@wipcomputer/wip-branch-guard
Advanced tools
Branch guard with PreToolUse blocking (main branch write protection), SessionStart warning (main-CWD detection after compaction), onboarding-before-first-write gate, equivalent-action bypass tracking, and external-PR create guard.
PreToolUse hook that enforces branch discipline, blocks destructive commands, requires repo onboarding before first write, tracks blocked-file retries, and gates PR creation against external repos. Same logic ships as a Claude Code hook and as an OpenClaw plugin.
See INSTALL.md for hook registration in ~/.claude/settings.json (PreToolUse + SessionStart entries).
~/.claude/plans/, ~/.openclaw/workspace/, ~/.ldm/extensions/, etc.) are always allowed.git clean -f, git reset --hard, git stash drop/pop/clear, git checkout -- <path>, python -c "open().write()", node -e "writeFile()", --no-verify, and git push --force without --force-with-lease.README.md, CLAUDE.md, and any *RUNBOOK*.md / *LANDMINES*.md / WORKFLOW*.md at repo root before the first write.Edit X denied → cat > X via Bash as an equivalent-action bypass.gh pr create against non-wipcomputer repos without explicit LDM_GUARD_UPSTREAM_PR_APPROVED operator authorization.See SKILL.md for full layer details, override semantics, per-session state shape, and the installer-as-escape-hatch recovery path.
bash test.sh
Expected: 95 pass, 0 fail, 8 skip (on-main-branch cases that only run when the test-runner CWD is on main).
guard.mjs ... PreToolUse + SessionStart handler, all logic inlined (zero runtime dependencies)test.sh ... 95+ regression cases including cross-session state isolationpackage.json ... npm metadata + hook registration manifest~/.claude/settings.jsonMIT for tool usage; AGPLv3 for commercial redistribution, marketplace listings, or bundling into paid services. See LICENSE and CLA.md in this directory, and the parent repo's dual-license model for full context.
Built by Parker Todd Brooks, Lēsa (OpenClaw, Claude Opus 4.7), Claude Code (Claude Opus 4.7).
FAQs
Branch guard with PreToolUse blocking (main branch write protection), SessionStart warning (main-CWD detection after compaction), onboarding-before-first-write gate, equivalent-action bypass tracking, and external-PR create guard.
We found that @wipcomputer/wip-branch-guard demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
A malicious NuGet package impersonating Sicoob exfiltrated client IDs, PFX passwords, and banking certificates through Sentry telemetry.
Security News
Feross Aboukhadijeh joins TBPN to discuss Socket's $60M Series C, 500%+ ARR growth, AI's impact on open source, and the rise in supply chain attacks.
Security News
OSV withdrew 157 OSV malware reports after automated false positives incorrectly flagged trusted npm and PyPI packages, sending bad records into tools that rely on OSV data.