The Machine: Ensure we don't run Stop hook without changes

[stack72]

No description provided.

[github-actions]

Approved

Clean, well-structured change. The four-way change detection (committed vs origin/main, unstaged, staged, untracked) correctly covers all cases where files could have been modified. The fallback to run verification when origin/main can't be resolved is the right safe default.

CLAUDE.md compliance: ✅ No issues — .sh files don't require license headers, no import boundary concerns, no domain code requiring DDD review.

No blocking issues found.

Minor suggestion (non-blocking)

• If origin/main hasn't been fetched recently, the HEAD vs origin/main comparison could be stale. In practice this is fine since the fallback runs full verification, but a comment noting this assumption could help future readers.

[github-actions]

Adversarial Review

Critical / High

None found.

Medium

1. .claude/hooks/stop-verify.sh:11 — git diff HEAD origin/main fails if HEAD is unborn (empty repo with no commits)
   • If this script runs in a freshly git init'd repo with origin/main set but no local commits, git diff --quiet HEAD origin/main will fail with fatal: ambiguous argument 'HEAD' because HEAD doesn't point to a valid commit. With set -e, this would terminate the script with a non-zero exit, potentially blocking Claude from completing.
   • Breaking example: git init && git remote add origin <url> && git fetch origin — now origin/main exists but HEAD is unborn. The rev-parse --verify origin/main guard passes, then the git diff HEAD origin/main crashes.
   • Suggested fix: Add git rev-parse --verify HEAD >/dev/null 2>&1 to the guard clause, or put the entire elif chain inside the if block that already validates origin/main.
   • Practical likelihood: Very low in a Claude Code session (you'd always have at least an initial commit), which is why this is Medium not High.

Low

1. Stale origin/main ref could cause unnecessary verification runs — If the local origin/main tracking ref is behind the actual remote (no recent git fetch), git diff HEAD origin/main may show spurious differences, causing verification to run unnecessarily. This is the safe direction (extra work, not skipped verification) and is inherent to any local-ref-based approach, so not actionable.

Verdict

PASS — The logic is correct for all realistic scenarios. The conditional structure properly handles the set -e interaction (conditionals are exempt), the fallback when origin/main is missing is safe (run verification), and all four change-detection checks (committed diff, unstaged, staged, untracked) cover the relevant categories. The unborn-HEAD edge case is theoretical in this context.