claude-git-hooks 2.4.0 → 2.5.0

package/templates/config.example.json

@@ -1,41 +1,41 @@
-{
-    "preset": "ai",
-    "analysis": {
-        "maxFileSize": 1000000,
-        "maxFiles": 30,
-        "timeout": 180000,
-        "contextLines": 3,
-        "ignoreExtensions": []
-    },
-    "commitMessage": {
-        "autoKeyword": "auto",
-        "timeout": 180000
-    },
-    "subagents": {
-        "enabled": false,
-        "model": "haiku",
-        "batchSize": 1
-    },
-    "templates": {
-        "baseDir": ".claude",
-        "analysis": "CLAUDE_ANALYSIS_PROMPT_SONAR.md",
-        "guidelines": "CLAUDE_PRE_COMMIT_SONAR.md",
-        "commitMessage": "COMMIT_MESSAGE.md",
-        "analyzeDiff": "ANALYZE_DIFF.md",
-        "resolution": "CLAUDE_RESOLUTION_PROMPT.md",
-        "subagentInstruction": "SUBAGENT_INSTRUCTION.md"
-    },
-    "output": {
-        "outputDir": ".claude/out",
-        "debugFile": ".claude/out/debug-claude-response.json",
-        "resolutionFile": ".claude/out/claude_resolution_prompt.md",
-        "prAnalysisFile": ".claude/out/pr-analysis.json"
-    },
-    "system": {
-        "debug": false,
-        "wslCheckTimeout": 3000
-    },
-    "git": {
-        "diffFilter": "ACM"
-    }
-}
+{
+    "preset": "ai",
+    "analysis": {
+        "maxFileSize": 1000000,
+        "maxFiles": 30,
+        "timeout": 180000,
+        "contextLines": 3,
+        "ignoreExtensions": []
+    },
+    "commitMessage": {
+        "autoKeyword": "auto",
+        "timeout": 180000
+    },
+    "subagents": {
+        "enabled": false,
+        "model": "haiku",
+        "batchSize": 1
+    },
+    "templates": {
+        "baseDir": ".claude",
+        "analysis": "CLAUDE_ANALYSIS_PROMPT_SONAR.md",
+        "guidelines": "CLAUDE_PRE_COMMIT_SONAR.md",
+        "commitMessage": "COMMIT_MESSAGE.md",
+        "analyzeDiff": "ANALYZE_DIFF.md",
+        "resolution": "CLAUDE_RESOLUTION_PROMPT.md",
+        "subagentInstruction": "SUBAGENT_INSTRUCTION.md"
+    },
+    "output": {
+        "outputDir": ".claude/out",
+        "debugFile": ".claude/out/debug-claude-response.json",
+        "resolutionFile": ".claude/out/claude_resolution_prompt.md",
+        "prAnalysisFile": ".claude/out/pr-analysis.json"
+    },
+    "system": {
+        "debug": false,
+        "wslCheckTimeout": 3000
+    },
+    "git": {
+        "diffFilter": "ACM"
+    }
+}

package/templates/config.github.example.json

@@ -0,0 +1,51 @@
+{
+    "$schema": "Configuration example for GitHub integration (v2.5.0+)",
+    "_comment": "GitHub PR creation via Octokit - Claude generates metadata, Octokit creates PR deterministically",
+    "github": {
+        "enabled": true,
+        "pr": {
+            "defaultBase": "develop",
+
+            "_comment_reviewers": "Reviewers to add to PRs. Use GitHub usernames (without @). Also auto-detected from CODEOWNERS if exists.",
+            "reviewers": ["teammate1-username", "teammate2-username"],
+
+            "_comment_reviewers_advanced": "For preset-based or conditional reviewers, use arrays keyed by preset name",
+            "reviewers_by_preset": {
+                "backend": ["backend-dev", "tech-lead"],
+                "frontend": ["frontend-dev", "ux-designer"],
+                "fullstack": ["fullstack-dev"]
+            },
+
+            "_comment_reviewerRules": "Pattern-based reviewer assignment. Matches file paths in the PR diff.",
+            "reviewerRules": [
+                {
+                    "pattern": ".*\\.java$",
+                    "reviewers": ["backend-dev"]
+                },
+                {
+                    "pattern": ".*\\.sql$",
+                    "reviewers": ["dba-team"]
+                },
+                {
+                    "pattern": ".*\\.(tsx|jsx)$",
+                    "reviewers": ["frontend-dev"]
+                }
+            ],
+
+            "_comment_labelRules": "Labels added automatically based on active preset. Also detects breaking-change automatically.",
+            "labelRules": {
+                "backend": ["backend", "java", "spring-boot"],
+                "frontend": ["frontend", "react", "typescript"],
+                "fullstack": ["fullstack"],
+                "database": ["database", "sql"],
+                "ai": ["ai", "nodejs", "tooling"],
+                "default": []
+            }
+        }
+    },
+
+    "_usage": "Copy relevant sections to .claude/config.json in your project",
+    "_token_setup": "Run 'claude-hooks setup-github' to configure GitHub token",
+    "_token_location": "Token stored in .claude/settings.local.json (gitignored) or env var GITHUB_TOKEN",
+    "_codeowners": "CODEOWNERS file auto-detected from: CODEOWNERS, .github/CODEOWNERS, docs/CODEOWNERS"
+}

package/templates/presets/ai/PRE_COMMIT_GUIDELINES.md

@@ -3,12 +3,14 @@
 ## Claude API Best Practices
 
 ### Model Selection
+
 ✅ **Haiku**: Simple tasks, fast responses, cost-effective
 ✅ **Sonnet**: Balanced performance, most use cases
 ✅ **Opus**: Complex reasoning, highest quality
 ❌ Don't use Opus when Haiku would suffice
 
 ### API Usage
+
 ✅ Implement proper timeout handling
 ✅ Handle rate limiting gracefully
 ✅ Retry with exponential backoff on failures
@@ -17,6 +19,7 @@
 ✅ Calculate and monitor token usage
 
 ### Error Handling
+
 ```javascript
 // ✅ Good
 try {
@@ -39,6 +42,7 @@ try {
 ## Prompt Engineering
 
 ### Structure
+
 ✅ Clear role/context at the beginning
 ✅ Specific task instructions
 ✅ Well-defined output format (usually JSON)
@@ -46,6 +50,7 @@ try {
 ✅ Appropriate length (token-efficient)
 
 ### Quality Checklist
+
 ✅ Instructions are unambiguous
 ✅ Output format is machine-parseable
 ✅ Context is sufficient but not excessive
@@ -53,6 +58,7 @@ try {
 ✅ Placeholders are replaced correctly
 
 ### Common Prompt Issues
+
 ❌ Vague instructions
 ❌ No output format specification
 ❌ Too much unnecessary context
@@ -62,6 +68,7 @@ try {
 ## CLI User Experience
 
 ### Error Messages
+
 ✅ Clear, actionable error messages
 ✅ Suggest solutions when possible
 ✅ Use appropriate log levels
@@ -69,6 +76,7 @@ try {
 ✅ Include context (what was being attempted)
 
 ### User Feedback
+
 ✅ Show progress for long operations
 ✅ Confirm destructive operations
 ✅ Provide helpful usage information
@@ -78,6 +86,7 @@ try {
 ## Git Operations Safety
 
 ### Safe Practices
+
 ✅ Validate repository state before operations
 ✅ Use `--cached` for staged changes
 ✅ Handle special characters in filenames
@@ -85,6 +94,7 @@ try {
 ✅ Graceful handling of git errors
 
 ### Dangerous Operations
+
 ❌ Never run git commands that modify history without explicit user confirmation
 ❌ Avoid hard resets
 ❌ Be careful with force pushes
@@ -93,6 +103,7 @@ try {
 ## Security
 
 ### API Keys
+
 ✅ Load from environment variables
 ✅ Never log or display API keys
 ✅ Never commit API keys to repository
@@ -100,6 +111,7 @@ try {
 ✅ Clear keys from memory when done
 
 ### Command Injection
+
 ✅ Validate all user input
 ✅ Use parameterized commands when possible
 ✅ Escape special characters
@@ -107,14 +119,15 @@ try {
 ✅ Sanitize file paths
 
 ### Sensitive Data
+
 ✅ Don't send secrets to Claude API
 ✅ Filter sensitive data from diffs
 ✅ Be careful with error messages (don't expose internals)
-✅ Implement SKIP_ANALYSIS for sensitive code
 
 ## Code Organization
 
 ### File Structure
+
 ```
 lib/
   hooks/         # Git hook implementations
@@ -129,6 +142,7 @@ bin/            # CLI entry points
 ```
 
 ### Module Design
+
 ✅ Single responsibility principle
 ✅ Clear, descriptive function names
 ✅ Comprehensive error handling
@@ -138,12 +152,14 @@ bin/            # CLI entry points
 ## Common Issues to Avoid
 
 ### Critical Issues
+
 ❌ Exposed API keys or secrets
 ❌ Command injection vulnerabilities
 ❌ Destructive git operations without confirmation
 ❌ Unhandled promise rejections
 
 ### Major Issues
+
 ❌ Missing error handling
 ❌ Poor user experience (unclear errors)
 ❌ Cross-platform incompatibility
@@ -151,6 +167,7 @@ bin/            # CLI entry points
 ❌ Missing input validation
 
 ### Minor Issues
+
 ❌ Insufficient logging
 ❌ Unclear variable names
 ❌ Missing documentation

package/templates/presets/ai/config.json

@@ -1,12 +1,12 @@
-{
-    "analysis": {
-        "maxFileSize": 1000000,
-        "maxFiles": 10,
-        "timeout": 300000
-    },
-    "subagents": {
-        "enabled": true,
-        "model": "haiku",
-        "batchSize": 3
-    }
-}
+{
+    "analysis": {
+        "maxFileSize": 1000000,
+        "maxFiles": 10,
+        "timeout": 300000
+    },
+    "subagents": {
+        "enabled": true,
+        "model": "haiku",
+        "batchSize": 3
+    }
+}

package/templates/presets/ai/preset.json

@@ -1,42 +1,37 @@
-{
-  "name": "ai",
-  "displayName": "AI/CLI (Node.js + Claude)",
-  "description": "Node.js CLI tools with Claude API integration",
-  "version": "1.0.0",
-
-  "techStack": [
-    "Node.js",
-    "ES Modules",
-    "Claude API",
-    "CLI tools",
-    "Git hooks",
-    "Bash scripting",
-    "Markdown templates"
-  ],
-
-  "fileExtensions": [
-    ".js",
-    ".json",
-    ".md",
-    ".sh"
-  ],
-
-  "focusAreas": [
-    "Claude API usage and best practices",
-    "Prompt engineering quality",
-    "CLI user experience",
-    "Error handling and logging",
-    "Git operations safety",
-    "Cross-platform compatibility",
-    "Token usage optimization",
-    "Security (API keys, secrets)"
-  ],
-
-  "templates": {
-    "analysis": "ANALYSIS_PROMPT.md",
-    "guidelines": "PRE_COMMIT_GUIDELINES.md",
-    "commitMessage": "../shared/COMMIT_MESSAGE.md",
-    "analyzeDiff": "../shared/ANALYZE_DIFF.md",
-    "resolution": "../shared/RESOLUTION_PROMPT.md"
-  }
-}
+{
+    "name": "ai",
+    "displayName": "AI/CLI (Node.js + Claude)",
+    "description": "Node.js CLI tools with Claude API integration",
+    "version": "1.0.0",
+
+    "techStack": [
+        "Node.js",
+        "ES Modules",
+        "Claude API",
+        "CLI tools",
+        "Git hooks",
+        "Bash scripting",
+        "Markdown templates"
+    ],
+
+    "fileExtensions": [".js", ".json", ".md", ".sh"],
+
+    "focusAreas": [
+        "Claude API usage and best practices",
+        "Prompt engineering quality",
+        "CLI user experience",
+        "Error handling and logging",
+        "Git operations safety",
+        "Cross-platform compatibility",
+        "Token usage optimization",
+        "Security (API keys, secrets)"
+    ],
+
+    "templates": {
+        "analysis": "ANALYSIS_PROMPT.md",
+        "guidelines": "PRE_COMMIT_GUIDELINES.md",
+        "commitMessage": "../shared/COMMIT_MESSAGE.md",
+        "analyzeDiff": "../shared/ANALYZE_DIFF.md",
+        "resolution": "../shared/RESOLUTION_PROMPT.md"
+    }
+}

package/templates/presets/backend/ANALYSIS_PROMPT.md

@@ -13,32 +13,35 @@ Perform a comprehensive code quality analysis focusing on these areas:
 ## Analysis Guidelines
 
 1. **Security First**: Check for OWASP Top 10 vulnerabilities, especially:
-   - SQL injection risks
-   - Authentication/authorization flaws
-   - Sensitive data exposure
-   - XML external entities (XXE)
-   - Insecure deserialization
+    - SQL injection risks
+    - Authentication/authorization flaws
+    - Sensitive data exposure
+    - XML external entities (XXE)
+    - Insecure deserialization
 
 2. **Spring Boot Best Practices**:
-   - Proper use of `@Transactional`
-   - Correct exception handling
-   - Appropriate use of DTOs vs Entities
-   - Proper dependency injection
-   - Configuration management
+    - Proper use of `@Transactional`
+    - Correct exception handling
+    - Appropriate use of DTOs vs Entities
+    - Proper dependency injection // Si intelligence -> recomendar @RequiredArgsConstructor || Si Automation -> recomendar @Autowired
+    - Configuration management
 
 3. **JPA/Hibernate**:
-   - N+1 query problems
-   - Lazy loading issues
-   - Proper use of relationships
-   - Query optimization
-   - Transaction boundaries
+    - N+1 query problems
+    - Lazy loading issues
+    - Proper use of relationships
+    - Query optimization
+    - Transaction boundaries
 
 4. **Code Quality**:
-   - SOLID principles
-   - DRY violations
-   - Proper error handling
-   - Logging best practices
-   - Test coverage
+    - SOLID principles
+    - DRY violations
+    - Proper error handling
+    - Logging should be like so
+        - debug: regular flow, operations details
+        - info: important business events
+        - warn: anomalies and manageable errors
+        - error: exceptions and errors
 
 ## Output Format
 
@@ -48,14 +51,6 @@ Respond with a valid JSON following the SonarQube format:
 {
   "QUALITY_GATE": "PASSED|FAILED",
   "approved": true|false,
-  "metrics": {
-    "reliability": "A|B|C|D|E",
-    "security": "A|B|C|D|E",
-    "maintainability": "A|B|C|D|E",
-    "coverage": 0-100,
-    "duplications": 0-100,
-    "complexity": "number"
-  },
   "issues": {
     "blocker": 0,
     "critical": 0,

package/templates/presets/backend/PRE_COMMIT_GUIDELINES.md

@@ -3,45 +3,63 @@
 ## Spring Boot Standards
 
 ### Controllers
-- Use proper HTTP methods and status codes
+
+- Use proper HTTP methods
+- Endpoints should handle entities as substantives
+- Make sure Response Codes include: [200, 201, 204, 400, 401, 403, 404, 409, 422, 500, 503] (if non-compliant classify as BLOCKER)
 - Validate input with `@Valid`
 - Handle exceptions with `@ExceptionHandler`
 - Keep controllers thin - business logic in services
 - Use DTOs for API contracts
 
 ### Services
+
 - Use `@Transactional` appropriately
 - Handle exceptions properly
 - Keep methods focused and small
 - Avoid business logic in controllers or repositories
 
 ### Repositories
+
 - Extend appropriate Spring Data interfaces
 - Use method naming conventions for queries
 - Optimize queries with `@Query` when needed
 - Avoid N+1 problems with `@EntityGraph`
 
 ### Entities
+
 - Use Lombok annotations appropriately
 - Define proper relationships (`@OneToMany`, `@ManyToOne`, etc.)
 - Use `@Version` for optimistic locking
 - Never expose entities in API - use DTOs
 
+### Mappers
+
+- Use Mapstruct for all mapping (If non-compliant, classify as MINOR)
+- Mappers should not have logic (If non-compliant, classify as MAJOR)
+
+### Logging
+
+- Recommend @Slf4j annotation in Lombok (If non-compliant, classify as MINOR)
+
 ## Security Requirements
 
 ### Authentication & Authorization
+
 - Never hardcode credentials
 - Use Spring Security properly
 - Validate JWT tokens correctly
 - Check permissions before operations
 
 ### Data Validation
+
 - Validate all user input
 - Use parameterized queries (JPA does this by default)
 - Sanitize data before logging
 - Never trust client-side validation alone
 
 ### SQL Injection Prevention
+
 - Always use JPA/JPQL or prepared statements
 - Never concatenate SQL strings
 - Be careful with native queries
@@ -50,35 +68,55 @@
 ## Performance
 
 ### Database
+
 - Use pagination for large result sets
 - Optimize queries with proper indexes
 - Avoid loading unnecessary data
 - Use projections when you don't need full entities
 
 ### Threading
+
 - Be careful with `@Async` methods
 - Use proper thread pool configuration
 - Avoid blocking operations in async methods
 - Handle exceptions in async methods
 
 ### Caching
+
 - Use `@Cacheable` appropriately
 - Clear caches when data changes
 - Don't cache sensitive data without encryption
 
 ## Testing
 
-- Write unit tests for business logic
+### Unit Tests
+
+- Unit tests should use exclusively JUnit 5, and specific annotations @SpringBootTest, @MockBean, @Test
 - Use `@DataJpaTest` for repository tests
 - Use `@WebMvcTest` for controller tests
 - Mock external dependencies
 - Aim for 80%+ coverage on new code
 
+### Integration Tests
+
+- Use `@SpringBootTest` with real application context
+- Test complete request-response flows
+- Verify database transactions and rollbacks
+- Test API endpoint integration with all layers
+- Use `@Transactional` with `@Rollback` for test data cleanup
+
+### Security Tests
+
+- Test authentication and authorization scenarios
+- Verify access control for protected endpoints
+- Test with invalid/expired tokens
+- Validate input sanitization and XSS prevention
+- Test SQL injection prevention with malicious input
+
 ## Common Issues to Avoid
 
 ❌ Returning entities from controllers
 ❌ Missing `@Transactional` on write operations
-❌ N+1 query problems
 ❌ Hardcoded secrets or credentials
 ❌ Catching and ignoring exceptions
 ❌ Missing input validation

package/templates/presets/backend/config.json

@@ -1,12 +1,12 @@
-{
-    "analysis": {
-        "maxFileSize": 1000000,
-        "maxFiles": 10,
-        "timeout": 300000
-    },
-    "subagents": {
-        "enabled": true,
-        "model": "haiku",
-        "batchSize": 3
-    }
-}
+{
+    "analysis": {
+        "maxFileSize": 1000000,
+        "maxFiles": 10,
+        "timeout": 300000
+    },
+    "subagents": {
+        "enabled": true,
+        "model": "haiku",
+        "batchSize": 3
+    }
+}

package/templates/presets/database/config.json

@@ -1,12 +1,12 @@
-{
-    "analysis": {
-        "maxFileSize": 1000000,
-        "maxFiles": 8,
-        "timeout": 300000
-    },
-    "subagents": {
-        "enabled": true,
-        "model": "haiku",
-        "batchSize": 2
-    }
-}
+{
+    "analysis": {
+        "maxFileSize": 1000000,
+        "maxFiles": 8,
+        "timeout": 300000
+    },
+    "subagents": {
+        "enabled": true,
+        "model": "haiku",
+        "batchSize": 2
+    }
+}

package/templates/presets/default/config.json

@@ -1,12 +1,12 @@
-{
-    "analysis": {
-        "maxFileSize": 1000000,
-        "maxFiles": 10,
-        "timeout": 300000
-    },
-    "subagents": {
-        "enabled": true,
-        "model": "haiku",
-        "batchSize": 3
-    }
-}
+{
+    "analysis": {
+        "maxFileSize": 1000000,
+        "maxFiles": 10,
+        "timeout": 300000
+    },
+    "subagents": {
+        "enabled": true,
+        "model": "haiku",
+        "batchSize": 3
+    }
+}

package/templates/presets/frontend/config.json

@@ -1,12 +1,12 @@
-{
-    "analysis": {
-        "maxFileSize": 1000000,
-        "maxFiles": 10,
-        "timeout": 300000
-    },
-    "subagents": {
-        "enabled": true,
-        "model": "haiku",
-        "batchSize": 3
-    }
-}
+{
+    "analysis": {
+        "maxFileSize": 1000000,
+        "maxFiles": 10,
+        "timeout": 300000
+    },
+    "subagents": {
+        "enabled": true,
+        "model": "haiku",
+        "batchSize": 3
+    }
+}