learned-git-worktree-hook-path-and-real-hook-shape-review
Catch hook-installation and governance bugs that only appear in linked git worktrees or against the real generated hook shape, not simplified test fixtures.
Best use case
learned-git-worktree-hook-path-and-real-hook-shape-review is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Catch hook-installation and governance bugs that only appear in linked git worktrees or against the real generated hook shape, not simplified test fixtures.
Teams using learned-git-worktree-hook-path-and-real-hook-shape-review should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/learned-git-worktree-hook-path-and-real-hook-shape-review/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How learned-git-worktree-hook-path-and-real-hook-shape-review Compares
| Feature / Agent | learned-git-worktree-hook-path-and-real-hook-shape-review | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Catch hook-installation and governance bugs that only appear in linked git worktrees or against the real generated hook shape, not simplified test fixtures.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Git worktree hook path + real hook shape review
Use when:
- A repo uses linked git worktrees
- Hook installers write to `.git/hooks/...`
- Tests use simplified hook fixtures
- A change appears correct in unit tests but may fail against the actual installed hook
- Reviewing governance/enforcement hook chains in workspace-hub-style repos
## Core lesson
Two classes of bugs were caught only by adversarial review:
1. Worktree hook path bugs: `git rev-parse --git-dir` points to `.git/worktrees/<name>` in linked worktrees, but shared hooks live under `git-common-dir/hooks`.
2. Real-hook-shape bugs: installer regex/patch logic matched synthetic fixtures but failed against the actual indented early-exit structure in the shipped hook.
## Review checklist
1. Verify actual git topology
- Run:
- `git rev-parse --git-dir`
- `git rev-parse --git-common-dir`
- `git rev-parse --git-path hooks`
- If the repo is a linked worktree, never assume `REPO_ROOT/.git/hooks` is valid.
2. Audit hook config trust boundaries
- Do not source a repo-tracked file from a path that is itself writable before approval.
- Prefer trusted runtime config from the resolved hooks dir, inherited env, or other non-workspace-local source.
- Specifically check whether a “safe path” can be edited first to disable later enforcement.
- If a repo-tracked template (for example `scripts/enforcement/enforcement-env.sh`) is also on an allowlist/safe path, treating it as runtime authority creates a trivial self-bypass. Use the installed local hooks copy as authority, not the workspace template.
3. Test against the real installed hook shape
- Do not rely only on synthetic fixtures.
- Seed at least one test from the actual current hook text or an equivalent fixture that preserves:
- indentation
- early exits
- stdin buffering
- real variable names / flow
- For pre-push hooks, include the real “no tier-1 repo changes” early-exit path if it exists.
4. Check reachability before every exit path
- Search the live hook for every `exit`.
- Confirm installer-injected logic runs before all relevant exits, not just the final exit.
- If a hook buffers stdin/OIDs early, insert governance checks after buffering but before repo-selection early returns.
5. Add negative tests for false confidence
- Worktree topology test: linked worktree must resolve/install/read trusted hooks correctly.
- Safe-path bypass test: unapproved workspace-local config must not disable enforcement.
- Real-shape test: indented early-exit blocks must still be detected and guarded.
## Implementation patterns
### Worktree-safe hook resolution
Prefer:
- `git rev-parse --git-path hooks` when you need the resolved active hooks directory
- `git rev-parse --git-common-dir` when constructing shared-hook paths in linked worktrees
- `git rev-parse --git-dir` only as a fallback, not the primary source of hook paths
Avoid hardcoding:
- `REPO_ROOT/.git/hooks/...`
- `$(git rev-parse --git-dir)/hooks/...` without checking worktrees
Additional lesson:
- Installer scripts must be worktree-safe too, not just runtime hooks. A hook can correctly read trusted config from the common hooks dir while the installer still fails because it writes to `REPO_ROOT/.git/hooks/...` from a linked worktree where `.git` is a file.
- Add at least one regression test that runs the installer from a linked worktree and verifies it updates the shared hooks dir successfully.
### Installer patching pattern
When modifying an existing hook:
1. Identify where stdin/ref buffering happens
2. Insert governance blocks after buffering
3. Insert them before any early exit that would skip intended enforcement
4. Use explicit managed block markers for idempotent replacement
5. Re-test against both synthetic and real-hook-shaped fixtures
## Red flags
- Tests pass, but only with simplified fixtures
- Hook reads a repo-local config file from an allowlisted path
- Installer uses regexes assuming no indentation
- Hook installer writes to `.git/hooks` directly in a worktree-based workflow
- Docs say “verified” while only synthetic tests exist
## Minimal verification commands
- `git rev-parse --git-dir && git rev-parse --git-common-dir && git rev-parse --git-path hooks`
- `uv run pytest <targeted-hook-tests> -q`
- Temp linked-worktree repro proving install/read behavior works end-to-end
- Manual simulation using the actual current hook content where practical
## When to stop
Do not approve if any of these remain true:
- Trusted hook config is unreadable from linked worktrees
- Governance chain is still bypassed by a real early-exit path
- A workspace-local editable file can disable enforcement before approval
- Only synthetic fixtures cover the changed installer pathRelated Skills
llm-wiki-page-shape-contract
Enforce the page-shape contract when a repo-side document or analysis output gets converted into an llm-wiki page. Use when (1) running `scripts/knowledge/llm_wiki.py ingest`, (2) writing or rewriting a wiki page from docs/reports/*, docs/handoffs/*, scripts/review/results/*, or calc citation outputs, (3) deciding whether a page should be split into a folder of sub-pages, (4) reviewing wiki PRs for length / diagram / divide-and-conquer compliance. Codifies the Karpathy + Astro-Han + lewislulu page rules applied to workspace-hub's domain-wiki layout under /mnt/local-analysis/llm-wiki/wikis/<domain>/. Sibling to research/llm-wiki (which owns the CLI ops) — this skill is the quality gate every converted page must clear before commit.
digitalmodel-worktree-test-execution-with-shared-venv
Run digitalmodel tests from isolated worktrees without uv editable-dependency failures by using the main repo's existing virtualenv and PYTHONPATH.
blender-worktree-test-hardening
Recover and harden digitalmodel Blender automation work in isolated worktrees when uv/editable dependency paths break and local machines lack a Blender executable.
worktree-pre-push-bypass-for-tier1-checks
Handle workspace-hub integration-branch pushes from isolated git worktrees when the pre-push hook incorrectly assumes sibling tier-1 repos exist under the worktree path.
worktree-branch-sync-hygiene
Class-level branch, worktree, dirty-main, stash, sync, and hook hygiene for workspace-hub style multi-repo work.
test-driven-hook-debugging
Debugging and fixing shell hooks by writing isolated test suites first, then using test failures to pinpoint logic bugs
python-import-path-mismatch-debugging
Diagnose and fix ModuleNotFoundError when a package is installed but imports still fail due to environment/path mismatches
python-import-path-debugging
Diagnose ModuleNotFoundError when a package is installed but still fails to import
git-worktree-cleanup-at-scale
Identify and remove stale git worktrees blocking branch deletion in multi-repo environments
git-worktree-cleanup-and-branch-reconciliation
Systematic process for cleaning up stale git worktrees, resolving merge conflicts in diverged branches, and reconciling branch state across multiple repositories.
git-worktree-cleanup-and-branch-hygiene
Systematic approach to cleaning up stale git worktrees, orphan branches, and branch hygiene at scale across multiple repos
exclude-wiki-Codex-md-from-harness-line-limit-hook
Fix false-positive pre-commit failures where workspace-hub's AGENTS.md line-limit hook blocks edits to auto-generated wiki schema files under knowledge/wikis/.