From 2bdd72a11e3c849be666009ddb7d127ca628aba8 Mon Sep 17 00:00:00 2001 From: Ethan Date: Wed, 22 Apr 2026 16:02:27 -0700 Subject: [PATCH] fix: follow origin/HEAD in pre-commit hook instead of hardcoding base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Codex flagged that .husky/pre-commit hardcoded --base=origin/main while CI uses a dynamic base (github.base_ref || default_branch), so if the repo ever changes its default branch or a PR targets a non-default branch, the hook and CI would audit different diffs — the same false-green risk the --base pin was meant to eliminate. Replace the hardcoded ref with `git symbolic-ref --short refs/remotes/origin/HEAD`, which returns the actual default branch (origin/main, origin/staging, etc.) set by `git clone`. The hook now adapts to whatever the repo defaults to. Non-default-target PRs (a feature branch explicitly targeting staging while origin defaults to main, etc.) will still diff differently locally than CI will — that is inherent to pre-commit since the eventual PR target is not known until push time. Co-Authored-By: Claude Opus 4.7 (1M context) --- .husky/pre-commit | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/.husky/pre-commit b/.husky/pre-commit index e91fc5b..224658c 100755 --- a/.husky/pre-commit +++ b/.husky/pre-commit @@ -1,14 +1,19 @@ #!/usr/bin/env sh # Fallow gate: block commits that introduce new complexity or duplication -# beyond the frozen baselines in .fallow/. Matches CI's --base argument -# exactly (origin/main) so audit scopes to the same diff here and in -# CI; auto-detection can pick a different ref when origin/main is -# stale or when multiple remotes are configured, giving false-green -# locally. If origin/main is behind, run `git fetch origin main` first. -# To lower a baseline, refactor the flagged code and regenerate: +# beyond the frozen baselines in .fallow/. Mirrors CI's --base selection +# by following origin/HEAD (the repo's actual default branch), so the +# hook adapts if the default changes and doesn't silently diverge from +# the CI step's `github.base_ref || default_branch` fallback. +# Non-default-target PRs (e.g. a branch targeting staging while origin +# defaults to main) will diff differently here than CI will — that's +# inherent to pre-commit since the eventual PR target isn't known yet. +# If origin/ is behind, run `git fetch` first. To lower a +# baseline, refactor the flagged code and regenerate: # npx fallow health --save-baseline=.fallow/health-baseline.json # npx fallow dupes --save-baseline=.fallow/dupes-baseline.json +BASE=$(git symbolic-ref --short refs/remotes/origin/HEAD 2>/dev/null) +BASE=${BASE:-origin/main} npx fallow audit \ --health-baseline=.fallow/health-baseline.json \ --dupes-baseline=.fallow/dupes-baseline.json \ - --base=origin/main + --base="$BASE"