From 21dc822d4c2761a3a11b7853974285779e977603 Mon Sep 17 00:00:00 2001 From: Eric Garcia Date: Sun, 1 Feb 2026 17:32:40 -0500 Subject: [PATCH] fix: guard hook uses shell script with full binary path The original hook syntax `blue guard --path="$TOOL_INPUT:file_path"` didn't work - Claude Code doesn't support that variable interpolation. Created guard-write.sh that: - Reads JSON from stdin using jq (Claude Code's recommended pattern) - Extracts file_path from tool_input - Calls blue guard with full path to target/release binary - Closes stdin with --- .claude/hooks/guard-write.sh | 14 ++++++++++++++ .claude/settings.json | 2 +- 2 files changed, 15 insertions(+), 1 deletion(-) create mode 100755 .claude/hooks/guard-write.sh diff --git a/.claude/hooks/guard-write.sh b/.claude/hooks/guard-write.sh new file mode 100755 index 0000000..40af5e9 --- /dev/null +++ b/.claude/hooks/guard-write.sh @@ -0,0 +1,14 @@ +#!/bin/bash +# PreToolUse hook for Write/Edit/MultiEdit - enforces RFC 0038 worktree protection + +# Extract file_path directly with jq (recommended pattern - avoids cat hanging) +FILE_PATH=$(jq -r '.tool_input.file_path // empty') + +# If no file_path, allow (shouldn't happen for Write/Edit) +if [ -z "$FILE_PATH" ]; then + exit 0 +fi + +# Call blue guard with the extracted path +# Use full path to target/release binary and close stdin +/Users/ericg/letemcook/blue/target/release/blue guard --path="$FILE_PATH"