feat: Add block-no-verify to prevent AI agents from bypassing git hooks

[tupe12334]

Summary

Add the block-no-verify package to prevent AI coding assistants from bypassing git hooks using the --no-verify flag.

Problem

This codebase uses Husky with lint-staged to enforce code quality:

• stop-only checks on test files
• biome check --write on TypeScript/JavaScript/JSON files

AI coding assistants (Claude Code, Cursor, Gemini CLI) can bypass these checks by running git commit --no-verify, which defeats the purpose of the pre-commit hooks.

Proposed Solution

Integrate block-no-verify (v1.1.1) which:

• Monitors git commands (commit, push, merge, cherry-pick, rebase, am)
• Blocks execution when --no-verify or -n flag is detected
• Supports configuration for Claude Code, Cursor, and Gemini CLI

Configuration Required

1. For Claude Code - Create .claude/settings.json:

{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Bash",
        "hooks": [
          {
            "type": "command",
            "command": "pnpm dlx block-no-verify"
          }
        ]
      }
    ]
  }
}

2. For Cursor - Create/update .cursor/hooks.json:

{
  "beforeShellExecution": {
    "command": "pnpm dlx block-no-verify"
  }
}

Benefits

• Enforces code quality checks even when using AI assistants
• MIT licensed, lightweight dependency
• No changes needed to existing Husky/lint-staged setup
• Maintains consistency with the existing .cursor/ configuration approach

References

• Package: https://www.npmjs.com/package/block-no-verify
• Repository: https://github.com/tupe12334/block-no-verify

[linear]

NV-7032