fix: fix: guard blocks merge injection — Claude closes issue without merging (#344)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-20 07:37:32 +00:00 · 2026-03-20 07:37:32 +00:00 · 6f30614dda
commit 6f30614dda
parent b78b22d830
3 changed files with 76 additions and 27 deletions
--- a/lib/hooks/on-pretooluse-guard.sh
+++ b/lib/hooks/on-pretooluse-guard.sh
@ -6,6 +6,7 @@
 # - git push --force / -f to primary branch
 # - rm -rf targeting paths outside the worktree
 # - Direct Codeberg API merge calls (should go through phase protocol)
+# - Direct issue close calls (should go through phase protocol)
 # - git checkout / git switch to primary branch (stay on feature branch)
 #
 # Usage (in .claude/settings.json):
@ -68,6 +69,14 @@ if printf '%s' "$command_str" | grep -qE '/pulls/[0-9]+/merge'; then
  exit 2
 fi

+# --- Guard 5: Direct issue close calls ---
+# Defense in depth: Claude should never close issues directly — the orchestrator
+# closes issues after a successful merge via the phase protocol.
+if printf '%s' "$command_str" | grep -qE '/issues/[0-9]+.*state.*closed'; then
+  printf 'BLOCKED: Closing issues must go through the phase protocol. Write PHASE:done — the orchestrator closes issues after merge.\n'
+  exit 2
+fi
+
 # --- Guard 4: checkout/switch to primary branch ---
 # Blocks: git checkout main, git switch main, git switch --detach main, etc.
 # Allows: git checkout -b branch main, git checkout -- file