claude-git-hooks 2.1.0 → 2.3.1

package/templates/presets/backend/preset.json

@@ -0,0 +1,49 @@
+{
+  "name": "backend",
+  "displayName": "Backend (Spring Boot + SQL Server)",
+  "description": "Java backend with Spring Boot, JPA, SQL Server, AWS",
+  "version": "1.0.0",
+
+  "techStack": [
+    "Spring Boot 2.6+",
+    "JPA",
+    "Hibernate",
+    "SQL Server",
+    "Spring Security",
+    "JWT",
+    "MapStruct",
+    "Lombok",
+    "AWS SDK",
+    "Maven",
+    "Cucumber",
+    "JUnit",
+    "JaCoCo"
+  ],
+
+  "fileExtensions": [
+    ".java",
+    ".xml",
+    ".yml",
+    ".yaml"
+  ],
+
+  "focusAreas": [
+    "REST API design and best practices",
+    "JPA entities and repositories",
+    "Service layer patterns",
+    "Security vulnerabilities (OWASP Top 10)",
+    "SQL injection prevention",
+    "Performance (threads, async operations)",
+    "Transaction management",
+    "DTO mappings",
+    "Test coverage"
+  ],
+
+  "templates": {
+    "analysis": "ANALYSIS_PROMPT.md",
+    "guidelines": "PRE_COMMIT_GUIDELINES.md",
+    "commitMessage": "../shared/COMMIT_MESSAGE.md",
+    "analyzeDiff": "../shared/ANALYZE_DIFF.md",
+    "resolution": "../shared/RESOLUTION_PROMPT.md"
+  }
+}

package/templates/presets/database/ANALYSIS_PROMPT.md

@@ -0,0 +1,114 @@
+You are analyzing a **{{PRESET_NAME}}** project with the following technology stack:
+
+**Tech Stack:** {{TECH_STACK}}
+
+**Analyzing files matching:** {{FILE_EXTENSIONS}}
+
+## Your Task
+
+Perform a comprehensive database code quality analysis focusing on these areas:
+
+{{FOCUS_AREAS}}
+
+## Analysis Guidelines
+
+1. **Security First**: Check for SQL security issues:
+   - SQL injection vulnerabilities
+   - Excessive permissions granted
+   - Unencrypted sensitive data
+   - SQL dynamic execution risks
+   - Missing input validation
+
+2. **Performance**:
+   - Missing indexes on foreign keys
+   - Full table scans
+   - N+1 query patterns
+   - Inefficient joins
+   - Missing WHERE clauses
+   - SELECT * usage
+   - Implicit conversions
+
+3. **Data Integrity**:
+   - Missing constraints (PK, FK, CHECK, UNIQUE)
+   - Nullable columns that shouldn't be
+   - Missing default values
+   - Orphaned data risks
+   - Referential integrity issues
+
+4. **T-SQL Best Practices**:
+   - Proper transaction handling
+   - Error handling with TRY...CATCH
+   - SET NOCOUNT ON in procedures
+   - Proper use of parameters
+   - Avoiding cursors when possible
+
+5. **Maintainability**:
+   - Code clarity and comments
+   - Consistent naming conventions
+   - Proper formatting
+   - Avoiding magic numbers
+   - Version control for schema changes
+
+## Common Database Anti-Patterns to Check
+
+❌ **No WHERE clause on UPDATE/DELETE** (dangerous!)
+❌ **Missing indexes on foreign keys**
+❌ **Using SELECT \*** in production code
+❌ **No error handling in stored procedures**
+❌ **Implicit conversions** (kills index usage)
+❌ **Cursors for set-based operations**
+❌ **Dynamic SQL without parameterization**
+❌ **Missing transaction handling**
+❌ **No constraints** (relying on app logic only)
+❌ **Excessive permissions** (granting db_owner)
+
+## Output Format
+
+Respond with a valid JSON following the SonarQube format:
+
+```json
+{
+  "QUALITY_GATE": "PASSED|FAILED",
+  "approved": true|false,
+  "metrics": {
+    "reliability": "A|B|C|D|E",
+    "security": "A|B|C|D|E",
+    "maintainability": "A|B|C|D|E",
+    "coverage": 0-100,
+    "duplications": 0-100,
+    "complexity": "number"
+  },
+  "issues": {
+    "blocker": 0,
+    "critical": 0,
+    "major": 0,
+    "minor": 0,
+    "info": 0
+  },
+  "details": [
+    {
+      "severity": "BLOCKER|CRITICAL|MAJOR|MINOR|INFO",
+      "type": "BUG|VULNERABILITY|CODE_SMELL|PERFORMANCE",
+      "file": "path/to/file.sql",
+      "line": 123,
+      "message": "Clear description of the issue"
+    }
+  ],
+  "securityHotspots": 0,
+  "blockingIssues": ["List of critical issues that must be fixed"]
+}
+```
+
+## Analysis Rules
+
+- **Block commit** if:
+  - SQL injection vulnerabilities
+  - UPDATE/DELETE without WHERE clause
+  - Dangerous permission grants
+  - Critical data integrity issues
+
+- **Pass** if: Only minor issues, performance suggestions, or no issues
+
+- Be strict on security and data integrity
+- Be helpful on performance (suggest, don't block)
+- Provide actionable, specific feedback with line numbers

package/templates/presets/database/PRE_COMMIT_GUIDELINES.md

@@ -0,0 +1,143 @@
+# Database Code Quality Guidelines
+
+## SQL Server Best Practices
+
+### Schema Design
+✅ Use appropriate data types (avoid VARCHAR(MAX) unless needed)
+✅ Define primary keys on all tables
+✅ Define foreign keys for relationships
+✅ Add CHECK constraints for data validation
+✅ Use NOT NULL where appropriate
+✅ Add default values where sensible
+
+### Indexes
+✅ Index all foreign key columns
+✅ Index columns used in WHERE, JOIN, ORDER BY
+✅ Consider covering indexes for frequent queries
+✅ Don't over-index (impacts INSERT/UPDATE performance)
+✅ Use include columns for covering indexes
+✅ Monitor index fragmentation
+
+### Query Performance
+✅ Avoid SELECT * (specify columns)
+✅ Use proper JOIN types (INNER, LEFT, etc.)
+✅ Include WHERE clauses to limit results
+✅ Use appropriate indexes
+✅ Avoid functions on indexed columns in WHERE
+✅ Use EXISTS instead of IN for subqueries
+✅ Implement pagination for large result sets
+
+### Stored Procedures
+✅ Start with SET NOCOUNT ON
+✅ Use TRY...CATCH for error handling
+✅ Use parameters (prevent SQL injection)
+✅ Return meaningful error codes/messages
+✅ Use transactions for multi-step operations
+✅ Comment complex logic
+
+### Transactions
+✅ Keep transactions short
+✅ Handle errors properly (ROLLBACK on error)
+✅ Use appropriate isolation level
+✅ Don't hold locks longer than needed
+✅ Commit or rollback all transactions
+
+### Security
+✅ Use parameterized queries (no string concatenation)
+✅ Grant minimum necessary permissions
+✅ Encrypt sensitive data at rest
+✅ Use schemas to organize objects
+✅ Avoid dynamic SQL when possible
+✅ If using dynamic SQL, use sp_executesql with parameters
+
+## Common Issues to Avoid
+
+### Critical Issues (BLOCKER)
+❌ UPDATE/DELETE without WHERE clause
+❌ SQL injection vulnerabilities
+❌ Granting excessive permissions (db_owner, sysadmin)
+❌ No transaction handling for multi-step operations
+
+### Performance Issues (MAJOR)
+❌ SELECT * in production code
+❌ Missing indexes on foreign keys
+❌ Functions on indexed columns in WHERE
+❌ Implicit conversions
+❌ Cursors for set-based operations
+❌ Missing WHERE clause causing full table scan
+
+### Data Integrity Issues (CRITICAL)
+❌ Missing foreign key constraints
+❌ Missing primary keys
+❌ No CHECK constraints for validation
+❌ Nullable columns that shouldn't be
+❌ No default values where needed
+
+### Code Quality Issues (MINOR)
+❌ No error handling
+❌ Unclear variable names
+❌ Missing comments on complex logic
+❌ Inconsistent formatting
+❌ Magic numbers without explanation
+
+## T-SQL Specific
+
+### Error Handling
+```sql
+BEGIN TRY
+    BEGIN TRANSACTION;
+
+    -- Your operations here
+
+    COMMIT TRANSACTION;
+END TRY
+BEGIN CATCH
+    IF @@TRANCOUNT > 0
+        ROLLBACK TRANSACTION;
+
+    -- Log error or re-throw
+    THROW;
+END CATCH;
+```
+
+### Parameterization
+```sql
+-- ✅ Good (parameterized)
+EXEC sp_executesql
+    N'SELECT * FROM Users WHERE UserId = @UserId',
+    N'@UserId INT',
+    @UserId = @InputUserId;
+
+-- ❌ Bad (SQL injection risk)
+EXEC('SELECT * FROM Users WHERE UserId = ' + @InputUserId);
+```
+
+### Index Usage
+```sql
+-- ❌ Bad (function prevents index usage)
+SELECT * FROM Users WHERE YEAR(CreatedDate) = 2024;
+
+-- ✅ Good (can use index)
+SELECT * FROM Users
+WHERE CreatedDate >= '2024-01-01'
+  AND CreatedDate < '2025-01-01';
+```
+
+## Migration Scripts
+
+✅ Include rollback script
+✅ Make scripts idempotent when possible
+✅ Check for existence before CREATE/ALTER
+✅ Use transactions
+✅ Test on non-production first
+✅ Document breaking changes
+✅ Version your scripts
+
+## Testing
+
+- Test with realistic data volumes
+- Test edge cases (NULL, empty strings, etc.)
+- Test concurrent access
+- Verify indexes are being used (execution plan)
+- Test rollback scenarios
+- Verify constraints work as expected

package/templates/presets/database/config.json

@@ -0,0 +1,12 @@
+{
+  "analysis": {
+    "maxFileSize": 150000,
+    "maxFiles": 8,
+    "timeout": 120000
+  },
+  "subagents": {
+    "enabled": false,
+    "model": "sonnet",
+    "batchSize": 2
+  }
+}

package/templates/presets/database/preset.json

@@ -0,0 +1,38 @@
+{
+  "name": "database",
+  "displayName": "Database (SQL Server)",
+  "description": "SQL Server database scripts and migrations",
+  "version": "1.0.0",
+
+  "techStack": [
+    "SQL Server",
+    "T-SQL",
+    "Stored Procedures",
+    "Views",
+    "Triggers",
+    "Indexes"
+  ],
+
+  "fileExtensions": [
+    ".sql"
+  ],
+
+  "focusAreas": [
+    "SQL injection prevention",
+    "Query performance and optimization",
+    "Index usage and design",
+    "Transaction management",
+    "Proper use of constraints",
+    "Data integrity",
+    "Security and permissions",
+    "Avoiding common anti-patterns"
+  ],
+
+  "templates": {
+    "analysis": "ANALYSIS_PROMPT.md",
+    "guidelines": "PRE_COMMIT_GUIDELINES.md",
+    "commitMessage": "../shared/COMMIT_MESSAGE.md",
+    "analyzeDiff": "../shared/ANALYZE_DIFF.md",
+    "resolution": "../shared/RESOLUTION_PROMPT.md"
+  }
+}

package/templates/presets/default/config.json

@@ -0,0 +1,12 @@
+{
+  "analysis": {
+    "maxFileSize": 100000,
+    "maxFiles": 10,
+    "timeout": 120000
+  },
+  "subagents": {
+    "enabled": false,
+    "model": "sonnet",
+    "batchSize": 3
+  }
+}

package/templates/presets/default/preset.json

@@ -0,0 +1,53 @@
+{
+  "name": "default",
+  "displayName": "Default (General-purpose)",
+  "description": "General scripting and development",
+  "version": "1.0.0",
+
+  "techStack": [
+    "General scripting",
+    "JavaScript",
+    "Python",
+    "Bash",
+    "Ruby",
+    "Perl",
+    "PowerShell",
+    "SQL",
+    "YAML",
+    "JSON",
+    "XML"
+  ],
+
+  "fileExtensions": [
+    ".js",
+    ".sh",
+    ".bash",
+    ".py",
+    ".rb",
+    ".pl",
+    ".ps1",
+    ".sql",
+    ".yaml",
+    ".yml",
+    ".json",
+    ".xml",
+    ".md"
+  ],
+
+  "focusAreas": [
+    "Code quality basics",
+    "Security fundamentals (input validation, escaping)",
+    "Performance best practices",
+    "Maintainability",
+    "Error handling",
+    "Documentation"
+  ],
+
+  "templates": {
+    "analysis": "../shared/ANALYSIS_PROMPT.md",
+    "guidelines": "../shared/PRE_COMMIT_GUIDELINES.md",
+    "commitMessage": "../shared/COMMIT_MESSAGE.md",
+    "analyzeDiff": "../shared/ANALYZE_DIFF.md",
+    "resolution": "../shared/RESOLUTION_PROMPT.md"
+  }
+}

package/templates/presets/frontend/ANALYSIS_PROMPT.md

@@ -0,0 +1,99 @@
+You are analyzing a **{{PRESET_NAME}}** project with the following technology stack:
+
+**Tech Stack:** {{TECH_STACK}}
+
+**Analyzing files matching:** {{FILE_EXTENSIONS}}
+
+## Your Task
+
+Perform a comprehensive code quality analysis focusing on these areas:
+
+{{FOCUS_AREAS}}
+
+## Analysis Guidelines
+
+1. **Security First**: Check for frontend security issues:
+   - XSS vulnerabilities (dangerouslySetInnerHTML)
+   - Exposed API keys or secrets
+   - Insecure authentication token handling
+   - CSRF vulnerabilities
+   - Unvalidated redirects
+
+2. **React Best Practices**:
+   - Proper use of hooks (useState, useEffect, useCallback, useMemo)
+   - Avoiding unnecessary re-renders
+   - Proper dependency arrays in useEffect
+   - Component composition over inheritance
+   - Proper prop types or TypeScript types
+
+3. **State Management**:
+   - Redux patterns and anti-patterns
+   - Proper use of Redux Saga
+   - Immutable state updates
+   - Avoid prop drilling
+   - Local vs global state decisions
+
+4. **Performance**:
+   - Unnecessary re-renders
+   - Missing React.memo or useMemo
+   - Large bundle sizes
+   - Unoptimized images
+   - Memory leaks (cleanup in useEffect)
+
+5. **Accessibility**:
+   - Semantic HTML
+   - ARIA labels where needed
+   - Keyboard navigation
+   - Screen reader support
+   - Color contrast
+
+6. **Code Quality**:
+   - Component reusability
+   - DRY violations
+   - Proper error handling
+   - Console errors/warnings
+   - Test coverage
+
+## Output Format
+
+Respond with a valid JSON following the SonarQube format:
+
+```json
+{
+  "QUALITY_GATE": "PASSED|FAILED",
+  "approved": true|false,
+  "metrics": {
+    "reliability": "A|B|C|D|E",
+    "security": "A|B|C|D|E",
+    "maintainability": "A|B|C|D|E",
+    "coverage": 0-100,
+    "duplications": 0-100,
+    "complexity": "number"
+  },
+  "issues": {
+    "blocker": 0,
+    "critical": 0,
+    "major": 0,
+    "minor": 0,
+    "info": 0
+  },
+  "details": [
+    {
+      "severity": "BLOCKER|CRITICAL|MAJOR|MINOR|INFO",
+      "type": "BUG|VULNERABILITY|CODE_SMELL",
+      "file": "path/to/file.jsx",
+      "line": 123,
+      "message": "Clear description of the issue"
+    }
+  ],
+  "securityHotspots": 0,
+  "blockingIssues": ["List of critical issues that must be fixed"]
+}
+```
+
+## Analysis Rules
+
+- **Block commit** if: Security vulnerabilities (XSS, exposed secrets), critical bugs, or accessibility blockers
+- **Pass** if: Only minor issues, info messages, or no issues
+- Be strict but fair - focus on real problems, not style preferences
+- Provide actionable, specific feedback with line numbers

package/templates/presets/frontend/PRE_COMMIT_GUIDELINES.md

@@ -0,0 +1,95 @@
+# Frontend Code Quality Guidelines
+
+## React Standards
+
+### Components
+- Use functional components with hooks
+- Keep components small and focused (< 200 lines)
+- Extract reusable logic into custom hooks
+- Use proper prop types or TypeScript
+- Avoid deep nesting (max 3-4 levels)
+
+### Hooks
+- Follow Rules of Hooks (top level, not in loops/conditions)
+- Provide complete dependency arrays in useEffect
+- Use useCallback for functions passed to child components
+- Use useMemo for expensive calculations
+- Clean up effects (return cleanup function)
+
+### State Management
+- Keep state as local as possible
+- Use Redux only for truly global state
+- Follow Redux best practices (immutable updates)
+- Use Redux Saga for side effects
+- Normalize state shape
+
+### Performance
+- Use React.memo for expensive components
+- Lazy load routes and heavy components
+- Optimize images and assets
+- Avoid inline function definitions in JSX
+- Use virtualization for long lists
+
+## Security Requirements
+
+### XSS Prevention
+- Never use `dangerouslySetInnerHTML` without sanitization
+- Validate and sanitize user input
+- Be careful with URL parameters
+- Escape user-generated content
+
+### Authentication
+- Store tokens securely (httpOnly cookies preferred)
+- Never log sensitive data
+- Implement proper session timeout
+- Clear sensitive data on logout
+
+### API Security
+- Never expose API keys in client code
+- Use environment variables for configuration
+- Validate API responses
+- Handle errors without exposing internals
+
+## Accessibility (a11y)
+
+### Must Have
+- Semantic HTML elements
+- Alt text for images
+- ARIA labels for icons and buttons
+- Keyboard navigation support
+- Focus management
+
+### Forms
+- Label all inputs properly
+- Show validation errors clearly
+- Support keyboard navigation
+- Provide helpful error messages
+
+## Common Issues to Avoid
+
+❌ Missing dependency arrays in useEffect
+❌ Using dangerouslySetInnerHTML
+❌ Exposed API keys or secrets
+❌ Missing error boundaries
+❌ Unnecessary re-renders
+❌ Memory leaks (missing cleanup)
+❌ Ignoring console warnings
+❌ Poor accessibility
+❌ Missing loading/error states
+❌ Not handling async errors
+
+## Testing
+
+- Write tests for complex components
+- Test user interactions
+- Test error scenarios
+- Mock API calls
+- Aim for 70%+ coverage on new code
+
+## Styling
+
+- Use consistent naming (BEM, CSS modules, or styled-components)
+- Avoid inline styles except for dynamic values
+- Ensure responsive design
+- Check color contrast ratios
+- Use CSS variables for theming

package/templates/presets/frontend/config.json

@@ -0,0 +1,12 @@
+{
+  "analysis": {
+    "maxFileSize": 100000,
+    "maxFiles": 10,
+    "timeout": 120000
+  },
+  "subagents": {
+    "enabled": true,
+    "model": "sonnet",
+    "batchSize": 3
+  }
+}

package/templates/presets/frontend/preset.json

@@ -0,0 +1,50 @@
+{
+  "name": "frontend",
+  "displayName": "Frontend (React + Material-UI)",
+  "description": "React frontend with Material-UI, Redux, React Hook Form",
+  "version": "1.0.0",
+
+  "techStack": [
+    "React 18+",
+    "React Router 6+",
+    "Material-UI v5",
+    "Semantic UI",
+    "Redux",
+    "Redux Saga",
+    "React Hook Form",
+    "Highcharts",
+    "Axios",
+    "Jest",
+    "Testing Library"
+  ],
+
+  "fileExtensions": [
+    ".js",
+    ".jsx",
+    ".ts",
+    ".tsx",
+    ".css",
+    ".scss",
+    ".html"
+  ],
+
+  "focusAreas": [
+    "Component design and reusability",
+    "React hooks best practices",
+    "State management patterns",
+    "Performance optimization (memoization, lazy loading)",
+    "XSS prevention and input sanitization",
+    "Accessibility (a11y)",
+    "Responsive design",
+    "Error boundaries and error handling",
+    "Test coverage"
+  ],
+
+  "templates": {
+    "analysis": "ANALYSIS_PROMPT.md",
+    "guidelines": "PRE_COMMIT_GUIDELINES.md",
+    "commitMessage": "../shared/COMMIT_MESSAGE.md",
+    "analyzeDiff": "../shared/ANALYZE_DIFF.md",
+    "resolution": "../shared/RESOLUTION_PROMPT.md"
+  }
+}