Feat (Phase 3): Implement Git hook integration and pre-commit framework support

.pre-commit-hooks.yaml

@@ -0,0 +1,5 @@
+- id: commitguard
+  name: CommitGuard vulnerability scan
+  entry: commitguard scan --staged --format text --fail-on-vulnerable
+  language: python
+  types: [python, c, cpp]

commitguard_env/cli.py

@@ -67,6 +67,19 @@ def cmd_eval(args):
     subprocess.run(cmd, check=True)
 
 
+def cmd_hook(args):
+    from .hooks import install_hook
+    
+    if args.action == "install":
+        if args.pre_commit:
+            install_hook("pre-commit")
+        elif args.pre_push:
+            install_hook("pre-push")
+        else:
+            print("Please specify a hook type to install (e.g., --pre-commit or --pre-push)")
+            sys.exit(1)
+
+
 def main():
     parser = argparse.ArgumentParser(description="CommitGuard AI-paced security review")
     subparsers = parser.add_subparsers(dest="command", required=True)
@@ -94,6 +107,12 @@ def main():
     eval_parser = subparsers.add_parser("eval", help="Run the evaluation harness")
     eval_parser.add_argument("eval_args", nargs=argparse.REMAINDER, help="Arguments passed to evaluate.py")
 
+    # 'hook' subcommand
+    hook_parser = subparsers.add_parser("hook", help="Manage git hooks")
+    hook_parser.add_argument("action", choices=["install"], help="Action to perform (e.g., install)")
+    hook_parser.add_argument("--pre-commit", action="store_true", help="Install pre-commit hook")
+    hook_parser.add_argument("--pre-push", action="store_true", help="Install pre-push hook")
+
     args = parser.parse_args()
 
     if args.command == "scan":
@@ -102,6 +121,8 @@ def main():
         cmd_server(args)
     elif args.command == "eval":
         cmd_eval(args)
+    elif args.command == "hook":
+        cmd_hook(args)
 
 if __name__ == "__main__":
     main()

commitguard_env/hooks.py

@@ -0,0 +1,50 @@
+import os
+import stat
+import sys
+from pathlib import Path
+
+PRE_COMMIT_SCRIPT = """#!/bin/sh
+# CommitGuard pre-commit hook
+echo "Running CommitGuard scan on staged changes..."
+commitguard scan --staged --format text --fail-on-vulnerable
+if [ $? -ne 0 ]; then
+    echo "CommitGuard found vulnerabilities! Commit aborted."
+    exit 1
+fi
+"""
+
+PRE_PUSH_SCRIPT = """#!/bin/sh
+# CommitGuard pre-push hook
+echo "Running CommitGuard scan on commits to be pushed..."
+while read local_ref local_sha remote_ref remote_sha
+do
+    if [ "$local_sha" != "0000000000000000000000000000000000000000" ]; then
+        commitguard scan --commit $local_sha --format text --fail-on-vulnerable
+        if [ $? -ne 0 ]; then
+            echo "CommitGuard found vulnerabilities in $local_sha! Push aborted."
+            exit 1
+        fi
+    fi
+done
+"""
+
+def install_hook(hook_type: str):
+    git_dir = Path(".git")
+    if not git_dir.exists() or not git_dir.is_dir():
+        print("Error: .git directory not found. Please run this command from the root of a git repository.")
+        sys.exit(1)
+
+    hooks_dir = git_dir / "hooks"
+    hooks_dir.mkdir(exist_ok=True)
+
+    hook_path = hooks_dir / hook_type
+    script_content = PRE_COMMIT_SCRIPT if hook_type == "pre-commit" else PRE_PUSH_SCRIPT
+
+    with open(hook_path, "w", encoding="utf-8") as f:
+        f.write(script_content)
+
+    # Make it executable
+    st = os.stat(hook_path)
+    os.chmod(hook_path, st.st_mode | stat.S_IEXEC)
+    
+    print(f"Successfully installed {hook_type} hook at {hook_path}")