Git hooks are shell scripts that Git calls at specific points in your workflow — before a commit is recorded, after a push, before a rebase. The `pre-commit` hook is the most useful of the bunch: it runs every time a developer types `git commit`, and if it exits with a non-zero status the commit is aborted. That makes it the ideal place to enforce standards automatically. Traditional pre-commit hooks run linters and formatters. That is valuable, but it is mechanical — a linter can tell you that a variable is unused, but it cannot tell you that a function is misleading, a secret has been encoded in base64, or that a commit message says nothing useful. Adding AI to this layer gives you intelligent, context-aware checks that go beyond pattern matching. ## Git Hook Basics Hooks live in the `.git/hooks/` directory of every repository. Activate one by removing the `.sample` extension and making it executable. A minimal pre-commit hook: ```bash #!/bin/bash # .git/hooks/pre-commit npm run lint && npm test exit $? ``` If either command fails, the exit code will be non-zero and the commit will not proceed. The limitation: `.git/hooks/` is not tracked by version control, so every developer has to set it up manually. That is where the pre-commit framework comes in. ## The pre-commit Framework [pre-commit](https://pre-commit.com) is the standard tool for managing Git hooks across a team. It is language-agnostic, shareable via version control, and handles installing hook dependencies in isolated environments. ```bash pip install pre-commit pre-commit install ``` Define your hooks in `.pre-commit-config.yaml` at the root of the repository: ```yaml # .pre-commit-config.yaml repos: - repo: https://github.com/pre-commit/pre-commit-hooks rev: v4.5.0 hooks: - id: trailing-whitespace - id: end-of-file-fixer - id: check-yaml - id: check-added-large-files - repo: https://github.com/gitleaks/gitleaks rev: v8.18.2 hooks: - id: gitleaks ``` This file goes into version control. Every developer who runs `pre-commit install` after cloning gets the same hooks automatically. ## AI-Powered Pre-Commit Use Cases ### Secret and Credential Detection **Gitleaks** uses pattern matching to catch API keys, tokens, and passwords before they are committed. AI-enhanced detection goes further — flagging secrets that have been encoded, split across strings, or obfuscated in ways that patterns miss: ```yaml - repo: https://github.com/gitleaks/gitleaks rev: v8.18.2 hooks: - id: gitleaks args: ['--verbose'] ``` When a developer commits a file containing a high-entropy string matching a known secret pattern, Gitleaks blocks the commit and shows exactly which line triggered the detection. ### Commit Message Quality A lightweight hook can enforce minimum message standards without calling an external API: ```python # check-commit-msg.py import sys msg = open(sys.argv[1]).read().strip() vague = {'fix', 'update', 'changes', 'wip', 'misc'} if len(msg) < 20: print("Error: Commit message too short. Aim for at least 20 characters.") sys.exit(1) if msg.lower().rstrip(".") in vague: print(f"Error: Commit message {msg} is too vague.") sys.exit(1) sys.exit(0) ``` ### Code Review in CI, Not Locally Calling an LLM API on every local commit is slow and expensive — developers will bypass hooks that take more than five seconds. The right architecture: fast, local checks in the pre-commit hook, and heavier AI-powered review in CI. Tools like CodeRabbit and Sourcery integrate into pull request workflows, posting AI review comments asynchronously without blocking local commits. **The golden rule: if pre-commit hooks take more than five seconds, they will be bypassed.** ## Husky for Node.js Projects For JavaScript or TypeScript projects, **Husky** is the most widely used alternative to the pre-commit framework: ```bash npm install --save-dev husky npx husky init ``` Edit the generated `.husky/pre-commit` file: ```bash #!/bin/sh npm run lint npm run typecheck ``` Husky hooks are tracked under `.husky/` and activated automatically when a developer runs `npm install`. ## AI-Powered Tools for the Pipeline - **Trunk** — AI-powered code quality platform consolidating linters, formatters, and security scanners into a single pre-commit workflow - **Semgrep** — fast static analysis with AI-assisted rule writing; teams write rules in plain English and Semgrep generates the pattern - **CodeClimate** — code quality and maintainability platform for CI/CD gates, analysing coverage, complexity, and duplication None require calling an LLM in the critical path of a local commit. ## Balancing Thoroughness and Speed - Aim for **under five seconds** for local hooks - Move heavy analysis to CI - Let developers opt into heavier local checks via environment variable: ```bash #!/bin/bash npm run lint if [ "$FULL_LOCAL_CHECKS" = "true" ]; then npm test npx semgrep --config=auto . fi exit 0 ``` ## Sharing Hooks Across the Team The `.pre-commit-config.yaml` file belongs in version control. Updates to hooks are distributed through normal code review. For Node.js teams using Husky, the `.husky/` directory and `prepare` script in `package.json` serve the same role — `npm install` activates hooks automatically. ## Deploying with Confidence Using DeployHQ Pre-commit hooks are your first line of defence. [DeployHQ](https://deployhq.com) is your second. When code has already passed local hooks and CI checks before reaching a deployment trigger, you deploy knowing the build has been validated at every stage. DeployHQ supports branch-based deployments and environment-specific pipelines — configure staging to deploy on every merge to `main` and production to deploy only from tagged releases, ensuring only thoroughly checked code reaches your servers.