Git Branch Protection

{
  "hookConfig": {
    "hooks": {
      "preToolUse": {
        "script": "./.claude/hooks/git-branch-protection.sh",
        "matchers": [
          "edit",
          "write",
          "multiEdit"
        ]
      }
    }
  },
  "scriptContent": "#!/usr/bin/env bash\n\n# Read the tool input from stdin\nINPUT=$(cat)\nTOOL_NAME=$(echo \"$INPUT\" | jq -r '.tool_name')\nFILE_PATH=$(echo \"$INPUT\" | jq -r '.tool_input.file_path // .tool_input.path // \"\"')\n\n# Check if we're in a git repository\nif ! git rev-parse --git-dir > /dev/null 2>&1; then\n  # Not in a git repo, allow the operation\n  exit 0\nfi\n\n# Get current branch\nCURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD 2>/dev/null)\n\nif [ -z \"$CURRENT_BRANCH\" ]; then\n  # Can't determine branch, allow operation with warning\n  echo \"⚠️ Warning: Unable to determine current Git branch\" >&2\n  exit 0\nfi\n\necho \"🔍 Checking branch protection for: $CURRENT_BRANCH\" >&2\n\n# Define protected branches (can be customized via environment variables)\nPROTECTED_BRANCHES=()\n\n# Default protected branches\nDEFAULT_PROTECTED=(\"main\" \"master\" \"production\" \"prod\" \"release\" \"staging\" \"develop\")\n\n# Add custom protected branches from environment variable\nif [ -n \"$PROTECTED_BRANCHES_LIST\" ]; then\n  IFS=',' read -ra CUSTOM_PROTECTED <<< \"$PROTECTED_BRANCHES_LIST\"\n  PROTECTED_BRANCHES+=(\"${CUSTOM_PROTECTED[@]}\")\nelse\n  PROTECTED_BRANCHES+=(\"${DEFAULT_PROTECTED[@]}\")\nfi\n\n# Check if current branch is protected\nIS_PROTECTED=false\nfor protected_branch in \"${PROTECTED_BRANCHES[@]}\"; do\n  if [[ \"$CURRENT_BRANCH\" == \"$protected_branch\" ]]; then\n    IS_PROTECTED=true\n    break\n  fi\ndone\n\n# Check for pattern-based protection (e.g., release/* branches)\nPROTECTED_PATTERNS=(\"release/*\" \"hotfix/*\" \"support/*\")\nif [ -n \"$PROTECTED_PATTERNS_LIST\" ]; then\n  IFS=',' read -ra CUSTOM_PATTERNS <<< \"$PROTECTED_PATTERNS_LIST\"\n  PROTECTED_PATTERNS+=(\"${CUSTOM_PATTERNS[@]}\")\nfi\n\nfor pattern in \"${PROTECTED_PATTERNS[@]}\"; do\n  if [[ \"$CURRENT_BRANCH\" == $pattern ]]; then\n    IS_PROTECTED=true\n    break\n  fi\ndone\n\n# Allow override in emergency situations\nif [ \"$FORCE_ALLOW_PROTECTED_EDIT\" = \"true\" ]; then\n  echo \"⚠️ EMERGENCY OVERRIDE: Allowing edit on protected branch $CURRENT_BRANCH\" >&2\n  echo \"💡 Remove FORCE_ALLOW_PROTECTED_EDIT=true when done\" >&2\n  exit 0\nfi\n\n# If branch is protected, prevent the operation\nif [ \"$IS_PROTECTED\" = true ]; then\n  echo \"\" >&2\n  echo \"🚫 BRANCH PROTECTION VIOLATION\" >&2\n  echo \"=====================================\" >&2\n  echo \"❌ Direct edits to '$CURRENT_BRANCH' branch are not allowed\" >&2\n  echo \"\" >&2\n  echo \"🔒 Protected branches: ${PROTECTED_BRANCHES[*]}\" >&2\n  echo \"🔒 Protected patterns: ${PROTECTED_PATTERNS[*]}\" >&2\n  echo \"\" >&2\n  echo \"✅ Recommended workflow:\" >&2\n  echo \"   1. Create a feature branch:\" >&2\n  echo \"      git checkout -b feature/your-feature-name\" >&2\n  echo \"\" >&2\n  echo \"   2. Make your changes on the feature branch\" >&2\n  echo \"\" >&2\n  echo \"   3. Push and create a Pull Request:\" >&2\n  echo \"      git push -u origin feature/your-feature-name\" >&2\n  echo \"\" >&2\n  \n  # Suggest specific branch names based on the file being edited\n  if [ -n \"$FILE_PATH\" ]; then\n    BASE_NAME=$(basename \"$FILE_PATH\" | cut -d. -f1)\n    SUGGESTED_BRANCH=\"feature/update-${BASE_NAME}\"\n    echo \"💡 Suggested branch name: $SUGGESTED_BRANCH\" >&2\n    echo \"   Quick command: git checkout -b $SUGGESTED_BRANCH\" >&2\n    echo \"\" >&2\n  fi\n  \n  # Show current branch status\n  echo \"📊 Current repository status:\" >&2\n  echo \"   Current branch: $CURRENT_BRANCH\" >&2\n  \n  # Show available branches\n  AVAILABLE_BRANCHES=$(git branch | grep -v \"\\*\" | head -5 | xargs)\n  if [ -n \"$AVAILABLE_BRANCHES\" ]; then\n    echo \"   Available branches: $AVAILABLE_BRANCHES\" >&2\n  fi\n  \n  # Check if there are uncommitted changes\n  if [ -n \"$(git status --porcelain 2>/dev/null)\" ]; then\n    echo \"   ⚠️ You have uncommitted changes\" >&2\n    echo \"   💡 Consider: git stash (to save changes temporarily)\" >&2\n  fi\n  \n  echo \"\" >&2\n  echo \"🆘 Emergency override (use with caution):\" >&2\n  echo \"   FORCE_ALLOW_PROTECTED_EDIT=true [your command]\" >&2\n  echo \"\" >&2\n  echo \"📚 Branch protection helps maintain:\" >&2\n  echo \"   • Code quality through peer review\" >&2\n  echo \"   • Stable main/master branches\" >&2\n  echo \"   • Proper CI/CD pipeline execution\" >&2\n  echo \"   • Team collaboration standards\" >&2\n  echo \"\" >&2\n  \n  # Exit with error to prevent the tool from running\n  exit 1\nfi\n\n# Branch is not protected, show informational message\necho \"✅ Branch '$CURRENT_BRANCH' is not protected - operation allowed\" >&2\n\n# Show branch protection tips for unprotected branches\nif [[ \"$CURRENT_BRANCH\" == feature/* ]] || [[ \"$CURRENT_BRANCH\" == bugfix/* ]] || [[ \"$CURRENT_BRANCH\" == hotfix/* ]]; then\n  echo \"💡 Working on feature branch - remember to create a PR when ready\" >&2\nfi\n\n# Check if branch is ahead/behind remote\nif git rev-parse --verify \"origin/$CURRENT_BRANCH\" > /dev/null 2>&1; then\n  AHEAD=$(git rev-list --count \"origin/$CURRENT_BRANCH\"..HEAD 2>/dev/null || echo \"0\")\n  BEHIND=$(git rev-list --count HEAD..\"origin/$CURRENT_BRANCH\" 2>/dev/null || echo \"0\")\n  \n  if [ \"$AHEAD\" -gt 0 ]; then\n    echo \"📤 Branch is $AHEAD commits ahead of origin\" >&2\n  fi\n  \n  if [ \"$BEHIND\" -gt 0 ]; then\n    echo \"📥 Branch is $BEHIND commits behind origin - consider pulling\" >&2\n  fi\nfi\n\n# All checks passed, allow the operation\nexit 0"
}