-])--no-verify($|[^[:alnum:]_-])' \
-  || printf '%s' "$command_str" | grep -Eq '(^|[^[:alnum:]_-])HUSKY=0($|[^[:alnum:]])' \
-  || printf '%s' "$command_str" | grep -Eq '(^|[^[:alnum:]_-])HUSKY_SKIP_HOOKS=' \
-  || printf '%s' "$command_str" | grep -Eq 'core\.hooksPath([[:space:]]*=)?[[:space:]]*/dev/null' \
-  || printf '%s' "$command_str" | grep -Eq 'core\.hooksPath[[:space:]]*=[[:space:]]*($|[[:space:];&|"'\''])'; then
+command -v python3 >/dev/null 2>&1 || allow
+
+if ! BLOCK_NO_VERIFY_COMMAND="$command_str" python3 - <<'PY'
+import os
+import re
+import shlex
+import sys
+
+command = os.environ.get("BLOCK_NO_VERIFY_COMMAND", "")
+
+
+def strip_heredocs(text: str) -> str:
+    lines = text.splitlines()
+    output = []
+    pending = []
+    marker_pattern = re.compile(
+        r"<<-?\s*(?:'([^']+)'|\"([^\"]+)\"|([A-Za-z_][A-Za-z0-9_]*))"
+    )
+    index = 0
+    while index < len(lines):
+        line = lines[index]
+        output.append(line)
+        pending.extend(
+            next(group for group in match.groups() if group)
+            for match in marker_pattern.finditer(line)
+        )
+        index += 1
+        while pending and index < len(lines):
+            if lines[index].strip() == pending[0]:
+                output.append(lines[index])
+                pending.pop(0)
+                index += 1
+                break
+            index += 1
+    return "\n".join(output)
+
+
+try:
+    tokens = shlex.split(strip_heredocs(command), posix=True)
+except ValueError:
+    sys.exit(0)
+
+normalized_tokens = [token.strip("();|&") for token in tokens]
+
+for i, token in enumerate(normalized_tokens):
+    if token == "--no-verify":
+        sys.exit(1)
+    if token == "HUSKY=0" or token.startswith("HUSKY_SKIP_HOOKS="):
+        sys.exit(1)
+    if token.startswith("core.hooksPath="):
+        value = token.split("=", 1)[1]
+        if value in ("", "/dev/null"):
+            sys.exit(1)
+    if token == "core.hooksPath" and i + 1 < len(normalized_tokens) and normalized_tokens[i + 1] in ("", "/dev/null"):
+        sys.exit(1)
+
+sys.exit(0)
+PY
+then
   deny
 fi
 

package/plugins/lisa/hooks/block-no-verify.sh

@@ -9,8 +9,9 @@
 #   2. HUSKY=0 / HUSKY_SKIP_HOOKS=... — disables husky-managed git hooks;
 #   3. core.hooksPath pointed at /dev/null or set empty — disables ALL git hooks.
 #
-# Word-boundary matching avoids false positives on longer flags (--no-verify-ssl,
-# --no-verify-host) and on a legit custom hooks path (core.hooksPath=.husky).
+# Shell-token matching avoids false positives from issue bodies, heredocs, and
+# commit-message prose while still catching quoted real argv values such as
+# `git -c "core.hooksPath=/dev/null"`.
 #
 # The short `-n` form is intentionally NOT matched (see block-no-verify.agy.sh):
 # grep cannot distinguish a real -n option from -n in commit-message prose or an
@@ -29,14 +30,65 @@ if [ -z "$command_str" ]; then
   exit 0
 fi
 
-# Each pattern is bounded by non-token characters so longer flags
-# (--no-verify-ssl) and legit values (core.hooksPath=.husky, HUSKY=1) don't match,
-# while every syntactic position is caught (incl. subshells, e.g. `(git commit --no-verify)`).
-if printf '%s' "$command_str" | grep -Eq '(^|[^[:alnum:]_-])--no-verify($|[^[:alnum:]_-])' \
-  || printf '%s' "$command_str" | grep -Eq '(^|[^[:alnum:]_-])HUSKY=0($|[^[:alnum:]])' \
-  || printf '%s' "$command_str" | grep -Eq '(^|[^[:alnum:]_-])HUSKY_SKIP_HOOKS=' \
-  || printf '%s' "$command_str" | grep -Eq 'core\.hooksPath([[:space:]]*=)?[[:space:]]*/dev/null' \
-  || printf '%s' "$command_str" | grep -Eq 'core\.hooksPath[[:space:]]*=[[:space:]]*($|[[:space:];&|"'\''])'; then
+command -v python3 >/dev/null 2>&1 || exit 0
+
+if ! BLOCK_NO_VERIFY_COMMAND="$command_str" python3 - <<'PY'
+import os
+import re
+import shlex
+import sys
+
+command = os.environ.get("BLOCK_NO_VERIFY_COMMAND", "")
+
+
+def strip_heredocs(text: str) -> str:
+    lines = text.splitlines()
+    output = []
+    pending = []
+    marker_pattern = re.compile(
+        r"<<-?\s*(?:'([^']+)'|\"([^\"]+)\"|([A-Za-z_][A-Za-z0-9_]*))"
+    )
+    index = 0
+    while index < len(lines):
+        line = lines[index]
+        output.append(line)
+        pending.extend(
+            next(group for group in match.groups() if group)
+            for match in marker_pattern.finditer(line)
+        )
+        index += 1
+        while pending and index < len(lines):
+            if lines[index].strip() == pending[0]:
+                output.append(lines[index])
+                pending.pop(0)
+                index += 1
+                break
+            index += 1
+    return "\n".join(output)
+
+
+try:
+    tokens = shlex.split(strip_heredocs(command), posix=True)
+except ValueError:
+    sys.exit(0)
+
+normalized_tokens = [token.strip("();|&") for token in tokens]
+
+for i, token in enumerate(normalized_tokens):
+    if token == "--no-verify":
+        sys.exit(1)
+    if token == "HUSKY=0" or token.startswith("HUSKY_SKIP_HOOKS="):
+        sys.exit(1)
+    if token.startswith("core.hooksPath="):
+        value = token.split("=", 1)[1]
+        if value in ("", "/dev/null"):
+            sys.exit(1)
+    if token == "core.hooksPath" and i + 1 < len(normalized_tokens) and normalized_tokens[i + 1] in ("", "/dev/null"):
+        sys.exit(1)
+
+sys.exit(0)
+PY
+then
   cat >&2 <<'EOF'
 Blocked: this command bypasses pre-commit/pre-push hooks (--no-verify, HUSKY=0,
 or core.hooksPath disabling). Fix the underlying issue (lint error, failing

package/plugins/lisa-agy/hooks/block-no-verify.agy.sh

@@ -3,8 +3,9 @@
 # git quality gates (exact parity with the Claude block-no-verify.sh): the
 # `--no-verify` long flag, `HUSKY=0`/`HUSKY_SKIP_HOOKS=` (disables husky hooks),
 # and `core.hooksPath` pointed at /dev/null or set empty (disables all git
-# hooks). The short `-n` form is intentionally NOT matched, to avoid false
-# positives (see the matching block below).
+# hooks). Shell-token matching avoids false positives from issue bodies,
+# heredocs, and commit-message prose while still catching quoted real argv
+# values such as `git -c "core.hooksPath=/dev/null"`.
 #
 # agy protocol (distinct from the Claude block-no-verify.sh exit-code protocol):
 #   - stdin  = JSON: { "toolCall": { "name": "run_command",
@@ -34,17 +35,65 @@ input="$(cat 2>/dev/null || true)"
 command_str="$(printf '%s' "$input" | jq -r '.toolCall.args.CommandLine // empty' 2>/dev/null || true)"
 [ -z "$command_str" ] && allow
 
-# Each pattern is bounded so longer flags (--no-verify-ssl) and legit values
-# (core.hooksPath=.husky, HUSKY=1) don't match, while every syntactic position
-# is caught (incl. subshells). Exact parity with the Claude block-no-verify.sh.
-# The short `-n` form is intentionally NOT matched — `-n` appears in commit
-# message prose (`git commit -m "fix -n flag"`) and unrelated piped commands
-# (`sort -n x; git commit`), so guarding it false-positives on valid work.
-if printf '%s' "$command_str" | grep -Eq '(^|[^[:alnum:]_-])--no-verify($|[^[:alnum:]_-])' \
-  || printf '%s' "$command_str" | grep -Eq '(^|[^[:alnum:]_-])HUSKY=0($|[^[:alnum:]])' \
-  || printf '%s' "$command_str" | grep -Eq '(^|[^[:alnum:]_-])HUSKY_SKIP_HOOKS=' \
-  || printf '%s' "$command_str" | grep -Eq 'core\.hooksPath([[:space:]]*=)?[[:space:]]*/dev/null' \
-  || printf '%s' "$command_str" | grep -Eq 'core\.hooksPath[[:space:]]*=[[:space:]]*($|[[:space:];&|"'\''])'; then
+command -v python3 >/dev/null 2>&1 || allow
+
+if ! BLOCK_NO_VERIFY_COMMAND="$command_str" python3 - <<'PY'
+import os
+import re
+import shlex
+import sys
+
+command = os.environ.get("BLOCK_NO_VERIFY_COMMAND", "")
+
+
+def strip_heredocs(text: str) -> str:
+    lines = text.splitlines()
+    output = []
+    pending = []
+    marker_pattern = re.compile(
+        r"<<-?\s*(?:'([^']+)'|\"([^\"]+)\"|([A-Za-z_][A-Za-z0-9_]*))"
+    )
+    index = 0
+    while index < len(lines):
+        line = lines[index]
+        output.append(line)
+        pending.extend(
+            next(group for group in match.groups() if group)
+            for match in marker_pattern.finditer(line)
+        )
+        index += 1
+        while pending and index < len(lines):
+            if lines[index].strip() == pending[0]:
+                output.append(lines[index])
+                pending.pop(0)
+                index += 1
+                break
+            index += 1
+    return "\n".join(output)
+
+
+try:
+    tokens = shlex.split(strip_heredocs(command), posix=True)
+except ValueError:
+    sys.exit(0)
+
+normalized_tokens = [token.strip("();|&") for token in tokens]
+
+for i, token in enumerate(normalized_tokens):
+    if token == "--no-verify":
+        sys.exit(1)
+    if token == "HUSKY=0" or token.startswith("HUSKY_SKIP_HOOKS="):
+        sys.exit(1)
+    if token.startswith("core.hooksPath="):
+        value = token.split("=", 1)[1]
+        if value in ("", "/dev/null"):
+            sys.exit(1)
+    if token == "core.hooksPath" and i + 1 < len(normalized_tokens) and normalized_tokens[i + 1] in ("", "/dev/null"):
+        sys.exit(1)
+
+sys.exit(0)
+PY
+then
   deny
 fi
 

package/plugins/lisa-agy/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "Universal governance — agents, skills, commands, hooks, and rules for all projects",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-cdk/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-cdk",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "AWS CDK-specific plugin",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-cdk/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-cdk",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "AWS CDK-specific Lisa plugin.",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-cdk-agy/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-cdk",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "AWS CDK-specific plugin",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-cdk-copilot/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-cdk",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "AWS CDK-specific plugin",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-cdk-cursor/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-cdk",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "AWS CDK-specific plugin",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-copilot/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "Universal governance — agents, skills, commands, hooks, and rules for all projects",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-copilot/hooks/block-no-verify.sh

@@ -9,8 +9,9 @@
 #   2. HUSKY=0 / HUSKY_SKIP_HOOKS=... — disables husky-managed git hooks;
 #   3. core.hooksPath pointed at /dev/null or set empty — disables ALL git hooks.
 #
-# Word-boundary matching avoids false positives on longer flags (--no-verify-ssl,
-# --no-verify-host) and on a legit custom hooks path (core.hooksPath=.husky).
+# Shell-token matching avoids false positives from issue bodies, heredocs, and
+# commit-message prose while still catching quoted real argv values such as
+# `git -c "core.hooksPath=/dev/null"`.
 #
 # The short `-n` form is intentionally NOT matched (see block-no-verify.agy.sh):
 # grep cannot distinguish a real -n option from -n in commit-message prose or an
@@ -29,14 +30,65 @@ if [ -z "$command_str" ]; then
   exit 0
 fi
 
-# Each pattern is bounded by non-token characters so longer flags
-# (--no-verify-ssl) and legit values (core.hooksPath=.husky, HUSKY=1) don't match,
-# while every syntactic position is caught (incl. subshells, e.g. `(git commit --no-verify)`).
-if printf '%s' "$command_str" | grep -Eq '(^|[^[:alnum:]_-])--no-verify($|[^[:alnum:]_-])' \
-  || printf '%s' "$command_str" | grep -Eq '(^|[^[:alnum:]_-])HUSKY=0($|[^[:alnum:]])' \
-  || printf '%s' "$command_str" | grep -Eq '(^|[^[:alnum:]_-])HUSKY_SKIP_HOOKS=' \
-  || printf '%s' "$command_str" | grep -Eq 'core\.hooksPath([[:space:]]*=)?[[:space:]]*/dev/null' \
-  || printf '%s' "$command_str" | grep -Eq 'core\.hooksPath[[:space:]]*=[[:space:]]*($|[[:space:];&|"'\''])'; then
+command -v python3 >/dev/null 2>&1 || exit 0
+
+if ! BLOCK_NO_VERIFY_COMMAND="$command_str" python3 - <<'PY'
+import os
+import re
+import shlex
+import sys
+
+command = os.environ.get("BLOCK_NO_VERIFY_COMMAND", "")
+
+
+def strip_heredocs(text: str) -> str:
+    lines = text.splitlines()
+    output = []
+    pending = []
+    marker_pattern = re.compile(
+        r"<<-?\s*(?:'([^']+)'|\"([^\"]+)\"|([A-Za-z_][A-Za-z0-9_]*))"
+    )
+    index = 0
+    while index < len(lines):
+        line = lines[index]
+        output.append(line)
+        pending.extend(
+            next(group for group in match.groups() if group)
+            for match in marker_pattern.finditer(line)
+        )
+        index += 1
+        while pending and index < len(lines):
+            if lines[index].strip() == pending[0]:
+                output.append(lines[index])
+                pending.pop(0)
+                index += 1
+                break
+            index += 1
+    return "\n".join(output)
+
+
+try:
+    tokens = shlex.split(strip_heredocs(command), posix=True)
+except ValueError:
+    sys.exit(0)
+
+normalized_tokens = [token.strip("();|&") for token in tokens]
+
+for i, token in enumerate(normalized_tokens):
+    if token == "--no-verify":
+        sys.exit(1)
+    if token == "HUSKY=0" or token.startswith("HUSKY_SKIP_HOOKS="):
+        sys.exit(1)
+    if token.startswith("core.hooksPath="):
+        value = token.split("=", 1)[1]
+        if value in ("", "/dev/null"):
+            sys.exit(1)
+    if token == "core.hooksPath" and i + 1 < len(normalized_tokens) and normalized_tokens[i + 1] in ("", "/dev/null"):
+        sys.exit(1)
+
+sys.exit(0)
+PY
+then
   cat >&2 <<'EOF'
 Blocked: this command bypasses pre-commit/pre-push hooks (--no-verify, HUSKY=0,
 or core.hooksPath disabling). Fix the underlying issue (lint error, failing

package/plugins/lisa-cursor/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "Universal governance — agents, skills, commands, hooks, and rules for all projects",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-cursor/hooks/block-no-verify.sh

@@ -9,8 +9,9 @@
 #   2. HUSKY=0 / HUSKY_SKIP_HOOKS=... — disables husky-managed git hooks;
 #   3. core.hooksPath pointed at /dev/null or set empty — disables ALL git hooks.
 #
-# Word-boundary matching avoids false positives on longer flags (--no-verify-ssl,
-# --no-verify-host) and on a legit custom hooks path (core.hooksPath=.husky).
+# Shell-token matching avoids false positives from issue bodies, heredocs, and
+# commit-message prose while still catching quoted real argv values such as
+# `git -c "core.hooksPath=/dev/null"`.
 #
 # The short `-n` form is intentionally NOT matched (see block-no-verify.agy.sh):
 # grep cannot distinguish a real -n option from -n in commit-message prose or an
@@ -29,14 +30,65 @@ if [ -z "$command_str" ]; then
   exit 0
 fi
 
-# Each pattern is bounded by non-token characters so longer flags
-# (--no-verify-ssl) and legit values (core.hooksPath=.husky, HUSKY=1) don't match,
-# while every syntactic position is caught (incl. subshells, e.g. `(git commit --no-verify)`).
-if printf '%s' "$command_str" | grep -Eq '(^|[^[:alnum:]_-])--no-verify($|[^[:alnum:]_-])' \
-  || printf '%s' "$command_str" | grep -Eq '(^|[^[:alnum:]_-])HUSKY=0($|[^[:alnum:]])' \
-  || printf '%s' "$command_str" | grep -Eq '(^|[^[:alnum:]_-])HUSKY_SKIP_HOOKS=' \
-  || printf '%s' "$command_str" | grep -Eq 'core\.hooksPath([[:space:]]*=)?[[:space:]]*/dev/null' \
-  || printf '%s' "$command_str" | grep -Eq 'core\.hooksPath[[:space:]]*=[[:space:]]*($|[[:space:];&|"'\''])'; then
+command -v python3 >/dev/null 2>&1 || exit 0
+
+if ! BLOCK_NO_VERIFY_COMMAND="$command_str" python3 - <<'PY'
+import os
+import re
+import shlex
+import sys
+
+command = os.environ.get("BLOCK_NO_VERIFY_COMMAND", "")
+
+
+def strip_heredocs(text: str) -> str:
+    lines = text.splitlines()
+    output = []
+    pending = []
+    marker_pattern = re.compile(
+        r"<<-?\s*(?:'([^']+)'|\"([^\"]+)\"|([A-Za-z_][A-Za-z0-9_]*))"
+    )
+    index = 0
+    while index < len(lines):
+        line = lines[index]
+        output.append(line)
+        pending.extend(
+            next(group for group in match.groups() if group)
+            for match in marker_pattern.finditer(line)
+        )
+        index += 1
+        while pending and index < len(lines):
+            if lines[index].strip() == pending[0]:
+                output.append(lines[index])
+                pending.pop(0)
+                index += 1
+                break
+            index += 1
+    return "\n".join(output)
+
+
+try:
+    tokens = shlex.split(strip_heredocs(command), posix=True)
+except ValueError:
+    sys.exit(0)
+
+normalized_tokens = [token.strip("();|&") for token in tokens]
+
+for i, token in enumerate(normalized_tokens):
+    if token == "--no-verify":
+        sys.exit(1)
+    if token == "HUSKY=0" or token.startswith("HUSKY_SKIP_HOOKS="):
+        sys.exit(1)
+    if token.startswith("core.hooksPath="):
+        value = token.split("=", 1)[1]
+        if value in ("", "/dev/null"):
+            sys.exit(1)
+    if token == "core.hooksPath" and i + 1 < len(normalized_tokens) and normalized_tokens[i + 1] in ("", "/dev/null"):
+        sys.exit(1)
+
+sys.exit(0)
+PY
+then
   cat >&2 <<'EOF'
 Blocked: this command bypasses pre-commit/pre-push hooks (--no-verify, HUSKY=0,
 or core.hooksPath disabling). Fix the underlying issue (lint error, failing

package/plugins/lisa-expo/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-expo",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "Expo/React Native-specific skills, agents, rules, and MCP servers",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-expo/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-expo",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "Expo and React Native-specific skills, agents, rules, and MCP servers.",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-expo-agy/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-expo",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "Expo/React Native-specific skills, agents, rules, and MCP servers",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-expo-copilot/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-expo",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "Expo/React Native-specific skills, agents, rules, and MCP servers",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-expo-cursor/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-expo",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "Expo/React Native-specific skills, agents, rules, and MCP servers",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-harper-fabric/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-harper-fabric",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "Harper/Fabric-specific rules for TypeScript component apps",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-harper-fabric/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-harper-fabric",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "Harper/Fabric-specific Lisa rules for TypeScript component apps.",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-harper-fabric-agy/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-harper-fabric",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "Harper/Fabric-specific rules for TypeScript component apps",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-harper-fabric-copilot/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-harper-fabric",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "Harper/Fabric-specific rules for TypeScript component apps",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-harper-fabric-cursor/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-harper-fabric",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "Harper/Fabric-specific rules for TypeScript component apps",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-nestjs/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-nestjs",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "NestJS-specific skills (GraphQL, TypeORM) and hooks (migration write-protection)",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-nestjs/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-nestjs",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "NestJS-specific skills and migration write-protection hooks.",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-nestjs-agy/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-nestjs",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "NestJS-specific skills (GraphQL, TypeORM) and hooks (migration write-protection)",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-nestjs-copilot/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-nestjs",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "NestJS-specific skills (GraphQL, TypeORM) and hooks (migration write-protection)",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-nestjs-cursor/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-nestjs",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "NestJS-specific skills (GraphQL, TypeORM) and hooks (migration write-protection)",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-openclaw/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-openclaw",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "Connect staff roles to Telegram or Slack via OpenClaw — facilitator/specialist hub-and-spoke routing and repo-coding topics, for Claude Code and Codex",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-openclaw/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-openclaw",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "Connect staff roles to Telegram or Slack via OpenClaw — facilitator/specialist hub-and-spoke routing and repo-coding topics, across Claude and Codex.",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-openclaw-agy/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-openclaw",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "Connect staff roles to Telegram or Slack via OpenClaw — facilitator/specialist hub-and-spoke routing and repo-coding topics, for Claude Code and Codex",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-openclaw-copilot/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-openclaw",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "Connect staff roles to Telegram or Slack via OpenClaw — facilitator/specialist hub-and-spoke routing and repo-coding topics, for Claude Code and Codex",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-openclaw-cursor/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-openclaw",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "Connect staff roles to Telegram or Slack via OpenClaw — facilitator/specialist hub-and-spoke routing and repo-coding topics, for Claude Code and Codex",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-phaser/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-phaser",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "Phaser 4 game-development rules for TypeScript projects",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-phaser/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-phaser",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "Phaser 4 game-development rules for TypeScript projects",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-phaser-agy/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-phaser",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "Phaser 4 game-development rules for TypeScript projects",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-phaser-copilot/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-phaser",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "Phaser 4 game-development rules for TypeScript projects",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-phaser-cursor/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-phaser",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "Phaser 4 game-development rules for TypeScript projects",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-rails/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-rails",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "Ruby on Rails-specific hooks — RuboCop linting/formatting and ast-grep scanning on edit",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-rails/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-rails",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "Ruby on Rails-specific skills and hooks for RuboCop and ast-grep scanning on edit.",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-rails-agy/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-rails",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "Ruby on Rails-specific hooks — RuboCop linting/formatting and ast-grep scanning on edit",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-rails-copilot/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-rails",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "Ruby on Rails-specific hooks — RuboCop linting/formatting and ast-grep scanning on edit",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-rails-cursor/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-rails",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "Ruby on Rails-specific hooks — RuboCop linting/formatting and ast-grep scanning on edit",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-typescript/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-typescript",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "TypeScript-specific hooks — Prettier formatting, ESLint linting, ast-grep scanning, and error-suppression blocking on edit",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-typescript/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-typescript",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "TypeScript-specific hooks for formatting, linting, and ast-grep scanning on edit.",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-typescript-agy/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-typescript",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "TypeScript-specific hooks — Prettier formatting, ESLint linting, ast-grep scanning, and error-suppression blocking on edit",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-typescript-copilot/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-typescript",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "TypeScript-specific hooks — Prettier formatting, ESLint linting, ast-grep scanning, and error-suppression blocking on edit",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-typescript-cursor/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-typescript",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "TypeScript-specific hooks — Prettier formatting, ESLint linting, ast-grep scanning, and error-suppression blocking on edit",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-wiki/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-wiki",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "LLM Wiki — a distributable, git-native markdown knowledge base for Claude Code and Codex",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-wiki/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-wiki",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "Distributable LLM Wiki kernel — ingest, query, lint, and maintain a git-native markdown knowledge base across Claude and Codex.",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-wiki-agy/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-wiki",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "LLM Wiki — a distributable, git-native markdown knowledge base for Claude Code and Codex",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-wiki-copilot/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-wiki",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "LLM Wiki — a distributable, git-native markdown knowledge base for Claude Code and Codex",
   "author": {
     "name": "Cody Swann"

package/plugins/lisa-wiki-cursor/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "lisa-wiki",
-  "version": "2.163.4",
+  "version": "2.163.5",
   "description": "LLM Wiki — a distributable, git-native markdown knowledge base for Claude Code and Codex",
   "author": {
     "name": "Cody Swann"

package/plugins/src/base/hooks/block-no-verify.agy.sh

@@ -3,8 +3,9 @@
 # git quality gates (exact parity with the Claude block-no-verify.sh): the
 # `--no-verify` long flag, `HUSKY=0`/`HUSKY_SKIP_HOOKS=` (disables husky hooks),
 # and `core.hooksPath` pointed at /dev/null or set empty (disables all git
-# hooks). The short `-n` form is intentionally NOT matched, to avoid false
-# positives (see the matching block below).
+# hooks). Shell-token matching avoids false positives from issue bodies,
+# heredocs, and commit-message prose while still catching quoted real argv
+# values such as `git -c "core.hooksPath=/dev/null"`.
 #
 # agy protocol (distinct from the Claude block-no-verify.sh exit-code protocol):
 #   - stdin  = JSON: { "toolCall": { "name": "run_command",
@@ -34,17 +35,65 @@ input="$(cat 2>/dev/null || true)"
 command_str="$(printf '%s' "$input" | jq -r '.toolCall.args.CommandLine // empty' 2>/dev/null || true)"
 [ -z "$command_str" ] && allow
 
-# Each pattern is bounded so longer flags (--no-verify-ssl) and legit values
-# (core.hooksPath=.husky, HUSKY=1) don't match, while every syntactic position
-# is caught (incl. subshells). Exact parity with the Claude block-no-verify.sh.
-# The short `-n` form is intentionally NOT matched — `-n` appears in commit
-# message prose (`git commit -m "fix -n flag"`) and unrelated piped commands
-# (`sort -n x; git commit`), so guarding it false-positives on valid work.
-if printf '%s' "$command_str" | grep -Eq '(^|[^[:alnum:]_-])--no-verify($|[^[:alnum:]_-])' \
-  || printf '%s' "$command_str" | grep -Eq '(^|[^[:alnum:]_-])HUSKY=0($|[^[:alnum:]])' \
-  || printf '%s' "$command_str" | grep -Eq '(^|[^[:alnum:]_-])HUSKY_SKIP_HOOKS=' \
-  || printf '%s' "$command_str" | grep -Eq 'core\.hooksPath([[:space:]]*=)?[[:space:]]*/dev/null' \
-  || printf '%s' "$command_str" | grep -Eq 'core\.hooksPath[[:space:]]*=[[:space:]]*($|[[:space:];&|"'\''])'; then
+command -v python3 >/dev/null 2>&1 || allow
+
+if ! BLOCK_NO_VERIFY_COMMAND="$command_str" python3 - <<'PY'
+import os
+import re
+import shlex
+import sys
+
+command = os.environ.get("BLOCK_NO_VERIFY_COMMAND", "")
+
+
+def strip_heredocs(text: str) -> str:
+    lines = text.splitlines()
+    output = []
+    pending = []
+    marker_pattern = re.compile(
+        r"<<-?\s*(?:'([^']+)'|\"([^\"]+)\"|([A-Za-z_][A-Za-z0-9_]*))"
+    )
+    index = 0
+    while index < len(lines):
+        line = lines[index]
+        output.append(line)
+        pending.extend(
+            next(group for group in match.groups() if group)
+            for match in marker_pattern.finditer(line)
+        )
+        index += 1
+        while pending and index < len(lines):
+            if lines[index].strip() == pending[0]:
+                output.append(lines[index])
+                pending.pop(0)
+                index += 1
+                break
+            index += 1
+    return "\n".join(output)
+
+
+try:
+    tokens = shlex.split(strip_heredocs(command), posix=True)
+except ValueError:
+    sys.exit(0)
+
+normalized_tokens = [token.strip("();|&") for token in tokens]
+
+for i, token in enumerate(normalized_tokens):
+    if token == "--no-verify":
+        sys.exit(1)
+    if token == "HUSKY=0" or token.startswith("HUSKY_SKIP_HOOKS="):
+        sys.exit(1)
+    if token.startswith("core.hooksPath="):
+        value = token.split("=", 1)[1]
+        if value in ("", "/dev/null"):
+            sys.exit(1)
+    if token == "core.hooksPath" and i + 1 < len(normalized_tokens) and normalized_tokens[i + 1] in ("", "/dev/null"):
+        sys.exit(1)
+
+sys.exit(0)
+PY
+then
   deny
 fi
 

package/plugins/src/base/hooks/block-no-verify.sh

@@ -9,8 +9,9 @@
 #   2. HUSKY=0 / HUSKY_SKIP_HOOKS=... — disables husky-managed git hooks;
 #   3. core.hooksPath pointed at /dev/null or set empty — disables ALL git hooks.
 #
-# Word-boundary matching avoids false positives on longer flags (--no-verify-ssl,
-# --no-verify-host) and on a legit custom hooks path (core.hooksPath=.husky).
+# Shell-token matching avoids false positives from issue bodies, heredocs, and
+# commit-message prose while still catching quoted real argv values such as
+# `git -c "core.hooksPath=/dev/null"`.
 #
 # The short `-n` form is intentionally NOT matched (see block-no-verify.agy.sh):
 # grep cannot distinguish a real -n option from -n in commit-message prose or an
@@ -29,14 +30,65 @@ if [ -z "$command_str" ]; then
   exit 0
 fi
 
-# Each pattern is bounded by non-token characters so longer flags
-# (--no-verify-ssl) and legit values (core.hooksPath=.husky, HUSKY=1) don't match,
-# while every syntactic position is caught (incl. subshells, e.g. `(git commit --no-verify)`).
-if printf '%s' "$command_str" | grep -Eq '(^|[^[:alnum:]_-])--no-verify($|[^[:alnum:]_-])' \
-  || printf '%s' "$command_str" | grep -Eq '(^|[^[:alnum:]_-])HUSKY=0($|[^[:alnum:]])' \
-  || printf '%s' "$command_str" | grep -Eq '(^|[^[:alnum:]_-])HUSKY_SKIP_HOOKS=' \
-  || printf '%s' "$command_str" | grep -Eq 'core\.hooksPath([[:space:]]*=)?[[:space:]]*/dev/null' \
-  || printf '%s' "$command_str" | grep -Eq 'core\.hooksPath[[:space:]]*=[[:space:]]*($|[[:space:];&|"'\''])'; then
+command -v python3 >/dev/null 2>&1 || exit 0
+
+if ! BLOCK_NO_VERIFY_COMMAND="$command_str" python3 - <<'PY'
+import os
+import re
+import shlex
+import sys
+
+command = os.environ.get("BLOCK_NO_VERIFY_COMMAND", "")
+
+
+def strip_heredocs(text: str) -> str:
+    lines = text.splitlines()
+    output = []
+    pending = []
+    marker_pattern = re.compile(
+        r"<<-?\s*(?:'([^']+)'|\"([^\"]+)\"|([A-Za-z_][A-Za-z0-9_]*))"
+    )
+    index = 0
+    while index < len(lines):
+        line = lines[index]
+        output.append(line)
+        pending.extend(
+            next(group for group in match.groups() if group)
+            for match in marker_pattern.finditer(line)
+        )
+        index += 1
+        while pending and index < len(lines):
+            if lines[index].strip() == pending[0]:
+                output.append(lines[index])
+                pending.pop(0)
+                index += 1
+                break
+            index += 1
+    return "\n".join(output)
+
+
+try:
+    tokens = shlex.split(strip_heredocs(command), posix=True)
+except ValueError:
+    sys.exit(0)
+
+normalized_tokens = [token.strip("();|&") for token in tokens]
+
+for i, token in enumerate(normalized_tokens):
+    if token == "--no-verify":
+        sys.exit(1)
+    if token == "HUSKY=0" or token.startswith("HUSKY_SKIP_HOOKS="):
+        sys.exit(1)
+    if token.startswith("core.hooksPath="):
+        value = token.split("=", 1)[1]
+        if value in ("", "/dev/null"):
+            sys.exit(1)
+    if token == "core.hooksPath" and i + 1 < len(normalized_tokens) and normalized_tokens[i + 1] in ("", "/dev/null"):
+        sys.exit(1)
+
+sys.exit(0)
+PY
+then
   cat >&2 <<'EOF'
 Blocked: this command bypasses pre-commit/pre-push hooks (--no-verify, HUSKY=0,
 or core.hooksPath disabling). Fix the underlying issue (lint error, failing