sequant 1.0.0

package/templates/hooks/post-tool.sh

@@ -0,0 +1,301 @@
+#!/bin/bash
+# Post-tool hook for Claude Code
+# - Timing instrumentation (END timestamp to pair with pre-tool START)
+# - Auto-formatting for code quality
+# - Quality observability (test/build failures, SQL queries)
+# - Smart test running (P3): Runs related tests after file edits (opt-in)
+# - Webhook notifications (P3): Notifies on issue close (opt-in)
+# Runs AFTER each tool completes
+
+# === ROLLBACK MECHANISM ===
+# Set CLAUDE_HOOKS_DISABLED=true to bypass all hook logic
+if [[ "${CLAUDE_HOOKS_DISABLED:-}" == "true" ]]; then
+    exit 0
+fi
+
+# === READ INPUT FROM STDIN ===
+# Claude Code passes tool data as JSON via stdin, not environment variables
+INPUT_JSON=$(cat)
+
+# Parse JSON using jq (preferred) or fallback to grep
+if command -v jq &>/dev/null; then
+    TOOL_NAME=$(echo "$INPUT_JSON" | jq -r '.tool_name // empty')
+    # For Bash tool, extract .command from tool_input; for others, stringify the whole object
+    if [[ "$(echo "$INPUT_JSON" | jq -r '.tool_name // empty')" == "Bash" ]]; then
+        TOOL_INPUT=$(echo "$INPUT_JSON" | jq -r '.tool_input.command // empty')
+    else
+        TOOL_INPUT=$(echo "$INPUT_JSON" | jq -r '.tool_input | tostring // empty')
+    fi
+    TOOL_OUTPUT=$(echo "$INPUT_JSON" | jq -r '.tool_response | tostring // empty')
+else
+    TOOL_NAME=$(echo "$INPUT_JSON" | grep -oE '"tool_name"\s*:\s*"[^"]+"' | head -1 | cut -d'"' -f4)
+    # For Bash tool, extract command from tool_input; for others, extract the whole object
+    if [[ "$TOOL_NAME" == "Bash" ]]; then
+        TOOL_INPUT=$(echo "$INPUT_JSON" | grep -oE '"command"\s*:\s*"[^"]+"' | head -1 | cut -d'"' -f4)
+    else
+        TOOL_INPUT=$(echo "$INPUT_JSON" | grep -oE '"tool_input"\s*:\s*\{[^}]+\}' | head -1)
+    fi
+    TOOL_OUTPUT=$(echo "$INPUT_JSON" | grep -oE '"tool_response"\s*:\s*\{[^}]+\}' | head -1)
+fi
+
+TIMING_LOG="/tmp/claude-timing.log"
+QUALITY_LOG="/tmp/claude-quality.log"
+TESTS_LOG="/tmp/claude-tests.log"
+PARALLEL_MARKER_PREFIX="/tmp/claude-parallel-"
+
+# === AGENT ID DETECTION ===
+# For parallel agents, detect group ID from marker files
+# Format: /tmp/claude-parallel-<group-id>.marker
+AGENT_ID=""
+IS_PARALLEL_AGENT="false"
+for marker in "${PARALLEL_MARKER_PREFIX}"*.marker; do
+    if [[ -f "$marker" ]]; then
+        # Extract group ID from marker filename
+        AGENT_ID=$(basename "$marker" | sed 's/claude-parallel-//' | sed 's/\.marker//')
+        IS_PARALLEL_AGENT="true"
+        break
+    fi
+done
+
+# === TIMING END ===
+# Include agent ID in log format if available (AC-4)
+if [[ -n "$AGENT_ID" ]]; then
+    echo "$(date +%s.%N) [$AGENT_ID] END $TOOL_NAME" >> "$TIMING_LOG"
+else
+    echo "$(date +%s.%N) END $TOOL_NAME" >> "$TIMING_LOG"
+fi
+
+# === LOG ROTATION FOR QUALITY LOG ===
+# Rotate if over 1000 lines to prevent unbounded growth
+if [[ -f "$QUALITY_LOG" ]]; then
+    LINE_COUNT=$(wc -l < "$QUALITY_LOG" 2>/dev/null || echo 0)
+    if [[ "$LINE_COUNT" -gt 1000 ]]; then
+        tail -500 "$QUALITY_LOG" > "${QUALITY_LOG}.tmp" && mv "${QUALITY_LOG}.tmp" "$QUALITY_LOG"
+    fi
+fi
+
+# === LOG ROTATION FOR TESTS LOG ===
+if [[ -f "$TESTS_LOG" ]]; then
+    LINE_COUNT=$(wc -l < "$TESTS_LOG" 2>/dev/null || echo 0)
+    if [[ "$LINE_COUNT" -gt 1000 ]]; then
+        tail -500 "$TESTS_LOG" > "${TESTS_LOG}.tmp" && mv "${TESTS_LOG}.tmp" "$TESTS_LOG"
+    fi
+fi
+
+# === JSON PARSING HELPER ===
+# Try jq first for reliable JSON parsing, fall back to grep for simpler systems
+extract_file_path() {
+    local input="$1"
+    local path=""
+
+    if command -v jq &>/dev/null; then
+        path=$(echo "$input" | jq -r '.file_path // empty' 2>/dev/null)
+    fi
+
+    # Fallback to grep if jq fails or isn't available
+    if [[ -z "$path" ]]; then
+        path=$(echo "$input" | grep -oE '"file_path"\s*:\s*"[^"]+"' | head -1 | cut -d'"' -f4)
+    fi
+
+    echo "$path"
+}
+
+# === SECURITY WARNING LOGGING (AC-3 for Issue #492) ===
+# Log warnings (don't block) for dangerous patterns in edited/written files
+# These are not blocking because there may be legitimate uses, but should be reviewed
+check_security_patterns() {
+    local content="$1"
+    local file_path="$2"
+    local warnings=()
+
+    # dangerouslyDisableSandbox usage (Bash tool security bypass)
+    if echo "$content" | grep -qE 'dangerouslyDisableSandbox.*true'; then
+        warnings+=("dangerouslyDisableSandbox=true (Bash security bypass)")
+    fi
+
+    # eval() usage (dynamic code execution - XSS/injection risk)
+    if echo "$content" | grep -qE '\beval\s*\('; then
+        warnings+=("eval() usage (dynamic code execution)")
+    fi
+
+    # innerHTML assignment (XSS vulnerability without sanitization)
+    if echo "$content" | grep -qE '\.innerHTML\s*='; then
+        warnings+=("innerHTML assignment (potential XSS)")
+    fi
+
+    # SQL string concatenation (SQL injection risk)
+    # Look for patterns like: query + variable or `SELECT ... ${variable}`
+    if echo "$content" | grep -qE "(query|sql|SQL)\s*\+\s*|query\s*=.*\\\$\{"; then
+        warnings+=("SQL string concatenation (potential injection)")
+    fi
+
+    # Log any warnings found
+    for warning in "${warnings[@]}"; do
+        echo "$(date +%H:%M:%S) SECURITY_WARNING: $warning in $file_path" >> "$QUALITY_LOG"
+    done
+}
+
+if [[ "${CLAUDE_HOOKS_SECURITY:-true}" != "false" ]]; then
+    if [[ "$TOOL_NAME" == "Edit" || "$TOOL_NAME" == "Write" ]]; then
+        FILE_PATH=$(extract_file_path "$TOOL_INPUT")
+
+        if [[ -n "$FILE_PATH" && -f "$FILE_PATH" ]]; then
+            # Only check TypeScript/JavaScript files for security patterns
+            if [[ "$FILE_PATH" =~ \.(ts|tsx|js|jsx)$ ]]; then
+                FILE_CONTENT=$(cat "$FILE_PATH" 2>/dev/null || true)
+                if [[ -n "$FILE_CONTENT" ]]; then
+                    check_security_patterns "$FILE_CONTENT" "$FILE_PATH"
+                fi
+            fi
+        fi
+    fi
+fi
+
+# === AUTO-FORMAT ON FILE WRITE ===
+# Skip auto-formatting for parallel agents (AC-5)
+# Parent agent will format after the parallel group completes
+if [[ "$IS_PARALLEL_AGENT" == "true" ]]; then
+    # Log that formatting was skipped for parallel agent
+    if [[ "$TOOL_NAME" == "Edit" || "$TOOL_NAME" == "Write" ]]; then
+        FILE_PATH=$(extract_file_path "$TOOL_INPUT")
+        if [[ -n "$FILE_PATH" ]]; then
+            echo "$(date +%H:%M:%S) SKIP_FORMAT (parallel): $FILE_PATH" >> "$QUALITY_LOG"
+        fi
+    fi
+elif [[ "$TOOL_NAME" == "Edit" || "$TOOL_NAME" == "Write" ]]; then
+    FILE_PATH=$(extract_file_path "$TOOL_INPUT")
+
+    if [[ -n "$FILE_PATH" && -f "$FILE_PATH" ]]; then
+        # Auto-format TypeScript/JavaScript files (synchronous to avoid race conditions)
+        if [[ "$FILE_PATH" =~ \.(ts|tsx|js|jsx)$ ]]; then
+            if npx prettier --write "$FILE_PATH" 2>/dev/null; then
+                echo "$(date +%H:%M:%S) FORMATTED: $FILE_PATH" >> "$QUALITY_LOG"
+            fi
+        fi
+
+        # Auto-format JSON files (synchronous)
+        if [[ "$FILE_PATH" =~ \.json$ ]]; then
+            npx prettier --write "$FILE_PATH" 2>/dev/null
+        fi
+    fi
+fi
+
+# === LOG SUPABASE QUERIES ===
+if [[ "$TOOL_NAME" == "mcp__supabase__execute_sql" ]]; then
+    # Extract SQL query with jq or fallback
+    if command -v jq &>/dev/null; then
+        QUERY=$(echo "$TOOL_INPUT" | jq -r '.query // empty' 2>/dev/null | head -c 200)
+    else
+        QUERY=$(echo "$TOOL_INPUT" | head -c 200)
+    fi
+    echo "$(date +%H:%M:%S) SQL: $QUERY" >> "$QUALITY_LOG"
+fi
+
+# === TRACK GIT OPERATIONS ===
+if [[ "$TOOL_NAME" == "Bash" ]]; then
+    if echo "$TOOL_INPUT" | grep -qE 'git (commit|push|pr create)'; then
+        # Truncate long git commands for readability
+        GIT_CMD=$(echo "$TOOL_INPUT" | head -c 200)
+        echo "$(date +%H:%M:%S) GIT: $GIT_CMD" >> "$QUALITY_LOG"
+    fi
+fi
+
+# === DETECT TEST FAILURES ===
+if [[ "$TOOL_NAME" == "Bash" ]] && echo "$TOOL_INPUT" | grep -qE 'npm (test|run test)'; then
+    if echo "$TOOL_OUTPUT" | grep -qE '(FAIL|failed|Error:)'; then
+        echo "$(date +%H:%M:%S) TEST_FAILURE detected" >> "$QUALITY_LOG"
+    fi
+fi
+
+# === DETECT BUILD FAILURES ===
+if [[ "$TOOL_NAME" == "Bash" ]] && echo "$TOOL_INPUT" | grep -qE 'npm run build'; then
+    if echo "$TOOL_OUTPUT" | grep -qE '(error TS|Build failed|Error:)'; then
+        echo "$(date +%H:%M:%S) BUILD_FAILURE detected" >> "$QUALITY_LOG"
+    fi
+fi
+
+# === SMART TEST RUNNING (P3) ===
+# Opt-in: Set CLAUDE_HOOKS_SMART_TESTS=true to enable
+# Runs related tests asynchronously after file edits
+if [[ "${CLAUDE_HOOKS_SMART_TESTS:-}" == "true" ]]; then
+    if [[ "$TOOL_NAME" == "Edit" || "$TOOL_NAME" == "Write" ]]; then
+        FILE_PATH=$(extract_file_path "$TOOL_INPUT")
+
+        if [[ -n "$FILE_PATH" && "$FILE_PATH" =~ \.(ts|tsx)$ ]]; then
+            # Extract filename without extension (use -E for macOS sed compatibility)
+            FILENAME=$(basename "$FILE_PATH" | sed -E 's/\.(ts|tsx)$//')
+
+            # Find related test file in __tests__/ directory
+            # This project uses centralized tests, not co-located
+            PROJECT_ROOT="${FILE_PATH%%/lib/*}"
+            if [[ "$PROJECT_ROOT" == "$FILE_PATH" ]]; then
+                PROJECT_ROOT="${FILE_PATH%%/components/*}"
+            fi
+            if [[ "$PROJECT_ROOT" == "$FILE_PATH" ]]; then
+                PROJECT_ROOT="${FILE_PATH%%/app/*}"
+            fi
+
+            # Search for test files matching the source file name
+            TEST_FILE=""
+            if [[ -d "$PROJECT_ROOT/__tests__" ]]; then
+                # Try direct match first
+                if [[ -f "$PROJECT_ROOT/__tests__/${FILENAME}.test.ts" ]]; then
+                    TEST_FILE="$PROJECT_ROOT/__tests__/${FILENAME}.test.ts"
+                elif [[ -f "$PROJECT_ROOT/__tests__/${FILENAME}.test.tsx" ]]; then
+                    TEST_FILE="$PROJECT_ROOT/__tests__/${FILENAME}.test.tsx"
+                # Try integration tests
+                elif [[ -f "$PROJECT_ROOT/__tests__/integration/${FILENAME}.test.ts" ]]; then
+                    TEST_FILE="$PROJECT_ROOT/__tests__/integration/${FILENAME}.test.ts"
+                elif [[ -f "$PROJECT_ROOT/__tests__/integration/${FILENAME}.test.tsx" ]]; then
+                    TEST_FILE="$PROJECT_ROOT/__tests__/integration/${FILENAME}.test.tsx"
+                fi
+            fi
+
+            if [[ -n "$TEST_FILE" && -f "$TEST_FILE" ]]; then
+                echo "$(date +%H:%M:%S) SMART_TEST: Running $TEST_FILE for $FILE_PATH" >> "$TESTS_LOG"
+
+                # Run test asynchronously to avoid blocking
+                # Use timeout/gtimeout if available, otherwise run without timeout
+                (
+                    cd "$PROJECT_ROOT" 2>/dev/null || exit
+                    TIMEOUT_CMD=""
+                    if command -v timeout &>/dev/null; then
+                        TIMEOUT_CMD="timeout 30"
+                    elif command -v gtimeout &>/dev/null; then
+                        TIMEOUT_CMD="gtimeout 30"
+                    fi
+                    $TIMEOUT_CMD npm test -- --testPathPatterns="$(basename "$TEST_FILE")" --silent 2>&1 | head -20 >> "$TESTS_LOG"
+                    if [[ ${PIPESTATUS[0]} -ne 0 ]]; then
+                        echo "$(date +%H:%M:%S) SMART_TEST_RESULT: FAIL" >> "$TESTS_LOG"
+                    else
+                        echo "$(date +%H:%M:%S) SMART_TEST_RESULT: PASS" >> "$TESTS_LOG"
+                    fi
+                ) &
+            fi
+        fi
+    fi
+fi
+
+# === WEBHOOK NOTIFICATIONS (P3) ===
+# Opt-in: Set CLAUDE_HOOKS_WEBHOOK_URL to enable
+# Fires notification when issues are closed
+if [[ -n "${CLAUDE_HOOKS_WEBHOOK_URL:-}" ]]; then
+    if [[ "$TOOL_NAME" == "Bash" ]] && echo "$TOOL_INPUT" | grep -qE 'gh issue close'; then
+        # Extract issue number
+        ISSUE_NUM=$(echo "$TOOL_INPUT" | grep -oE '#?[0-9]+' | head -1 | tr -d '#')
+
+        if [[ -n "$ISSUE_NUM" ]]; then
+            echo "$(date +%H:%M:%S) WEBHOOK: Notifying issue #$ISSUE_NUM closed" >> "$QUALITY_LOG"
+
+            # Fire-and-forget async curl (don't block on webhook failures)
+            (
+                curl -s -X POST "$CLAUDE_HOOKS_WEBHOOK_URL" \
+                    -H 'Content-Type: application/json' \
+                    -d "{\"text\":\"Issue #$ISSUE_NUM completed by Claude Code automation\"}" \
+                    --max-time 5 2>/dev/null || true
+            ) &
+        fi
+    fi
+fi
+
+exit 0

package/templates/hooks/pre-tool.sh

@@ -0,0 +1,350 @@
+#!/bin/bash
+# Pre-tool hook for Claude Code
+# - Security guardrails for execute-issues.ts (blocks catastrophic commands)
+# - Timing instrumentation for performance analysis
+# Exit 0 = allow, Exit 2 = block (Exit 1 = non-blocking error, logged but not blocked)
+
+# === ROLLBACK MECHANISM ===
+# Set CLAUDE_HOOKS_DISABLED=true to bypass all hook logic
+if [[ "${CLAUDE_HOOKS_DISABLED:-}" == "true" ]]; then
+    exit 0
+fi
+
+# === READ INPUT FROM STDIN ===
+# Claude Code passes tool data as JSON via stdin, not environment variables
+INPUT_JSON=$(cat)
+
+# Parse JSON using jq (preferred) or fallback to grep
+if command -v jq &>/dev/null; then
+    TOOL_NAME=$(echo "$INPUT_JSON" | jq -r '.tool_name // empty')
+    # For Bash tool, extract .command from tool_input; for others, stringify the whole object
+    if [[ "$(echo "$INPUT_JSON" | jq -r '.tool_name // empty')" == "Bash" ]]; then
+        TOOL_INPUT=$(echo "$INPUT_JSON" | jq -r '.tool_input.command // empty')
+    else
+        TOOL_INPUT=$(echo "$INPUT_JSON" | jq -r '.tool_input | tostring // empty')
+    fi
+else
+    TOOL_NAME=$(echo "$INPUT_JSON" | grep -oE '"tool_name"\s*:\s*"[^"]+"' | head -1 | cut -d'"' -f4)
+    # For Bash tool, extract command from tool_input; for others, extract the whole object
+    if [[ "$TOOL_NAME" == "Bash" ]]; then
+        TOOL_INPUT=$(echo "$INPUT_JSON" | grep -oE '"command"\s*:\s*"[^"]+"' | head -1 | cut -d'"' -f4)
+    else
+        TOOL_INPUT=$(echo "$INPUT_JSON" | grep -oE '"tool_input"\s*:\s*\{[^}]+\}' | head -1)
+    fi
+fi
+
+TIMING_LOG="/tmp/claude-timing.log"
+PARALLEL_MARKER_PREFIX="/tmp/claude-parallel-"
+
+# === AGENT ID DETECTION ===
+# For parallel agents, detect group ID from marker files
+# Format: /tmp/claude-parallel-<group-id>.marker
+AGENT_ID=""
+for marker in "${PARALLEL_MARKER_PREFIX}"*.marker; do
+    if [[ -f "$marker" ]]; then
+        # Extract group ID from marker filename
+        AGENT_ID=$(basename "$marker" | sed 's/claude-parallel-//' | sed 's/\.marker//')
+        break
+    fi
+done
+
+# === TIMING START ===
+# Include agent ID in log format if available (AC-4)
+if [[ -n "$AGENT_ID" ]]; then
+    echo "$(date +%s.%N) [$AGENT_ID] START $TOOL_NAME" >> "$TIMING_LOG"
+else
+    echo "$(date +%s.%N) START $TOOL_NAME" >> "$TIMING_LOG"
+fi
+
+# === LOG ROTATION ===
+# Rotate if over 1000 lines to prevent unbounded growth
+if [[ -f "$TIMING_LOG" ]]; then
+    LINE_COUNT=$(wc -l < "$TIMING_LOG" 2>/dev/null || echo 0)
+    if [[ "$LINE_COUNT" -gt 1000 ]]; then
+        tail -500 "$TIMING_LOG" > "${TIMING_LOG}.tmp" && mv "${TIMING_LOG}.tmp" "$TIMING_LOG"
+    fi
+fi
+
+# === CATASTROPHIC BLOCKS ===
+# These should NEVER run in any automated context
+
+# Secrets/credentials
+# Skip check for gh commands (comment/pr bodies may contain example text)
+if ! echo "$TOOL_INPUT" | grep -qE '^gh (issue|pr) '; then
+    # Pattern requires command to START with file reader (not match in quoted strings)
+    if echo "$TOOL_INPUT" | grep -qE '^(cat|less|head|tail|more) .*\.(env|pem|key)'; then
+        echo "HOOK_BLOCKED: Reading secret file" | tee -a /tmp/claude-hook.log >&2
+        exit 2
+    fi
+
+    if echo "$TOOL_INPUT" | grep -qE '^(cat|less) .*~/\.(ssh|aws|gnupg|config/gh)'; then
+        echo "HOOK_BLOCKED: Reading credential directory" | tee -a /tmp/claude-hook.log >&2
+        exit 2
+    fi
+fi
+
+# Bare environment dump
+if echo "$TOOL_INPUT" | grep -qE '^(env|printenv|export)$'; then
+    echo "HOOK_BLOCKED: Environment dump" | tee -a /tmp/claude-hook.log >&2
+    exit 2
+fi
+
+# Destructive system commands
+if echo "$TOOL_INPUT" | grep -qE 'sudo|rm -rf /|rm -rf ~|rm -rf \$HOME'; then
+    echo "HOOK_BLOCKED: Destructive system command" | tee -a /tmp/claude-hook.log >&2
+    exit 2
+fi
+
+# Deployment (should never happen in issue automation)
+if echo "$TOOL_INPUT" | grep -qE 'vercel (deploy|--prod)|terraform (apply|destroy)|kubectl (apply|delete)'; then
+    echo "HOOK_BLOCKED: Deployment command" | tee -a /tmp/claude-hook.log >&2
+    exit 2
+fi
+
+# Force push
+# Pattern requires -f to be a standalone flag (not part of branch name like -fix)
+if echo "$TOOL_INPUT" | grep -qE 'git push.*(--force| -f($| ))'; then
+    echo "HOOK_BLOCKED: Force push" | tee -a /tmp/claude-hook.log >&2
+    exit 2
+fi
+
+# CI/CD triggers (automation shouldn't trigger more automation)
+if echo "$TOOL_INPUT" | grep -qE 'gh workflow run'; then
+    echo "HOOK_BLOCKED: Workflow trigger" | tee -a /tmp/claude-hook.log >&2
+    exit 2
+fi
+
+# === SECURITY GUARDRAILS ===
+# Granular disable: Set CLAUDE_HOOKS_SECURITY=false to bypass security checks only
+# (separate from CLAUDE_HOOKS_DISABLED which bypasses ALL hooks)
+
+# --- Secret Detection (AC-1 for Issue #492) ---
+# Block commits containing hardcoded API keys, tokens, and secrets
+check_secrets() {
+    local content="$1"
+    local patterns=(
+        'sk-[a-zA-Z0-9]{32,}'                    # OpenAI API key
+        'sk_live_[a-zA-Z0-9]{24,}'               # Stripe live key
+        'AKIA[A-Z0-9]{16}'                       # AWS Access Key
+        'ghp_[a-zA-Z0-9]{36}'                    # GitHub Personal Token
+        'xoxb-[0-9]{10,}(-[a-zA-Z0-9]+)+'        # Slack Bot Token
+        'AIza[a-zA-Z0-9_-]{35}'                  # Google API Key
+    )
+
+    for pattern in "${patterns[@]}"; do
+        if echo "$content" | grep -qE "$pattern"; then
+            return 0  # Found a secret
+        fi
+    done
+    return 1  # No secrets found
+}
+
+# --- Sensitive File Detection (AC-2 for Issue #492) ---
+# Block commits containing sensitive files
+check_sensitive_files() {
+    local files="$1"
+    local patterns=(
+        '\.env$'
+        '\.env\.local$'
+        '\.env\.production$'
+        '\.env\.[^.]+$'           # Any .env.* file
+        'credentials\.json$'
+        '\.pem$'
+        '\.key$'
+        'id_rsa$'
+        'id_ed25519$'
+    )
+
+    for pattern in "${patterns[@]}"; do
+        if echo "$files" | grep -qE "$pattern"; then
+            return 0  # Found sensitive file
+        fi
+    done
+    return 1  # No sensitive files found
+}
+
+if [[ "${CLAUDE_HOOKS_SECURITY:-true}" != "false" ]]; then
+    # Security checks for git commit
+    if [[ "$TOOL_NAME" == "Bash" ]] && echo "$TOOL_INPUT" | grep -qE 'git commit'; then
+        # Skip security checks if --no-verify is used
+        if ! echo "$TOOL_INPUT" | grep -qE -- '--no-verify'; then
+            # Check staged files for secrets
+            STAGED_CONTENT=$(git diff --cached 2>/dev/null || true)
+            if [[ -n "$STAGED_CONTENT" ]] && check_secrets "$STAGED_CONTENT"; then
+                {
+                    echo "HOOK_BLOCKED: Hardcoded secret detected in staged changes"
+                    echo "  Use 'git commit --no-verify' to bypass if this is a false positive"
+                } | tee -a /tmp/claude-hook.log >&2
+                exit 2
+            fi
+
+            # Check for sensitive files in commit
+            STAGED_FILES=$(git diff --cached --name-only 2>/dev/null || true)
+            if [[ -n "$STAGED_FILES" ]] && check_sensitive_files "$STAGED_FILES"; then
+                {
+                    echo "HOOK_BLOCKED: Sensitive file in commit (${STAGED_FILES})"
+                    echo "  Files like .env, *.pem, *.key should not be committed"
+                    echo "  Use 'git commit --no-verify' to bypass if this is intentional"
+                } | tee -a /tmp/claude-hook.log >&2
+                exit 2
+            fi
+        fi
+    fi
+fi
+
+# === QUALITY GUARDS (Phase 2) ===
+
+# --- No-Changes Guard (AC-7) ---
+# Block commits when there are no staged or unstaged changes (prevents empty commits)
+# Skips for --amend since amending doesn't require new changes
+if [[ "$TOOL_NAME" == "Bash" ]] && echo "$TOOL_INPUT" | grep -qE 'git commit'; then
+    if ! echo "$TOOL_INPUT" | grep -qE -- '--amend|--allow-empty'; then
+        # Check for changes (staged or unstaged)
+        CHANGES=$(git status --porcelain 2>/dev/null | wc -l | tr -d ' ')
+        if [[ "$CHANGES" -eq 0 ]]; then
+            echo "HOOK_BLOCKED: No changes to commit. Stage files with 'git add' first." | tee -a /tmp/claude-hook.log >&2
+            exit 2
+        fi
+    fi
+fi
+
+# --- Worktree Validation (AC-8) ---
+# Warn (but don't block) when committing outside a feature worktree
+# This catches accidental commits to main repo during feature work
+QUALITY_LOG="/tmp/claude-quality.log"
+if [[ "$TOOL_NAME" == "Bash" ]] && echo "$TOOL_INPUT" | grep -qE 'git commit'; then
+    CWD=$(pwd)
+    if ! echo "$CWD" | grep -qE 'worktrees/feature/'; then
+        echo "$(date +%H:%M:%S) WORKTREE_WARNING: Committing outside feature worktree ($CWD)" >> "$QUALITY_LOG"
+        # Warning only - does not block
+    fi
+fi
+
+# --- Commit Message Validation (AC-3) ---
+# Enforce conventional commits format: type(scope): description
+# Types: feat|fix|docs|style|refactor|test|chore|ci|build|perf
+if [[ "$TOOL_NAME" == "Bash" ]] && echo "$TOOL_INPUT" | grep -qE 'git commit'; then
+    # Extract message from -m flag
+    MSG=""
+
+    # Try heredoc format first: -m "$(cat <<'EOF' ... EOF)"
+    # This is the most common format in Claude Code git commits
+    if echo "$TOOL_INPUT" | grep -qE "<<.*EOF"; then
+        # Extract first line after heredoc marker
+        MSG=$(echo "$TOOL_INPUT" | sed -n '/<<.*EOF/,/EOF/p' | sed '1d;$d' | head -1 | sed 's/^[[:space:]]*//')
+    fi
+
+    # Try -m "message" format (double quotes)
+    if [[ -z "$MSG" ]] && echo "$TOOL_INPUT" | grep -qE '\-m\s+"'; then
+        MSG=$(echo "$TOOL_INPUT" | awk -F'"' '{print $2}')
+    fi
+
+    # Try -m 'message' format (single quotes)
+    if [[ -z "$MSG" ]] && echo "$TOOL_INPUT" | grep -qE "\-m\s+'"; then
+        MSG=$(echo "$TOOL_INPUT" | awk -F"'" '{print $2}')
+    fi
+
+    # Validate if we found a message
+    if [[ -n "$MSG" ]]; then
+        # Conventional commits pattern: type(optional-scope): description
+        # Also accepts ! for breaking changes: feat!: or feat(scope)!:
+        PATTERN='^(feat|fix|docs|style|refactor|test|chore|ci|build|perf)(\([^)]+\))?(!)?\s*:'
+        if ! echo "$MSG" | grep -qE "$PATTERN"; then
+            {
+                echo "HOOK_BLOCKED: Commit must follow conventional commits format"
+                echo "  Expected: type(scope): description"
+                echo "  Types: feat|fix|docs|style|refactor|test|chore|ci|build|perf"
+                echo "  Got: $MSG"
+            } | tee -a /tmp/claude-hook.log >&2
+            exit 2
+        fi
+    fi
+fi
+
+# === WORKTREE PATH ENFORCEMENT FOR PARALLEL AGENTS ===
+# When a parallel marker exists with a worktree path, block edits outside that worktree
+# This prevents agents from accidentally editing the main repo instead of the worktree
+# Marker file format: First line contains the expected worktree path
+if [[ "$TOOL_NAME" == "Edit" || "$TOOL_NAME" == "Write" ]]; then
+    EXPECTED_WORKTREE=""
+    for marker in "${PARALLEL_MARKER_PREFIX}"*.marker; do
+        if [[ -f "$marker" ]]; then
+            # Read expected worktree path from marker file (first line)
+            EXPECTED_WORKTREE=$(head -1 "$marker" 2>/dev/null || true)
+            break
+        fi
+    done
+
+    if [[ -n "$EXPECTED_WORKTREE" ]]; then
+        # AC-1 (Issue #550): Check worktree directory exists before path validation
+        # Prevents Write tool from creating non-existent worktree directories
+        if [[ ! -d "$EXPECTED_WORKTREE" ]]; then
+            echo "HOOK_BLOCKED: Worktree does not exist: $EXPECTED_WORKTREE" | tee -a /tmp/claude-hook.log >&2
+            exit 2
+        fi
+
+        FILE_PATH=""
+        if command -v jq &>/dev/null; then
+            FILE_PATH=$(echo "$TOOL_INPUT" | jq -r '.file_path // empty' 2>/dev/null)
+        fi
+        if [[ -z "$FILE_PATH" ]]; then
+            FILE_PATH=$(echo "$TOOL_INPUT" | grep -oE '"file_path"\s*:\s*"[^"]+"' | head -1 | cut -d'"' -f4)
+        fi
+
+        if [[ -n "$FILE_PATH" ]]; then
+            # Check if file path is within the expected worktree
+            if ! echo "$FILE_PATH" | grep -qF "$EXPECTED_WORKTREE"; then
+                echo "$(date +%H:%M:%S) WORKTREE_BLOCKED: Edit outside expected worktree" >> "$QUALITY_LOG"
+                echo "  Expected: $EXPECTED_WORKTREE" >> "$QUALITY_LOG"
+                echo "  Got: $FILE_PATH" >> "$QUALITY_LOG"
+                echo "HOOK_BLOCKED: Edit must be in worktree: $EXPECTED_WORKTREE (got: $FILE_PATH)" | tee -a /tmp/claude-hook.log >&2
+                exit 2
+            fi
+        fi
+    fi
+fi
+
+# === FILE LOCKING FOR PARALLEL AGENTS (AC-6) ===
+# Prevents concurrent edits to the same file when parallel agents are running
+# Uses lockf (macOS native) with a per-file lock in /tmp
+# Disabled with CLAUDE_HOOKS_FILE_LOCKING=false
+if [[ "${CLAUDE_HOOKS_FILE_LOCKING:-true}" == "true" ]]; then
+    if [[ "$TOOL_NAME" == "Edit" || "$TOOL_NAME" == "Write" ]]; then
+        FILE_PATH=""
+        if command -v jq &>/dev/null; then
+            FILE_PATH=$(echo "$TOOL_INPUT" | jq -r '.file_path // empty' 2>/dev/null)
+        fi
+        if [[ -z "$FILE_PATH" ]]; then
+            FILE_PATH=$(echo "$TOOL_INPUT" | grep -oE '"file_path"\s*:\s*"[^"]+"' | head -1 | cut -d'"' -f4)
+        fi
+
+        if [[ -n "$FILE_PATH" ]]; then
+            # Create a lock file based on file path hash (handles special chars)
+            LOCK_FILE="/tmp/claude-lock-$(echo "$FILE_PATH" | md5 -q 2>/dev/null || echo "$FILE_PATH" | md5sum | cut -d' ' -f1).lock"
+
+            # Try to acquire lock with 30 second timeout
+            # Use a subshell to hold the lock during the tool execution
+            if command -v lockf &>/dev/null; then
+                # macOS: use lockf
+                exec 200>"$LOCK_FILE"
+                if ! lockf -t 30 200 2>/dev/null; then
+                    echo "HOOK_BLOCKED: File locked by another agent: $FILE_PATH" | tee -a /tmp/claude-hook.log >&2
+                    exit 2
+                fi
+                # Lock will be released when the file descriptor closes (process exits)
+            elif command -v flock &>/dev/null; then
+                # Linux: use flock
+                exec 200>"$LOCK_FILE"
+                if ! flock -w 30 200 2>/dev/null; then
+                    echo "HOOK_BLOCKED: File locked by another agent: $FILE_PATH" | tee -a /tmp/claude-hook.log >&2
+                    exit 2
+                fi
+            fi
+            # If neither lockf nor flock available, proceed without locking
+        fi
+    fi
+fi
+
+# === ALLOW EVERYTHING ELSE ===
+# Slash commands need: git, npm, file edits, gh pr/issue, supabase queries
+exit 0