git-commit-push-guard
Block force-pushes to protected branches, hook-skipping commits, and unsafe history rewrites across the fleet.
hook
PreToolUse
multi-harness
mode: enforce
config/hook-registry.json (entry) wagents/hooks/policies/git_commit_push_guard.py (decision)
Block force-pushes to protected branches, hook-skipping commits, and unsafe history rewrites across the fleet.
Registry Entry
Section titled “Registry Entry”| Field | Value |
|---|---|
| id | git-commit-push-guard |
| status_message | Checking git commit/push safety |
| mode | enforce |
| logical_event | PreToolUse |
| matcher | Bash|bash|run_shell_command|shell|terminal |
| command | python3 {repo_root}/hooks/wagents-hook.py git-commit-push-guard --harness {harness} |
| timeout | 5 |
| harnesses | ["codex", "claude-code", "cursor", "github-copilot", "gemini-cli"] |
Full hook config + policy reference
{ "id": "git-commit-push-guard", "description": "Block force-pushes to protected branches, hook-skipping commits, and unsafe history rewrites across the fleet.", "status_message": "Checking git commit/push safety", "mode": "enforce", "logical_event": "PreToolUse", "matcher": "Bash|bash|run_shell_command|shell|terminal", "command": "python3 {repo_root}/hooks/wagents-hook.py git-commit-push-guard --harness {harness}", "timeout": 5, "harnesses": [ "codex", "claude-code", "cursor", "github-copilot", "gemini-cli" ]}def evaluate_git_commit_push(command: str) -> str | None: """Return a deny reason for unsafe git commit/push commands, else None.""" # Force push (--force / -f / --force-with-lease bypass) to protected # branches, history rewrites, and --no-verify / --no-gpg-sign commits. ...Command: python3 .../wagents-hook.py git-commit-push-guard --harness <name>
Resources
Section titled “Resources”Hooks HubAll repo-managed lifecycle hooks.
wagents hooksInspect and validate hooks via CLI.
