block-no-verify 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,119 @@
+# block-no-verify
+
+A security tool that blocks the `--no-verify` flag in git commands. Designed to prevent AI agents from bypassing git hooks.
+
+## Why?
+
+When using AI coding assistants like Claude Code, you might have git hooks (pre-commit, pre-push) that enforce code quality, run tests, or perform security checks. The `--no-verify` flag allows bypassing these hooks, which could allow AI agents to skip important validations.
+
+This package provides a CLI that can be used as a Claude Code hook to block any git commands that include `--no-verify`.
+
+## Installation
+
+```bash
+npm install -g block-no-verify
+# or
+pnpm add -g block-no-verify
+```
+
+## Usage with Claude Code
+
+Add this to your `.claude/settings.json`:
+
+```json
+{
+  "hooks": {
+    "PreToolUse": [
+      {
+        "matcher": "Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "block-no-verify"
+          }
+        ]
+      }
+    ]
+  }
+}
+```
+
+This will block any Bash commands that contain `--no-verify` with supported git commands.
+
+## Supported Git Commands
+
+The following git commands are monitored for `--no-verify`:
+
+- `git commit`
+- `git push`
+- `git merge`
+- `git cherry-pick`
+- `git rebase`
+- `git am`
+
+## Behavior
+
+| Command                  | Blocked? | Notes                                         |
+| ------------------------ | -------- | --------------------------------------------- |
+| `git commit --no-verify` | Yes      |                                               |
+| `git commit -n`          | Yes      | `-n` is shorthand for `--no-verify` in commit |
+| `git push --no-verify`   | Yes      |                                               |
+| `git push -n`            | No       | `-n` means `--dry-run` in push                |
+| `git merge --no-verify`  | Yes      |                                               |
+| `git merge -n`           | No       | `-n` means `--no-commit` in merge             |
+| `git commit -m "msg"`    | No       | No `--no-verify` flag                         |
+
+## Exit Codes
+
+- `0` - Command is allowed
+- `2` - Command is blocked (contains `--no-verify`)
+- `1` - An error occurred
+
+## Programmatic Usage
+
+```typescript
+import {
+  checkCommand,
+  detectGitCommand,
+  hasNoVerifyFlag,
+} from 'block-no-verify'
+
+// Check if a command should be blocked
+const result = checkCommand('git commit --no-verify -m "test"')
+console.log(result.blocked) // true
+console.log(result.reason) // "BLOCKED: --no-verify flag is not allowed..."
+
+// Detect git command type
+const cmd = detectGitCommand('git push origin main')
+console.log(cmd) // "push"
+
+// Check for no-verify flag
+const hasFlag = hasNoVerifyFlag('git commit -n -m "test"', 'commit')
+console.log(hasFlag) // true
+```
+
+## Development
+
+```bash
+# Install dependencies
+pnpm install
+
+# Build
+pnpm build
+
+# Run tests
+pnpm test
+
+# Run tests with coverage
+pnpm test:coverage
+
+# Lint
+pnpm lint
+
+# Format
+pnpm format
+```
+
+## License
+
+MIT

package/dist/check-command.d.ts

@@ -0,0 +1,9 @@
+import type { CheckResult } from './check-result.js';
+/**
+ * Checks a command input for --no-verify flag usage
+ *
+ * @param input - The command input to check (typically from stdin in Claude Code hooks)
+ * @returns CheckResult indicating whether the command should be blocked
+ */
+export declare function checkCommand(input: string): CheckResult;
+//# sourceMappingURL=check-command.d.ts.map

package/dist/check-command.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-command.d.ts","sourceRoot":"","sources":["../src/check-command.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAIpD;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,WAAW,CAgBvD"}

package/dist/check-command.js

@@ -0,0 +1,23 @@
+import { detectGitCommand } from './detect-git-command.js';
+import { hasNoVerifyFlag } from './has-no-verify-flag.js';
+/**
+ * Checks a command input for --no-verify flag usage
+ *
+ * @param input - The command input to check (typically from stdin in Claude Code hooks)
+ * @returns CheckResult indicating whether the command should be blocked
+ */
+export function checkCommand(input) {
+    const gitCommand = detectGitCommand(input);
+    if (!gitCommand) {
+        return { blocked: false };
+    }
+    if (hasNoVerifyFlag(input, gitCommand)) {
+        return {
+            blocked: true,
+            reason: `BLOCKED: --no-verify flag is not allowed with git ${gitCommand}. Git hooks must not be bypassed.`,
+            gitCommand,
+        };
+    }
+    return { blocked: false, gitCommand };
+}
+//# sourceMappingURL=check-command.js.map

package/dist/check-command.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-command.js","sourceRoot":"","sources":["../src/check-command.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAA;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAA;AAEzD;;;;;GAKG;AACH,MAAM,UAAU,YAAY,CAAC,KAAa;IACxC,MAAM,UAAU,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAA;IAE1C,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAA;IAC3B,CAAC;IAED,IAAI,eAAe,CAAC,KAAK,EAAE,UAAU,CAAC,EAAE,CAAC;QACvC,OAAO;YACL,OAAO,EAAE,IAAI;YACb,MAAM,EAAE,qDAAqD,UAAU,mCAAmC;YAC1G,UAAU;SACX,CAAA;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,CAAA;AACvC,CAAC"}

package/dist/check-result.d.ts

@@ -0,0 +1,13 @@
+import type { GitCommand } from './git-command.js';
+/**
+ * Result of checking a command for --no-verify flag
+ */
+export interface CheckResult {
+    /** Whether the command is blocked */
+    blocked: boolean;
+    /** The reason the command was blocked, if any */
+    reason?: string;
+    /** The detected git command, if any */
+    gitCommand?: GitCommand;
+}
+//# sourceMappingURL=check-result.d.ts.map

package/dist/check-result.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-result.d.ts","sourceRoot":"","sources":["../src/check-result.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AAElD;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,qCAAqC;IACrC,OAAO,EAAE,OAAO,CAAA;IAChB,iDAAiD;IACjD,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,uCAAuC;IACvC,UAAU,CAAC,EAAE,UAAU,CAAA;CACxB"}

package/dist/check-result.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=check-result.js.map

package/dist/check-result.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-result.js","sourceRoot":"","sources":["../src/check-result.ts"],"names":[],"mappings":""}

package/dist/cli.d.ts

@@ -0,0 +1,32 @@
+#!/usr/bin/env node
+/**
+ * block-no-verify CLI
+ *
+ * Usage in Claude Code hooks:
+ *
+ * In your .claude/settings.json:
+ * ```json
+ * {
+ *   "hooks": {
+ *     "PreToolUse": [
+ *       {
+ *         "matcher": "Bash",
+ *         "hooks": [
+ *           {
+ *             "type": "command",
+ *             "command": "block-no-verify"
+ *           }
+ *         ]
+ *       }
+ *     ]
+ *   }
+ * }
+ * ```
+ *
+ * The CLI reads the command from stdin and exits with:
+ * - 0 if the command is allowed
+ * - 2 if the command is blocked (contains --no-verify)
+ * - 1 if an error occurred
+ */
+export {};
+//# sourceMappingURL=cli.d.ts.map

package/dist/cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG"}

package/dist/cli.js

@@ -0,0 +1,75 @@
+#!/usr/bin/env node
+/**
+ * block-no-verify CLI
+ *
+ * Usage in Claude Code hooks:
+ *
+ * In your .claude/settings.json:
+ * ```json
+ * {
+ *   "hooks": {
+ *     "PreToolUse": [
+ *       {
+ *         "matcher": "Bash",
+ *         "hooks": [
+ *           {
+ *             "type": "command",
+ *             "command": "block-no-verify"
+ *           }
+ *         ]
+ *       }
+ *     ]
+ *   }
+ * }
+ * ```
+ *
+ * The CLI reads the command from stdin and exits with:
+ * - 0 if the command is allowed
+ * - 2 if the command is blocked (contains --no-verify)
+ * - 1 if an error occurred
+ */
+import { checkCommand, EXIT_CODES } from './index.js';
+async function readStdin() {
+    return new Promise((resolve, reject) => {
+        let data = '';
+        // Set encoding to utf8
+        process.stdin.setEncoding('utf8');
+        // Handle data chunks
+        process.stdin.on('data', chunk => {
+            data += chunk;
+        });
+        // Resolve when stdin ends
+        process.stdin.on('end', () => {
+            resolve(data);
+        });
+        // Handle errors
+        process.stdin.on('error', err => {
+            reject(err);
+        });
+        // If stdin is empty/not piped, resolve with empty string after a short timeout
+        if (process.stdin.isTTY) {
+            resolve('');
+        }
+    });
+}
+async function main() {
+    try {
+        const input = await readStdin();
+        if (!input.trim()) {
+            // No input provided, allow by default
+            process.exit(EXIT_CODES.ALLOWED);
+        }
+        const result = checkCommand(input);
+        if (result.blocked) {
+            console.error(result.reason);
+            process.exit(EXIT_CODES.BLOCKED);
+        }
+        process.exit(EXIT_CODES.ALLOWED);
+    }
+    catch (error) {
+        console.error('Error:', error instanceof Error ? error.message : String(error));
+        process.exit(EXIT_CODES.ERROR);
+    }
+}
+main();
+//# sourceMappingURL=cli.js.map

package/dist/cli.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AAEH,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,YAAY,CAAA;AAErD,KAAK,UAAU,SAAS;IACtB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,IAAI,GAAG,EAAE,CAAA;QAEb,uBAAuB;QACvB,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAA;QAEjC,qBAAqB;QACrB,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE;YAC/B,IAAI,IAAI,KAAK,CAAA;QACf,CAAC,CAAC,CAAA;QAEF,0BAA0B;QAC1B,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;YAC3B,OAAO,CAAC,IAAI,CAAC,CAAA;QACf,CAAC,CAAC,CAAA;QAEF,gBAAgB;QAChB,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE;YAC9B,MAAM,CAAC,GAAG,CAAC,CAAA;QACb,CAAC,CAAC,CAAA;QAEF,+EAA+E;QAC/E,IAAI,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;YACxB,OAAO,CAAC,EAAE,CAAC,CAAA;QACb,CAAC;IACH,CAAC,CAAC,CAAA;AACJ,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,SAAS,EAAE,CAAA;QAE/B,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;YAClB,sCAAsC;YACtC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAA;QAClC,CAAC;QAED,MAAM,MAAM,GAAG,YAAY,CAAC,KAAK,CAAC,CAAA;QAElC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;YAC5B,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAA;QAClC,CAAC;QAED,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAA;IAClC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CACX,QAAQ,EACR,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CACvD,CAAA;QACD,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;IAChC,CAAC;AACH,CAAC;AAED,IAAI,EAAE,CAAA"}

package/dist/detect-git-command.d.ts

@@ -0,0 +1,6 @@
+import type { GitCommand } from './git-command.js';
+/**
+ * Checks if the input contains a git command
+ */
+export declare function detectGitCommand(input: string): GitCommand | null;
+//# sourceMappingURL=detect-git-command.d.ts.map

package/dist/detect-git-command.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"detect-git-command.d.ts","sourceRoot":"","sources":["../src/detect-git-command.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AAElD;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,GAAG,IAAI,CAmCjE"}

package/dist/detect-git-command.js

@@ -0,0 +1,39 @@
+import { GIT_COMMANDS_WITH_NO_VERIFY } from './types.js';
+/**
+ * Checks if the input contains a git command
+ */
+export function detectGitCommand(input) {
+    for (const cmd of GIT_COMMANDS_WITH_NO_VERIFY) {
+        // Match patterns like: git commit, git -C /path commit
+        // Using string concatenation and simple includes/match to avoid non-literal RegExp
+        const gitIndex = input.indexOf('git');
+        if (gitIndex === -1)
+            continue;
+        const cmdIndex = input.indexOf(cmd, gitIndex);
+        if (cmdIndex === -1)
+            continue;
+        // Verify 'git' is a word boundary (not part of another word)
+        const beforeGit = gitIndex > 0 ? input[gitIndex - 1] : ' ';
+        const afterGit = input[gitIndex + 3] || ' ';
+        if (!/\s|^$/.test(beforeGit) && beforeGit !== ';' && beforeGit !== '&') {
+            continue;
+        }
+        if (!/\s/.test(afterGit))
+            continue;
+        // Verify the command is a word boundary
+        const beforeCmd = cmdIndex > 0 ? input[cmdIndex - 1] : ' ';
+        const afterCmd = input[cmdIndex + cmd.length] || ' ';
+        if (!/\s/.test(beforeCmd))
+            continue;
+        if (!/\s|$/.test(afterCmd) && afterCmd !== ';' && afterCmd !== '&') {
+            continue;
+        }
+        // Make sure there's no pipe or semicolon between git and cmd that would indicate separate commands
+        const between = input.slice(gitIndex + 3, cmdIndex);
+        if (/[;|]/.test(between))
+            continue;
+        return cmd;
+    }
+    return null;
+}
+//# sourceMappingURL=detect-git-command.js.map

package/dist/detect-git-command.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"detect-git-command.js","sourceRoot":"","sources":["../src/detect-git-command.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,2BAA2B,EAAE,MAAM,YAAY,CAAA;AAGxD;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,KAAa;IAC5C,KAAK,MAAM,GAAG,IAAI,2BAA2B,EAAE,CAAC;QAC9C,uDAAuD;QACvD,mFAAmF;QACnF,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAA;QACrC,IAAI,QAAQ,KAAK,CAAC,CAAC;YAAE,SAAQ;QAE7B,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;QAC7C,IAAI,QAAQ,KAAK,CAAC,CAAC;YAAE,SAAQ;QAE7B,6DAA6D;QAC7D,MAAM,SAAS,GAAG,QAAQ,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAA;QAC1D,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC,IAAI,GAAG,CAAA;QAE3C,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,SAAS,KAAK,GAAG,IAAI,SAAS,KAAK,GAAG,EAAE,CAAC;YACvE,SAAQ;QACV,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC;YAAE,SAAQ;QAElC,wCAAwC;QACxC,MAAM,SAAS,GAAG,QAAQ,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAA;QAC1D,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,GAAG,CAAA;QAEpD,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC;YAAE,SAAQ;QACnC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,QAAQ,KAAK,GAAG,IAAI,QAAQ,KAAK,GAAG,EAAE,CAAC;YACnE,SAAQ;QACV,CAAC;QAED,mGAAmG;QACnG,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,EAAE,QAAQ,CAAC,CAAA;QACnD,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC;YAAE,SAAQ;QAElC,OAAO,GAAG,CAAA;IACZ,CAAC;IACD,OAAO,IAAI,CAAA;AACb,CAAC"}

package/dist/exit-codes.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Exit codes for the CLI
+ */
+export declare const EXIT_CODES: {
+    /** Command is allowed to proceed */
+    readonly ALLOWED: 0;
+    /** Command is blocked */
+    readonly BLOCKED: 2;
+    /** An error occurred */
+    readonly ERROR: 1;
+};
+//# sourceMappingURL=exit-codes.d.ts.map

package/dist/exit-codes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"exit-codes.d.ts","sourceRoot":"","sources":["../src/exit-codes.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,eAAO,MAAM,UAAU;IACrB,oCAAoC;;IAEpC,yBAAyB;;IAEzB,wBAAwB;;CAEhB,CAAA"}

package/dist/exit-codes.js

@@ -0,0 +1,12 @@
+/**
+ * Exit codes for the CLI
+ */
+export const EXIT_CODES = {
+    /** Command is allowed to proceed */
+    ALLOWED: 0,
+    /** Command is blocked */
+    BLOCKED: 2,
+    /** An error occurred */
+    ERROR: 1,
+};
+//# sourceMappingURL=exit-codes.js.map

package/dist/exit-codes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"exit-codes.js","sourceRoot":"","sources":["../src/exit-codes.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG;IACxB,oCAAoC;IACpC,OAAO,EAAE,CAAC;IACV,yBAAyB;IACzB,OAAO,EAAE,CAAC;IACV,wBAAwB;IACxB,KAAK,EAAE,CAAC;CACA,CAAA"}

package/dist/git-command.d.ts

@@ -0,0 +1,6 @@
+import { GIT_COMMANDS_WITH_NO_VERIFY } from './types.js';
+/**
+ * Type representing git commands that support --no-verify
+ */
+export type GitCommand = (typeof GIT_COMMANDS_WITH_NO_VERIFY)[number];
+//# sourceMappingURL=git-command.d.ts.map

package/dist/git-command.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"git-command.d.ts","sourceRoot":"","sources":["../src/git-command.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,2BAA2B,EAAE,MAAM,YAAY,CAAA;AAExD;;GAEG;AACH,MAAM,MAAM,UAAU,GAAG,CAAC,OAAO,2BAA2B,CAAC,CAAC,MAAM,CAAC,CAAA"}

package/dist/git-command.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=git-command.js.map

package/dist/git-command.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"git-command.js","sourceRoot":"","sources":["../src/git-command.ts"],"names":[],"mappings":""}

package/dist/has-no-verify-flag.d.ts

@@ -0,0 +1,6 @@
+import type { GitCommand } from './git-command.js';
+/**
+ * Checks if the input contains a --no-verify flag for a specific git command
+ */
+export declare function hasNoVerifyFlag(input: string, command: GitCommand): boolean;
+//# sourceMappingURL=has-no-verify-flag.d.ts.map

package/dist/has-no-verify-flag.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"has-no-verify-flag.d.ts","sourceRoot":"","sources":["../src/has-no-verify-flag.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AAElD;;GAEG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,GAAG,OAAO,CAoB3E"}

package/dist/has-no-verify-flag.js

@@ -0,0 +1,22 @@
+/**
+ * Checks if the input contains a --no-verify flag for a specific git command
+ */
+export function hasNoVerifyFlag(input, command) {
+    // Check for --no-verify
+    if (/--no-verify\b/.test(input)) {
+        return true;
+    }
+    // For commit, -n is a shorthand for --no-verify
+    // For other commands, -n might mean something else, so we need to be careful
+    if (command === 'commit') {
+        // Match -n as a standalone flag or at the start of combined flags
+        if (/\s-n(?:\s|$)/.test(input) || /\s-n[a-zA-Z]/.test(input)) {
+            return true;
+        }
+    }
+    // For push, -n is --dry-run, not --no-verify
+    // For merge, -n is --no-commit, not --no-verify
+    // So we only block --no-verify (long form) for these
+    return false;
+}
+//# sourceMappingURL=has-no-verify-flag.js.map

package/dist/has-no-verify-flag.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"has-no-verify-flag.js","sourceRoot":"","sources":["../src/has-no-verify-flag.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,KAAa,EAAE,OAAmB;IAChE,wBAAwB;IACxB,IAAI,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAChC,OAAO,IAAI,CAAA;IACb,CAAC;IAED,gDAAgD;IAChD,6EAA6E;IAC7E,IAAI,OAAO,KAAK,QAAQ,EAAE,CAAC;QACzB,kEAAkE;QAClE,IAAI,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAC7D,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IAED,6CAA6C;IAC7C,gDAAgD;IAChD,qDAAqD;IAErD,OAAO,KAAK,CAAA;AACd,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,14 @@
+/**
+ * block-no-verify
+ *
+ * A security tool that blocks the --no-verify flag in git commands.
+ * Designed to prevent AI agents from bypassing git hooks.
+ */
+export { GIT_COMMANDS_WITH_NO_VERIFY } from './types.js';
+export type { GitCommand } from './git-command.js';
+export type { CheckResult } from './check-result.js';
+export { EXIT_CODES } from './exit-codes.js';
+export { detectGitCommand } from './detect-git-command.js';
+export { hasNoVerifyFlag } from './has-no-verify-flag.js';
+export { checkCommand } from './check-command.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,2BAA2B,EAAE,MAAM,YAAY,CAAA;AACxD,YAAY,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AAClD,YAAY,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AAC5C,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAA;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAA;AACzD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA"}

package/dist/index.js

@@ -0,0 +1,12 @@
+/**
+ * block-no-verify
+ *
+ * A security tool that blocks the --no-verify flag in git commands.
+ * Designed to prevent AI agents from bypassing git hooks.
+ */
+export { GIT_COMMANDS_WITH_NO_VERIFY } from './types.js';
+export { EXIT_CODES } from './exit-codes.js';
+export { detectGitCommand } from './detect-git-command.js';
+export { hasNoVerifyFlag } from './has-no-verify-flag.js';
+export { checkCommand } from './check-command.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,2BAA2B,EAAE,MAAM,YAAY,CAAA;AAGxD,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AAC5C,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAA;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAA;AACzD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA"}

package/dist/types.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Git commands that support the --no-verify flag
+ */
+export declare const GIT_COMMANDS_WITH_NO_VERIFY: readonly ["commit", "push", "merge", "cherry-pick", "rebase", "am"];
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,eAAO,MAAM,2BAA2B,qEAO9B,CAAA"}

package/dist/types.js

@@ -0,0 +1,12 @@
+/**
+ * Git commands that support the --no-verify flag
+ */
+export const GIT_COMMANDS_WITH_NO_VERIFY = [
+    'commit',
+    'push',
+    'merge',
+    'cherry-pick',
+    'rebase',
+    'am',
+];
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,CAAC,MAAM,2BAA2B,GAAG;IACzC,QAAQ;IACR,MAAM;IACN,OAAO;IACP,aAAa;IACb,QAAQ;IACR,IAAI;CACI,CAAA"}

package/package.json

@@ -0,0 +1,80 @@
+{
+  "name": "block-no-verify",
+  "version": "1.0.0",
+  "description": "CLI tool to block --no-verify flag in git commands. Prevents AI agents from bypassing git hooks.",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "bin": {
+    "block-no-verify": "./dist/cli.js"
+  },
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "keywords": [
+    "git",
+    "no-verify",
+    "hooks",
+    "cli",
+    "security",
+    "ai-safety",
+    "claude-code",
+    "agent-governance"
+  ],
+  "author": "",
+  "license": "MIT",
+  "engines": {
+    "node": ">=20.0.0"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/tupe12334/block-no-verify.git"
+  },
+  "bugs": {
+    "url": "https://github.com/tupe12334/block-no-verify/issues"
+  },
+  "homepage": "https://github.com/tupe12334/block-no-verify#readme",
+  "devDependencies": {
+    "@commitlint/cli": "^20.3.1",
+    "@commitlint/config-conventional": "^20.3.1",
+    "@cspell/dict-he": "^4.0.5",
+    "@types/node": "^25.0.3",
+    "@vitest/coverage-v8": "^4.0.16",
+    "cspell": "^9.4.0",
+    "eslint": "^9.39.2",
+    "eslint-config-agent": "^1.9.0",
+    "eslint-config-publishable-package-json": "^1.0.0",
+    "eslint-import-resolver-typescript": "^4.4.4",
+    "husky": "^9.1.7",
+    "knip": "^5.80.2",
+    "lint-staged": "^16.2.7",
+    "prettier": "^3.7.4",
+    "release-it": "^19.2.3",
+    "typescript": "^5.9.3",
+    "vitest": "^4.0.16"
+  },
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "test": "vitest",
+    "test:watch": "vitest --watch",
+    "test:coverage": "vitest --coverage",
+    "lint": "eslint .",
+    "lint:fix": "eslint . --fix",
+    "format": "prettier --write \"src/**/*.{ts,tsx,js,jsx,json,md}\"",
+    "format:check": "prettier --check \"src/**/*.{ts,tsx,js,jsx,json,md}\"",
+    "spell": "cspell lint '**/*.{ts,js,md,json}' --gitignore",
+    "spell:check": "cspell lint '**/*.{ts,js,md,json}' --gitignore",
+    "knip": "knip",
+    "release": "release-it"
+  }
+}