174eb40da9
Guard now runs synchronously before tokio runtime initialization: - Added maybe_handle_guard_sync() pre-main check - Added run_guard_sync() with full guard logic - Added is_in_allowlist_sync() and is_source_code_path_sync() - main() now checks for guard before calling tokio_main() This eliminates tokio overhead for guard invocations and provides correct architecture (pre-init gates don't depend on post-init infra). Note: PATH-based command lookup still hangs in Claude Code's hook environment - this is a Claude Code issue, not Blue. The hook still requires full binary path as workaround. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
14 lines
527 B
Bash
Executable file
14 lines
527 B
Bash
Executable file
#!/bin/bash
|
|
# PreToolUse hook for Write/Edit/MultiEdit - enforces RFC 0038 worktree protection
|
|
|
|
# Extract file_path directly with jq (recommended pattern - avoids cat hanging)
|
|
FILE_PATH=$(jq -r '.tool_input.file_path // empty')
|
|
|
|
# If no file_path, allow (shouldn't happen for Write/Edit)
|
|
if [ -z "$FILE_PATH" ]; then
|
|
exit 0
|
|
fi
|
|
|
|
# Call blue guard with the extracted path
|
|
# Note: Full path required - PATH lookup hangs in Claude Code hook environment
|
|
/Users/ericg/letemcook/blue/target/release/blue guard --path="$FILE_PATH"
|