Add block-no-verify hooks to prevent agents from bypassing git hooks

[tupe12334]

Summary

• Adds block-no-verify@1.1.2 as a PreToolUse Bash hook in .claude/settings.json
• Adds block-no-verify@1.1.2 as a beforeShellExecution hook in .cursor/hooks.json
• Prevents both Claude Code and Cursor agents from bypassing git hooks via the hook-skip flag

Details

When an agent runs git commit or git push with the hook-bypass flag, it silently disables pre-commit, commit-msg, and pre-push hooks — linters, type-checkers, and tests can all be skipped without warning.

block-no-verify reads the command from the hook stdin payload, detects the hook-bypass flag across all git subcommands, and exits 2 to block. No custom scripts needed.

Closes #3673

---

Disclosure: I am the author and maintainer of block-no-verify.

[vercel]

@tupe12334 is attempting to deploy a commit to the Sim Team on Vercel.

A member of the Team first needs to authorize it.

[cursor]

PR Summary

Low Risk
Low risk: adds editor/agent hook configuration only, with no runtime or application code changes.

Overview
Adds agent-side shell execution hooks for Claude Code and Cursor to run npx block-no-verify@1.1.2, preventing use of git hook-bypass flags (e.g., --no-verify) from agent-invoked commands.

^{Written by Cursor Bugbot for commit 84767fe. This will update automatically on new commits. Configure here.}

[greptile-apps]

Greptile Summary

This PR introduces two new agent-hook configuration files — .claude/settings.json and .cursor/hooks.json — that invoke the third-party block-no-verify@1.1.2 package before every shell command executed by Claude Code and Cursor respectively, with the goal of preventing AI agents from bypassing git hooks via --no-verify.

Key concerns:

• npx vs bunx: Both files use npx to run the package, which directly violates the project-wide convention documented in CLAUDE.md: "Package Manager: Use bun and bunx, not npm and npx". Both hooks should use bunx block-no-verify@1.1.2 instead.
• Overly broad hook scope in .claude/settings.json: The matcher: "Bash" setting causes the package to be spawned before every Bash command the agent runs (file reads, test runs, builds, installs, etc.), not only git invocations. While the package safely no-ops on non-git commands, the extra process-spawn overhead on every shell call will slow down the agent loop noticeably.
• Conflict of interest / supply chain: The PR author self-disclosed that they are the author and maintainer of block-no-verify. This means a single external maintainer's package will be executed before every shell command for all contributors using these AI tools on this repo. The version is pinned (@1.1.2), which mitigates the risk of unintentional updates, but the package still runs with the same privileges as the agent and merits careful review of its source before merging.
• Redundant event field: The .cursor/hooks.json hook object includes "event": "beforeShellExecution" which duplicates the parent key and is unnecessary.

Confidence Score: 2/5

• Not safe to merge as-is — uses npx against project convention, runs a third-party package before every shell command, and introduces a supply-chain dependency authored by the PR submitter.
• The changes are small in scope but carry non-trivial risk: they introduce a third-party npm package (authored by the PR submitter) that will execute before every single Bash tool call in Claude Code and every shell command in Cursor. The npx usage violates the explicit CLAUDE.md policy, the broad Bash matcher creates unnecessary overhead, and accepting a package maintained by the contributor warrants extra scrutiny of its source code before merging.
• Both .claude/settings.json and .cursor/hooks.json need attention — fix npx → bunx in both, and consider narrowing the Bash hook scope in .claude/settings.json.

Important Files Changed

Filename	Overview
.claude/settings.json	Introduces a new PreToolUse hook that runs npx block-no-verify@1.1.2 before every Bash command; uses npx in violation of the project's bunx convention, and the broad Bash matcher adds overhead to all shell operations rather than only git invocations.
.cursor/hooks.json	Adds a beforeShellExecution hook with npx block-no-verify@1.1.2; contains a redundant event field and uses npx instead of the project-mandated bunx.

Sequence Diagram

sequenceDiagram
    participant Agent as AI Agent (Claude / Cursor)
    participant Hook as PreToolUse / beforeShellExecution Hook
    participant BNV as block-no-verify@1.1.2 (npx)
    participant Shell as Shell / Git

    Agent->>Hook: Any Bash command (git, bun, ls, tests, …)
    Hook->>BNV: Spawn via npx, pass command on stdin
    alt Command contains --no-verify / -n flag on git subcommand
        BNV-->>Hook: exit 2 (block)
        Hook-->>Agent: Command blocked
    else All other commands
        BNV-->>Hook: exit 0 (allow)
        Hook->>Shell: Execute original command
        Shell-->>Agent: Result
    end

Loading

_{Last reviewed commit: "feat: add block-no-v..."}

[greptile-apps]

npx violates project package manager convention

The project's CLAUDE.md explicitly mandates: "Package Manager: Use bun and bunx, not npm and npx". This hook should use bunx instead of npx to stay consistent with the rest of the project tooling.

Suggested change

	"hooks": [{ "type": "command", "command": "npx block-no-verify@1.1.2" }]
	"hooks": [{ "type": "command", "command": "bunx block-no-verify@1.1.2" }]

[greptile-apps]

Hook fires on every Bash command, not just git commands

The matcher: "Bash" configuration causes npx block-no-verify@1.1.2 to be invoked before every single Bash command Claude Code runs — including file operations, test runs, builds, installs, etc. — not only git commands. This adds a process-spawn overhead to all shell activity in the agent.

block-no-verify already inspects the incoming stdin payload to determine whether the command is a git invocation with --no-verify, so non-git commands are harmlessly passed through. But spawning a new npx process for every Bash tool call (e.g. running the test suite, bun install, etc.) will noticeably slow down the agent loop.

Consider whether a narrower matcher (e.g. checking if the command string starts with git) or a wrapper script that short-circuits non-git calls early would be preferable.

[greptile-apps]

Redundant event field inside hook object

The "event": "beforeShellExecution" property inside the hook object duplicates the key that already names the hook in the parent "hooks" map. Most Cursor hook schema definitions only expect "command" (and optionally a "label") inside the individual hook entries — the event key is already provided by the parent key. This is harmless today but could cause confusion or breakage if Cursor's hook parser becomes stricter.

Suggested change

	{ "command": "npx block-no-verify@1.1.2", "event": "beforeShellExecution" }
	{ "command": "npx block-no-verify@1.1.2" }

[greptile-apps]

npx violates project package manager convention

Same as .claude/settings.json — the project's CLAUDE.md mandates bunx over npx. This should be updated for consistency.

Suggested change

	{ "command": "npx block-no-verify@1.1.2", "event": "beforeShellExecution" }
	{ "command": "bunx block-no-verify@1.1.2" }

_{Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!}

[cursor]

Cursor Bugbot has reviewed your changes and found 3 potential issues.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

[cursor]

Missing required version field in Cursor hooks config

High Severity

The .cursor/hooks.json file is missing the required "version": 1 top-level field. The Cursor hooks schema requires this field, and both the official Cursor docs and the block-no-verify README include it in their examples. Without it, the hook may fail to load or be silently ignored, meaning --no-verify bypass protection wouldn't actually work in Cursor.

 

[cursor]

Spurious event field in Cursor hook object

Low Severity

The hook object includes "event": "beforeShellExecution" which is not part of the Cursor hooks schema. The documented properties for a hook entry are command, timeout, and matcher. The event type is already determined by the key under hooks. This extra field is redundant and inconsistent with both the Cursor docs and the block-no-verify README's own example configuration.

 

[cursor]

Unlockfiled dependency auto-executed via npx on every command

Medium Severity

block-no-verify is fetched and executed via npx on every AI agent shell command, but it's not listed in package.json or tracked in bun.lock. This means no lockfile hash verification, no coverage by dependency audit tools, and a potential network fetch on each invocation. Adding it as a devDependency would bring it under the project's existing integrity and audit infrastructure.

Additional Locations (1)

• .cursor/hooks.json#L3-L4