How do I add AI-powered checks to my git pre-commit hooks?

Question

Accepted Answer

## What git hooks are Git hooks are shell scripts that git runs automatically at specific points in the workflow. The `pre-commit` hook runs before git records a commit — if the script exits with a non-zero status, the commit is blocked. ## The pre-commit framework Managing raw shell scripts in `.git/hooks/` is fragile and not portable. The [pre-commit framework](https://pre-commit.com/) solves this with a declarative YAML config that is committed to the repo and shared by everyone. ```bash pip install pre-commit pre-commit install ``` Create `.pre-commit-config.yaml` in your repo root. Every developer who clones the repo and runs `pre-commit install` gets the same hooks. ## Useful AI-adjacent hooks ### Gitleaks — secret detection [Gitleaks](https://github.com/gitleaks/gitleaks) scans staged changes for API keys, tokens, private keys, and passwords across 160+ patterns. ```yaml repos: - repo: https://github.com/gitleaks/gitleaks rev: v8.24.0 hooks: - id: gitleaks ``` ### Semgrep — static analysis [Semgrep](https://semgrep.dev) runs static analysis rules against staged files, catching SQL injection patterns, unsafe deserialization, and framework-specific antipatterns. ```yaml - repo: https://github.com/semgrep/pre-commit rev: v1.115.0 hooks: - id: semgrep args: ["--config", "p/default", "--error"] ``` ## A complete example config ```yaml # .pre-commit-config.yaml repos: - repo: https://github.com/pre-commit/pre-commit-hooks rev: v5.0.0 hooks: - id: detect-private-key - id: check-merge-conflict - id: check-added-large-files args: ["--maxkb=1000"] - id: no-commit-to-branch args: ["--branch", "main"] - repo: https://github.com/gitleaks/gitleaks rev: v8.24.0 hooks: - id: gitleaks - repo: https://github.com/semgrep/pre-commit rev: v1.115.0 hooks: - id: semgrep args: ["--config", "p/default", "--error", "--skip-unknown-extensions"] ``` Run all hooks against every file to verify the setup: ```bash pre-commit run --all-files ``` ## The golden rule: hooks must be fast If a pre-commit hook takes longer than 5 seconds, developers will bypass it with `git commit --no-verify`. Run hooks only on staged files, avoid network calls, and move heavy AI analysis to CI. For a full walkthrough including CI integration, see [deployhq.com/git/ai-git-hooks](https://deployhq.com/git/ai-git-hooks).