Guard now runs synchronously before tokio runtime initialization:
- Added maybe_handle_guard_sync() pre-main check
- Added run_guard_sync() with full guard logic
- Added is_in_allowlist_sync() and is_source_code_path_sync()
- main() now checks for guard before calling tokio_main()
This eliminates tokio overhead for guard invocations and provides
correct architecture (pre-init gates don't depend on post-init infra).
Note: PATH-based command lookup still hangs in Claude Code's hook
environment - this is a Claude Code issue, not Blue. The hook still
requires full binary path as workaround.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The original hook syntax `blue guard --path="$TOOL_INPUT:file_path"`
didn't work - Claude Code doesn't support that variable interpolation.
Created guard-write.sh that:
- Reads JSON from stdin using jq (Claude Code's recommended pattern)
- Extracts file_path from tool_input
- Calls blue guard with full path to target/release binary
- Closes stdin with </dev/null to prevent hanging
The full binary path is a workaround for an issue where PATH-based
command lookup hangs in Claude Code's hook subprocess environment.
A proper fix (making guard synchronous before tokio::main) is tracked
in RFC 0049.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
