Summary
The PreToolUse(Bash) hook scripts/commit-validate.js blocks any git commit -m ... whose message doesn't match Conventional Commits format and is <= 72 chars (exits code 2, so the commit is rejected). The valid types, the regex, and MAX_SUMMARY = 72 are all hardcoded constants at the top of the file.
There is currently no first-party way to disable or configure this:
config.json ships a quality_gates/wrap_up structure but nothing reads config.json (grep -r config.json scripts/ src/ returns nothing), so it can't gate this behavior.- Nothing in the README,
docs/settings-guide.md, or the other docs documents an opt-out.
- Claude Code itself offers no per-hook disable — user/project
settings.json hooks don't override plugin hooks, and permission allow-rules don't bypass PreToolUse hooks. So a user's only options today are disabling the entire plugin (/plugin disable), disableAllHooks: true (which also kills secret-scan, git-blast-radius, etc.), or editing your plugin files (overwritten on update).
For repos that don't use Conventional Commits, this means every git commit -m is rejected with no supported escape hatch.
Request
Give commit-validate an opt-out / config knob, consistent with the pattern you already use elsewhere. You already do exactly this in scripts/git-blast-radius.js:
if (process.env.PRO_WORKFLOW_ALLOW_UNSAFE_GIT === '1') process.exit(0);
A matching env var would be the minimal fix, e.g. near the top of commit-validate.js:
if (process.env.PRO_WORKFLOW_SKIP_COMMIT_VALIDATE === '1') process.exit(0);
Ideally, also let the allowed types / max summary length be configured (and have the hooks actually read config.json, since it's shipped but currently inert).
Notes
- Not asking to weaken the secret-scan or git-blast-radius guards — just to make the commit format enforcement opt-out-able, since commit style is a project convention, not a safety issue.
Summary
The
PreToolUse(Bash)hookscripts/commit-validate.jsblocks anygit commit -m ...whose message doesn't match Conventional Commits format and is<= 72chars (exits code2, so the commit is rejected). The valid types, the regex, andMAX_SUMMARY = 72are all hardcoded constants at the top of the file.There is currently no first-party way to disable or configure this:
config.jsonships aquality_gates/wrap_upstructure but nothing readsconfig.json(grep -r config.json scripts/ src/returns nothing), so it can't gate this behavior.docs/settings-guide.md, or the other docs documents an opt-out.settings.jsonhooks don't override plugin hooks, and permission allow-rules don't bypassPreToolUsehooks. So a user's only options today are disabling the entire plugin (/plugin disable),disableAllHooks: true(which also kills secret-scan, git-blast-radius, etc.), or editing your plugin files (overwritten on update).For repos that don't use Conventional Commits, this means every
git commit -mis rejected with no supported escape hatch.Request
Give
commit-validatean opt-out / config knob, consistent with the pattern you already use elsewhere. You already do exactly this inscripts/git-blast-radius.js:A matching env var would be the minimal fix, e.g. near the top of
commit-validate.js:Ideally, also let the allowed types / max summary length be configured (and have the hooks actually read
config.json, since it's shipped but currently inert).Notes