feat(agent-workflow): add git command verification hook for Claude Code

[rjmurillo-bot]

Summary

Create a Claude Code hook that intercepts git commands and verifies the current branch matches the expected PR context before executing commit operations.

Background

From PR co-mingling retrospective (PR #669): Agents made commits without branch awareness, leading to cross-PR contamination. This hook provides runtime verification during agent execution.

Specification

Category: Agent automation protection
Integration: Claude Code PreToolUse hook

Verification Logic

Before any git commit or git push command:

1. Check current branch: git branch --show-current
2. Compare with session context (from session log JSON branch field)
3. Block on mismatch with actionable remediation paths
4. Fail open on missing context (no session log, no branch field)

Example Flow

Agent: git commit -m "fix: update..."
Hook: [BLOCKED] Current branch 'feat/other-pr' does not match session context 'feat/current-pr'
Hook: Remediation options:
  1. Switch to expected branch: git checkout feat/current-pr
  2. Update session log to match current branch
  3. Start a new session for current branch

Architecture Constraint

Claude Code PreToolUse hooks are non-interactive subprocesses. Stdin carries a JSON payload from Claude Code. The hook cannot prompt for user input. Exit codes are the only communication channel:

• Exit 0: allow the command
• Exit 2: block the command (with message shown to agent)

The hook provides just-in-time documentation through its block message, giving the agent actionable remediation paths at the moment of failure.

Testing

• Simulate commit on wrong branch (should block)
• Test with session context variable set
• Test remediation paths provided in block message
• Verify no false positives on correct branch
• Verify fail-open on missing session context

Related

• PR docs(retrospective): PR co-mingling root cause analysis #669: Root cause analysis
• Issue feat(git-hooks): add pre-commit branch validation hook #681: Pre-commit hook (static validation)
• PR feat(hooks): add branch context verification hook #1208: Implementation

Acceptance Criteria

• Hook intercepts git commit/push commands
• Hook verifies branch against session context
• Hook blocks on mismatch and provides remediation paths in block message
• Agent can resolve by switching branch, updating session, or starting new session
• Hook output serves as just-in-time documentation with actionable remediation steps

Notes

This complements #681 (pre-commit hook) by adding runtime verification during agent execution. The pre-commit hook catches errors at commit time; this hook catches them before the agent even attempts the commit.

[coderabbitai]

⚠️ Possible Duplicate Issue(s)

• feat(hooks): Claude Code hook to intercept git commands and verify branch #680

🔗 Related PRs

#696 - docs(protocol): add mandatory branch verification gates [merged]
#853 - docs: Document exit code 2 bypass failure and establish Claude hooks enforcement [merged]
#1094 - feat: add pre-push git hook for comprehensive branch validation [merged]
#1219 - feat(gate): add retrospective enforcement gate to ADR-033 [merged]
#1245 - feat(hooks): add scope explosion detector to pre-commit hook [merged]

---

📝 Issue Planner

_{Check the box below or use the @coderabbitai plan command to generate an implementation plan and prompts that you can use with your favorite coding assistant.}

• Create Plan

---

🧪 Issue enrichment is currently in open beta.

You can configure auto-planning by selecting labels in the issue_enrichment configuration.

To disable automatic issue enrichment, add the following to your .coderabbit.yaml:

issue_enrichment:
  auto_enrich:
    enabled: false

💬 Have feedback or questions? Drop into our discord!

[github-actions]

Product Requirements Document

Important

This PRD was automatically generated based on issue triage escalation.
Complexity Score: 6/12 (Standard)
Escalation Criteria: feature_request,research_required,multi_phase_work,architectural_impact

About this PRD

This PRD was generated by the Explainer Agent after the issue was flagged
for detailed analysis. The document is designed to be self-contained - it can
be passed to a separate AI agent instance for implementation without additional
context.

PRD Depth Levels:

• Standard (4-6): Brief analysis, clear requirements
• Detailed (7-9): Research section, blocking questions
• Comprehensive (10-12): Phased implementation, risk analysis

---

Now I have sufficient context. Let me create the comprehensive PRD for this GitHub issue.

The directory doesn't allow file creation. Let me output the PRD directly:

---

PRD: Git Command Verification Hook for Claude Code

Executive Summary

Claude Code agents commit to wrong branches during multi-PR sessions, causing cross-PR contamination. This PRD specifies a pre-command hook that verifies branch context before git commit or git push operations. The hook compares the current branch against session context (from session logs or environment variables) and prompts for confirmation on mismatch.

Scope	Status	Blocker
Branch verification before commit	🟢 READY	None
Session context retrieval	🟡 PARTIAL	Claude Code hook mechanism not documented
Override confirmation flow	🟢 READY	None
Documentation update	🟢 READY	None

Verdict: READY with discovery needed for Claude Code hook integration.

---

Problem Statement

Current State

Component	Current Behavior
Session logs	Store branch context in YAML front matter and Git State section
Pre-commit hooks	Validate markdown, PowerShell, session protocol; no branch verification
Agent instructions	Document branch verification as SHOULD requirement, not enforced
Environment	No SESSION_BRANCH variable set during agent sessions

Gap Analysis

Gap	Impact	Priority
No runtime branch verification	Agents commit to wrong branch mid-session	P1
Session context not programmatically accessible	Cannot automate branch checks	P1
Verification is trust-based, not enforcement-based	100% reliance on agent discipline	P1
Pre-commit hook runs after agent attempts commit	Late detection, wasted effort	P2

User Impact

Who is affected: All AI agents (Claude Code, Copilot CLI) operating on multi-branch workflows.

How: Agents switch mental context between PRs but forget to switch git branches. Commits land on wrong branches, requiring manual cherry-pick or revert, force push cleanup, and re-review of contaminated PRs.

Evidence: PR #669 retrospective documented cross-PR contamination from agent branch confusion. The PR #226 premature merge failure retrospective (2025-12-22) shows agents bypassing safety protocols under autonomy.

---

Research Findings

Primary Sources

Claude Code Hooks (CONFIRMED): Claude Code supports lifecycle hooks via .claude/commands/ directory. Custom commands can be defined as markdown files.

Pre-Commit Hook Infrastructure (CONFIRMED): The repository has a mature pre-commit hook at .githooks/pre-commit (900 lines) with markdown linting, PSScriptAnalyzer validation, session protocol validation, and more.

Session Protocol (CONFIRMED): Session logs store branch context in structured format. Environment variable SESSION_BRANCH is proposed but not currently implemented.

ADR-005: PowerShell-Only Scripting (CONFIRMED): All scripts must be PowerShell. Pre-commit hook enforces this.

Confidence Level: HIGH

---

Proposed Solution

Phase 1: Environment-Based Verification (READY)

Effort: S (2-4 hours)

Task	Description
1.1	Create scripts/Invoke-BranchVerification.ps1 with verification logic
1.2	Create Pester tests scripts/tests/Invoke-BranchVerification.Tests.ps1
1.3	Add SESSION_BRANCH initialization to session start protocol
1.4	Update .agents/SESSION-PROTOCOL.md with environment variable requirement

Phase 2: Git Alias Integration (READY)

Effort: S (1-2 hours)

Task	Description
2.1	Create safe-commit git alias that wraps verification + commit
2.2	Create safe-push git alias that wraps verification + push
2.3	Document alias installation in agent instructions

Phase 3: Pre-Commit Hook Integration (READY)

Effort: S (1-2 hours)

Task	Description
3.1	Add branch verification section to .githooks/pre-commit
3.2	Check SESSION_BRANCH environment variable if set
3.3	Block commit on mismatch with clear error message

Phase 4: Session Context Retrieval (PARTIAL)

Effort: M (4-6 hours)

Task	Description
4.1	Create Get-SessionBranch.ps1 to parse session log for branch context
4.2	Implement fallback chain: $env:SESSION_BRANCH > session log > prompt
4.3	Create Pester tests for session log parsing

---

Functional Requirements

FR-1: Branch Verification Logic (P0)

ID	Requirement	Acceptance Criteria
FR-1.1	System MUST retrieve current branch using git branch --show-current	Returns branch name or empty for detached HEAD
FR-1.2	System MUST compare current branch against expected branch (case-insensitive)	main equals MAIN
FR-1.3	System MUST block commit/push when branches do not match	Exit code non-zero
FR-1.4	System MUST allow explicit override with confirmation	User types y to proceed
FR-1.5	System MUST log override decisions to stderr	Warning includes branch names

FR-2: Session Context Sources (P0)

ID	Requirement	Acceptance Criteria
FR-2.1	System MUST check $env:SESSION_BRANCH first	Environment variable takes precedence
FR-2.2	System SHOULD parse session log for branch if env var not set	Look for **Branch**: pattern
FR-2.3	System MUST NOT block if no session context available	Warn only

FR-3: Integration Points (P1)

ID	Requirement	Acceptance Criteria
FR-3.1	Verification script MUST be PowerShell (.ps1)	ADR-005 compliance
FR-3.2	Script MUST have Pester tests with 80% coverage	Tests in scripts/tests/
FR-3.3	Verification MUST complete within 2 seconds	No noticeable delay

---

Technical Design

scripts/Invoke-BranchVerification.ps1

[CmdletBinding()]
param(
    [string]$ExpectedBranch,
    [string]$SessionLogPath,
    [switch]$Force,
    [switch]$CI
)

$currentBranch = git branch --show-current 2>$null
if (-not $currentBranch) {
    Write-Warning "Not on a branch (detached HEAD or not a git repo)"
    if ($CI) { exit 1 }
    return $false
}

if (-not $ExpectedBranch) {
    if ($env:SESSION_BRANCH) {
        $ExpectedBranch = $env:SESSION_BRANCH
    }
    elseif ($SessionLogPath -and (Test-Path $SessionLogPath)) {
        $content = Get-Content $SessionLogPath -Raw
        if ($content -match '\*\*Branch\*\*:\s*`?([^\s`]+)') {
            $ExpectedBranch = $Matches[1]
        }
    }
}

if (-not $ExpectedBranch) {
    Write-Warning "No session branch context found. Set `$env:SESSION_BRANCH."
    return $true
}

if ($currentBranch -ieq $ExpectedBranch) {
    Write-Host "Branch verification: PASS ($currentBranch)" -ForegroundColor Green
    return $true
}

Write-Host "[WARNING] Branch mismatch!" -ForegroundColor Red
Write-Host "  Current:  $currentBranch" -ForegroundColor Yellow
Write-Host "  Expected: $ExpectedBranch" -ForegroundColor Yellow

if ($CI -or $Force) {
    Write-Host "[BLOCKED] Switch to: git checkout $ExpectedBranch" -ForegroundColor Red
    exit 1
}

Write-Host "Continue anyway? (y/N): " -NoNewline
$response = Read-Host
if ($response -ieq 'y') {
    Write-Warning "Override confirmed on branch: $currentBranch"
    return $true
}

exit 1

Pre-Commit Hook Addition (Non-Blocking Warning)

if [ -n "${SESSION_BRANCH:-}" ]; then
    CURRENT_BRANCH=$(git branch --show-current)
    if [ "$CURRENT_BRANCH" != "$SESSION_BRANCH" ]; then
        echo_warning "Branch mismatch: current='$CURRENT_BRANCH', expected='$SESSION_BRANCH'"
    else
        echo_success "Branch context verified: $CURRENT_BRANCH"
    fi
fi

---

Risks and Mitigations

Risk	Likelihood	Impact	Mitigation
False positives block legitimate commits	Medium	High	Start as warning-only
SESSION_BRANCH not set by agents	High	Medium	Document in session protocol
Detached HEAD state causes failures	Low	Medium	Handle gracefully with warning

---

Success Metrics

Metric	Target
Branch mismatch detection rate	100% when SESSION_BRANCH set
False positive rate	0%
Cross-PR contamination after deployment	0 incidents

---

Related References

• PR docs(retrospective): PR co-mingling root cause analysis #669: Root cause analysis - branch contamination
• Issue feat(git-hooks): add pre-commit branch validation hook #681: Related pre-commit hook (static validation)
• .agents/retrospective/2025-12-22-pr-226-premature-merge-failure.md: Agent protocol bypass under autonomy
• ADR-005: PowerShell-only scripting constraint
• .githooks/pre-commit: Existing hook infrastructure
• .agents/SESSION-PROTOCOL.md: Session protocol documentation

---

_{Generated by AI PRD Generation | View Workflow}

[github-actions]

AI Triage Summary

Note

This issue has been automatically triaged by AI agents

What is AI Triage?

This issue was analyzed by AI agents:

• Analyst Agent: Categorizes the issue and suggests appropriate labels
• Roadmap Agent: Aligns the issue with project milestones and priorities
• Explainer Agent (if escalated): Generates comprehensive PRD

Triage Results

Property	Value
Category	enhancement
Labels	["enhancement","agent-devops","area-workflows"]
Priority	P1
Milestone	v1.1
PRD Escalation	Generated (see below)

Categorization Analysis

```json
{
  "labels": ["enhancement", "agent-devops", "area-workflows"],
  "category": "enhancement",
  "confidence": 0.92,
  "reasoning": "Issue requests a new git command verification hook feature for Claude Code to prevent cross-PR contamination during agent execution"
}

</details>

<details>
<summary>Roadmap Alignment</summary>

```json
Based on roadmap analysis:

**Issue Assessment:**

- **Type**: Feature request (Claude Code pre-command hook for branch verification)
- **Domain**: Agent automation protection/workflow safety
- **Relation**: Addresses PR #669 retrospective findings about cross-PR contamination
- **Related Issue**: #681 (pre-commit hook - static validation)

**Epic Alignment**: This aligns with agent workflow protection, which is a foundational concern for the multi-agent system but not explicitly covered by current epics.

**Escalation Analysis:**

- Feature request: YES (new functionality)
- Research required: YES (multiple implementation approaches, needs investigation)
- Multi-phase: YES (implementation + testing + documentation)
- Architectural impact: YES (affects all agent git operations)

**Complexity Score:**

- Scope: 2 (multiple files - hooks, scripts, documentation)
- Dependencies: 1 (internal only - Session Protocol, git hooks)
- Uncertainty: 2 (three implementation options, needs validation)
- Stakeholders: 1 (internal agent users)
- **Total: 6**

```json
{
  "milestone": "v1.1",
  "priority": "P1",
  "epic_alignment": "",
  "confidence": 0.70,
  "reasoning": "High-impact agent workflow safety feature addressing documented PR contamination issue from retrospective; aligns with v1.1 maintainability theme but no existing epic covers agent git operations",
  "escalate_to_prd": true,
  "escalation_criteria": ["feature_request", "research_required", "multi_phase_work", "architectural_impact"],
  "complexity_score": 6
}

</details>

---

<sub>Powered by [AI Issue Triage](https://github.com/rjmurillo/ai-agents) workflow</sub>