claude-git-hooks 2.1.0 → 2.3.0

package/templates/presets/database/PRE_COMMIT_GUIDELINES.md

@@ -0,0 +1,143 @@
+# Database Code Quality Guidelines
+
+## SQL Server Best Practices
+
+### Schema Design
+✅ Use appropriate data types (avoid VARCHAR(MAX) unless needed)
+✅ Define primary keys on all tables
+✅ Define foreign keys for relationships
+✅ Add CHECK constraints for data validation
+✅ Use NOT NULL where appropriate
+✅ Add default values where sensible
+
+### Indexes
+✅ Index all foreign key columns
+✅ Index columns used in WHERE, JOIN, ORDER BY
+✅ Consider covering indexes for frequent queries
+✅ Don't over-index (impacts INSERT/UPDATE performance)
+✅ Use include columns for covering indexes
+✅ Monitor index fragmentation
+
+### Query Performance
+✅ Avoid SELECT * (specify columns)
+✅ Use proper JOIN types (INNER, LEFT, etc.)
+✅ Include WHERE clauses to limit results
+✅ Use appropriate indexes
+✅ Avoid functions on indexed columns in WHERE
+✅ Use EXISTS instead of IN for subqueries
+✅ Implement pagination for large result sets
+
+### Stored Procedures
+✅ Start with SET NOCOUNT ON
+✅ Use TRY...CATCH for error handling
+✅ Use parameters (prevent SQL injection)
+✅ Return meaningful error codes/messages
+✅ Use transactions for multi-step operations
+✅ Comment complex logic
+
+### Transactions
+✅ Keep transactions short
+✅ Handle errors properly (ROLLBACK on error)
+✅ Use appropriate isolation level
+✅ Don't hold locks longer than needed
+✅ Commit or rollback all transactions
+
+### Security
+✅ Use parameterized queries (no string concatenation)
+✅ Grant minimum necessary permissions
+✅ Encrypt sensitive data at rest
+✅ Use schemas to organize objects
+✅ Avoid dynamic SQL when possible
+✅ If using dynamic SQL, use sp_executesql with parameters
+
+## Common Issues to Avoid
+
+### Critical Issues (BLOCKER)
+❌ UPDATE/DELETE without WHERE clause
+❌ SQL injection vulnerabilities
+❌ Granting excessive permissions (db_owner, sysadmin)
+❌ No transaction handling for multi-step operations
+
+### Performance Issues (MAJOR)
+❌ SELECT * in production code
+❌ Missing indexes on foreign keys
+❌ Functions on indexed columns in WHERE
+❌ Implicit conversions
+❌ Cursors for set-based operations
+❌ Missing WHERE clause causing full table scan
+
+### Data Integrity Issues (CRITICAL)
+❌ Missing foreign key constraints
+❌ Missing primary keys
+❌ No CHECK constraints for validation
+❌ Nullable columns that shouldn't be
+❌ No default values where needed
+
+### Code Quality Issues (MINOR)
+❌ No error handling
+❌ Unclear variable names
+❌ Missing comments on complex logic
+❌ Inconsistent formatting
+❌ Magic numbers without explanation
+
+## T-SQL Specific
+
+### Error Handling
+```sql
+BEGIN TRY
+    BEGIN TRANSACTION;
+
+    -- Your operations here
+
+    COMMIT TRANSACTION;
+END TRY
+BEGIN CATCH
+    IF @@TRANCOUNT > 0
+        ROLLBACK TRANSACTION;
+
+    -- Log error or re-throw
+    THROW;
+END CATCH;
+```
+
+### Parameterization
+```sql
+-- ✅ Good (parameterized)
+EXEC sp_executesql
+    N'SELECT * FROM Users WHERE UserId = @UserId',
+    N'@UserId INT',
+    @UserId = @InputUserId;
+
+-- ❌ Bad (SQL injection risk)
+EXEC('SELECT * FROM Users WHERE UserId = ' + @InputUserId);
+```
+
+### Index Usage
+```sql
+-- ❌ Bad (function prevents index usage)
+SELECT * FROM Users WHERE YEAR(CreatedDate) = 2024;
+
+-- ✅ Good (can use index)
+SELECT * FROM Users
+WHERE CreatedDate >= '2024-01-01'
+  AND CreatedDate < '2025-01-01';
+```
+
+## Migration Scripts
+
+✅ Include rollback script
+✅ Make scripts idempotent when possible
+✅ Check for existence before CREATE/ALTER
+✅ Use transactions
+✅ Test on non-production first
+✅ Document breaking changes
+✅ Version your scripts
+
+## Testing
+
+- Test with realistic data volumes
+- Test edge cases (NULL, empty strings, etc.)
+- Test concurrent access
+- Verify indexes are being used (execution plan)
+- Test rollback scenarios
+- Verify constraints work as expected

package/templates/presets/database/config.json

@@ -0,0 +1,12 @@
+{
+  "analysis": {
+    "maxFileSize": 150000,
+    "maxFiles": 8,
+    "timeout": 120000
+  },
+  "subagents": {
+    "enabled": false,
+    "model": "sonnet",
+    "batchSize": 2
+  }
+}

package/templates/presets/database/preset.json

@@ -0,0 +1,38 @@
+{
+  "name": "database",
+  "displayName": "Database (SQL Server)",
+  "description": "SQL Server database scripts and migrations",
+  "version": "1.0.0",
+
+  "techStack": [
+    "SQL Server",
+    "T-SQL",
+    "Stored Procedures",
+    "Views",
+    "Triggers",
+    "Indexes"
+  ],
+
+  "fileExtensions": [
+    ".sql"
+  ],
+
+  "focusAreas": [
+    "SQL injection prevention",
+    "Query performance and optimization",
+    "Index usage and design",
+    "Transaction management",
+    "Proper use of constraints",
+    "Data integrity",
+    "Security and permissions",
+    "Avoiding common anti-patterns"
+  ],
+
+  "templates": {
+    "analysis": "ANALYSIS_PROMPT.md",
+    "guidelines": "PRE_COMMIT_GUIDELINES.md",
+    "commitMessage": "../shared/COMMIT_MESSAGE.md",
+    "analyzeDiff": "../shared/ANALYZE_DIFF.md",
+    "resolution": "../shared/RESOLUTION_PROMPT.md"
+  }
+}

package/templates/presets/default/config.json

@@ -0,0 +1,12 @@
+{
+  "analysis": {
+    "maxFileSize": 100000,
+    "maxFiles": 10,
+    "timeout": 120000
+  },
+  "subagents": {
+    "enabled": false,
+    "model": "sonnet",
+    "batchSize": 3
+  }
+}

package/templates/presets/default/preset.json

@@ -0,0 +1,53 @@
+{
+  "name": "default",
+  "displayName": "Default (General-purpose)",
+  "description": "General scripting and development",
+  "version": "1.0.0",
+
+  "techStack": [
+    "General scripting",
+    "JavaScript",
+    "Python",
+    "Bash",
+    "Ruby",
+    "Perl",
+    "PowerShell",
+    "SQL",
+    "YAML",
+    "JSON",
+    "XML"
+  ],
+
+  "fileExtensions": [
+    ".js",
+    ".sh",
+    ".bash",
+    ".py",
+    ".rb",
+    ".pl",
+    ".ps1",
+    ".sql",
+    ".yaml",
+    ".yml",
+    ".json",
+    ".xml",
+    ".md"
+  ],
+
+  "focusAreas": [
+    "Code quality basics",
+    "Security fundamentals (input validation, escaping)",
+    "Performance best practices",
+    "Maintainability",
+    "Error handling",
+    "Documentation"
+  ],
+
+  "templates": {
+    "analysis": "../shared/ANALYSIS_PROMPT.md",
+    "guidelines": "../shared/PRE_COMMIT_GUIDELINES.md",
+    "commitMessage": "../shared/COMMIT_MESSAGE.md",
+    "analyzeDiff": "../shared/ANALYZE_DIFF.md",
+    "resolution": "../shared/RESOLUTION_PROMPT.md"
+  }
+}

package/templates/presets/frontend/ANALYSIS_PROMPT.md

@@ -0,0 +1,99 @@
+You are analyzing a **{{PRESET_NAME}}** project with the following technology stack:
+
+**Tech Stack:** {{TECH_STACK}}
+
+**Analyzing files matching:** {{FILE_EXTENSIONS}}
+
+## Your Task
+
+Perform a comprehensive code quality analysis focusing on these areas:
+
+{{FOCUS_AREAS}}
+
+## Analysis Guidelines
+
+1. **Security First**: Check for frontend security issues:
+   - XSS vulnerabilities (dangerouslySetInnerHTML)
+   - Exposed API keys or secrets
+   - Insecure authentication token handling
+   - CSRF vulnerabilities
+   - Unvalidated redirects
+
+2. **React Best Practices**:
+   - Proper use of hooks (useState, useEffect, useCallback, useMemo)
+   - Avoiding unnecessary re-renders
+   - Proper dependency arrays in useEffect
+   - Component composition over inheritance
+   - Proper prop types or TypeScript types
+
+3. **State Management**:
+   - Redux patterns and anti-patterns
+   - Proper use of Redux Saga
+   - Immutable state updates
+   - Avoid prop drilling
+   - Local vs global state decisions
+
+4. **Performance**:
+   - Unnecessary re-renders
+   - Missing React.memo or useMemo
+   - Large bundle sizes
+   - Unoptimized images
+   - Memory leaks (cleanup in useEffect)
+
+5. **Accessibility**:
+   - Semantic HTML
+   - ARIA labels where needed
+   - Keyboard navigation
+   - Screen reader support
+   - Color contrast
+
+6. **Code Quality**:
+   - Component reusability
+   - DRY violations
+   - Proper error handling
+   - Console errors/warnings
+   - Test coverage
+
+## Output Format
+
+Respond with a valid JSON following the SonarQube format:
+
+```json
+{
+  "QUALITY_GATE": "PASSED|FAILED",
+  "approved": true|false,
+  "metrics": {
+    "reliability": "A|B|C|D|E",
+    "security": "A|B|C|D|E",
+    "maintainability": "A|B|C|D|E",
+    "coverage": 0-100,
+    "duplications": 0-100,
+    "complexity": "number"
+  },
+  "issues": {
+    "blocker": 0,
+    "critical": 0,
+    "major": 0,
+    "minor": 0,
+    "info": 0
+  },
+  "details": [
+    {
+      "severity": "BLOCKER|CRITICAL|MAJOR|MINOR|INFO",
+      "type": "BUG|VULNERABILITY|CODE_SMELL",
+      "file": "path/to/file.jsx",
+      "line": 123,
+      "message": "Clear description of the issue"
+    }
+  ],
+  "securityHotspots": 0,
+  "blockingIssues": ["List of critical issues that must be fixed"]
+}
+```
+
+## Analysis Rules
+
+- **Block commit** if: Security vulnerabilities (XSS, exposed secrets), critical bugs, or accessibility blockers
+- **Pass** if: Only minor issues, info messages, or no issues
+- Be strict but fair - focus on real problems, not style preferences
+- Provide actionable, specific feedback with line numbers

package/templates/presets/frontend/PRE_COMMIT_GUIDELINES.md

@@ -0,0 +1,95 @@
+# Frontend Code Quality Guidelines
+
+## React Standards
+
+### Components
+- Use functional components with hooks
+- Keep components small and focused (< 200 lines)
+- Extract reusable logic into custom hooks
+- Use proper prop types or TypeScript
+- Avoid deep nesting (max 3-4 levels)
+
+### Hooks
+- Follow Rules of Hooks (top level, not in loops/conditions)
+- Provide complete dependency arrays in useEffect
+- Use useCallback for functions passed to child components
+- Use useMemo for expensive calculations
+- Clean up effects (return cleanup function)
+
+### State Management
+- Keep state as local as possible
+- Use Redux only for truly global state
+- Follow Redux best practices (immutable updates)
+- Use Redux Saga for side effects
+- Normalize state shape
+
+### Performance
+- Use React.memo for expensive components
+- Lazy load routes and heavy components
+- Optimize images and assets
+- Avoid inline function definitions in JSX
+- Use virtualization for long lists
+
+## Security Requirements
+
+### XSS Prevention
+- Never use `dangerouslySetInnerHTML` without sanitization
+- Validate and sanitize user input
+- Be careful with URL parameters
+- Escape user-generated content
+
+### Authentication
+- Store tokens securely (httpOnly cookies preferred)
+- Never log sensitive data
+- Implement proper session timeout
+- Clear sensitive data on logout
+
+### API Security
+- Never expose API keys in client code
+- Use environment variables for configuration
+- Validate API responses
+- Handle errors without exposing internals
+
+## Accessibility (a11y)
+
+### Must Have
+- Semantic HTML elements
+- Alt text for images
+- ARIA labels for icons and buttons
+- Keyboard navigation support
+- Focus management
+
+### Forms
+- Label all inputs properly
+- Show validation errors clearly
+- Support keyboard navigation
+- Provide helpful error messages
+
+## Common Issues to Avoid
+
+❌ Missing dependency arrays in useEffect
+❌ Using dangerouslySetInnerHTML
+❌ Exposed API keys or secrets
+❌ Missing error boundaries
+❌ Unnecessary re-renders
+❌ Memory leaks (missing cleanup)
+❌ Ignoring console warnings
+❌ Poor accessibility
+❌ Missing loading/error states
+❌ Not handling async errors
+
+## Testing
+
+- Write tests for complex components
+- Test user interactions
+- Test error scenarios
+- Mock API calls
+- Aim for 70%+ coverage on new code
+
+## Styling
+
+- Use consistent naming (BEM, CSS modules, or styled-components)
+- Avoid inline styles except for dynamic values
+- Ensure responsive design
+- Check color contrast ratios
+- Use CSS variables for theming

package/templates/presets/frontend/config.json

@@ -0,0 +1,12 @@
+{
+  "analysis": {
+    "maxFileSize": 100000,
+    "maxFiles": 10,
+    "timeout": 120000
+  },
+  "subagents": {
+    "enabled": true,
+    "model": "sonnet",
+    "batchSize": 3
+  }
+}

package/templates/presets/frontend/preset.json

@@ -0,0 +1,50 @@
+{
+  "name": "frontend",
+  "displayName": "Frontend (React + Material-UI)",
+  "description": "React frontend with Material-UI, Redux, React Hook Form",
+  "version": "1.0.0",
+
+  "techStack": [
+    "React 18+",
+    "React Router 6+",
+    "Material-UI v5",
+    "Semantic UI",
+    "Redux",
+    "Redux Saga",
+    "React Hook Form",
+    "Highcharts",
+    "Axios",
+    "Jest",
+    "Testing Library"
+  ],
+
+  "fileExtensions": [
+    ".js",
+    ".jsx",
+    ".ts",
+    ".tsx",
+    ".css",
+    ".scss",
+    ".html"
+  ],
+
+  "focusAreas": [
+    "Component design and reusability",
+    "React hooks best practices",
+    "State management patterns",
+    "Performance optimization (memoization, lazy loading)",
+    "XSS prevention and input sanitization",
+    "Accessibility (a11y)",
+    "Responsive design",
+    "Error boundaries and error handling",
+    "Test coverage"
+  ],
+
+  "templates": {
+    "analysis": "ANALYSIS_PROMPT.md",
+    "guidelines": "PRE_COMMIT_GUIDELINES.md",
+    "commitMessage": "../shared/COMMIT_MESSAGE.md",
+    "analyzeDiff": "../shared/ANALYZE_DIFF.md",
+    "resolution": "../shared/RESOLUTION_PROMPT.md"
+  }
+}

package/templates/presets/fullstack/ANALYSIS_PROMPT.md

@@ -0,0 +1,107 @@
+You are analyzing a **{{PRESET_NAME}}** project with the following technology stack:
+
+**Tech Stack:** {{TECH_STACK}}
+
+**Analyzing files matching:** {{FILE_EXTENSIONS}}
+
+## Your Task
+
+Perform a comprehensive full-stack code quality analysis. **PRIORITY: Check consistency between layers first**, then apply layer-specific guidelines.
+
+**Focus Areas:**
+{{FOCUS_AREAS}}
+
+## Full-Stack Analysis Guidelines
+
+### 1. **Cross-Layer Consistency** (HIGHEST PRIORITY)
+
+Check these consistency issues first:
+
+- **API Contracts**: Do DTOs match frontend types/interfaces?
+- **Error Handling**: Are backend error responses handled properly in frontend?
+- **Authentication**: Is JWT/token handling consistent?
+- **Data Validation**: Is validation present on both client and server?
+- **Status Codes**: Are HTTP status codes used correctly and handled properly?
+
+### 2. **Backend Layer** (Spring Boot)
+
+- REST API design and best practices
+- JPA entities and repositories
+- Security vulnerabilities (OWASP)
+- SQL injection prevention
+- Transaction management
+- DTO mappings
+- Service layer patterns
+
+### 3. **Frontend Layer** (React)
+
+- Component design and reusability
+- React hooks best practices
+- State management patterns
+- XSS prevention
+- Performance optimization
+- Accessibility (a11y)
+- Error boundaries
+
+### 4. **Security Across Layers**
+
+- Backend: SQL injection, authentication, authorization
+- Frontend: XSS, exposed secrets, token storage
+- Both: Input validation, error message exposure, CORS
+
+### 5. **Performance Across Layers**
+
+- Backend: Database queries, N+1 problems, caching
+- Frontend: Re-renders, bundle size, lazy loading
+- Both: API payload size, pagination
+
+## Output Format
+
+Respond with a valid JSON following the SonarQube format:
+
+```json
+{
+  "QUALITY_GATE": "PASSED|FAILED",
+  "approved": true|false,
+  "metrics": {
+    "reliability": "A|B|C|D|E",
+    "security": "A|B|C|D|E",
+    "maintainability": "A|B|C|D|E",
+    "coverage": 0-100,
+    "duplications": 0-100,
+    "complexity": "number"
+  },
+  "issues": {
+    "blocker": 0,
+    "critical": 0,
+    "major": 0,
+    "minor": 0,
+    "info": 0
+  },
+  "details": [
+    {
+      "severity": "BLOCKER|CRITICAL|MAJOR|MINOR|INFO",
+      "type": "BUG|VULNERABILITY|CODE_SMELL|CONSISTENCY",
+      "file": "path/to/file",
+      "line": 123,
+      "message": "Clear description - mention if it's a cross-layer issue"
+    }
+  ],
+  "securityHotspots": 0,
+  "blockingIssues": ["List of critical issues that must be fixed"],
+  "consistencyIssues": ["Cross-layer inconsistencies found"]
+}
+```
+
+## Analysis Rules
+
+- **Block commit** if:
+  - Critical cross-layer inconsistencies (mismatched contracts, broken data flow)
+  - Security vulnerabilities in any layer
+  - Critical bugs in backend or frontend
+
+- **Pass** if: Only minor issues or no issues
+
+- **Special attention**: When both backend and frontend files are modified together, carefully verify they work together correctly
+
+- Provide actionable, specific feedback with line numbers and layer context