feat(ops): session-start hook — install deps and enforce branch naming#984
Conversation
…naming
Adds a Claude Code remote session-start hook that:
- Installs npm dependencies at session start so linters and tests are ready
- Detects auto-generated claude/ prefixed branches (forbidden by CLAUDE.md)
and renames them to chore/session-{hash} with a prominent action-required
notice to rename to a meaningful {type}/{scope}-{title} branch before work
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01RjsaYw9xviBvDkgSAEsQsc
|
Warning Review limit reached
More reviews will be available in 22 minutes and 31 seconds. Learn how PR review limits work. Your organization has run out of usage credits. Purchase more credits in the billing tab to continue. ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits. 🚦 How do rate limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan refill rate. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, the refill rate gradually slows as usage increases. The highest same-day bursts are limited more strictly. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Repository YAML (base), Organization UI (inherited) Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (3)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
✅ Template check passed after update. Thanks for fixing the PR description. |
🔍 Reviewer Summary for PR #984CI Status: ✅ Recommendations
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a session-start hook for Claude Code remote sessions, which installs npm dependencies and automatically renames forbidden claude/ branches to chore/session-{hash}. The feedback suggests correcting a redundant nested array structure in the settings schema, using npm ci instead of npm install for reproducible builds, handling branch names without hyphens to ensure the forbidden prefix is correctly stripped, and gracefully handling remote push failures to prevent blocking the session startup.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
| "SessionStart": [ | ||
| { | ||
| "hooks": [ | ||
| { | ||
| "type": "command", | ||
| "command": "$CLAUDE_PROJECT_DIR/.claude/hooks/session-start.sh" | ||
| } | ||
| ] | ||
| } | ||
| ] |
There was a problem hiding this comment.
The nested hooks array inside SessionStart is redundant and does not match the standard Claude Code settings schema. It should directly contain the hook command object.
"SessionStart": [
{
"type": "command",
"command": "$CLAUDE_PROJECT_DIR/.claude/hooks/session-start.sh"
}
]| # ── 1. Install npm dependencies ────────────────────────────────────────────── | ||
| echo "==> Installing npm dependencies..." | ||
| cd "${CLAUDE_PROJECT_DIR:-.}" | ||
| npm install --prefer-offline --no-fund --no-audit 2>&1 |
There was a problem hiding this comment.
Using npm install in automated hooks can modify the package-lock.json file and lead to dependency drift. It is highly recommended to use npm ci instead, which is faster, cleaner, and guarantees reproducible installations from the lockfile.
| npm install --prefer-offline --no-fund --no-audit 2>&1 | |
| npm ci --prefer-offline --no-fund --no-audit 2>&1 |
| HASH_SUFFIX="${CURRENT_BRANCH##*-}" | ||
| NEW_BRANCH="chore/session-${HASH_SUFFIX}" |
There was a problem hiding this comment.
If the auto-generated branch name does not contain a hyphen (e.g., claude/test), ${CURRENT_BRANCH##*-} will evaluate to the entire branch name. This results in NEW_BRANCH being chore/session-claude/test, which still contains the forbidden claude/ prefix. Handling the absence of a hyphen ensures the prefix is always correctly stripped.
| HASH_SUFFIX="${CURRENT_BRANCH##*-}" | |
| NEW_BRANCH="chore/session-${HASH_SUFFIX}" | |
| if [[ "$CURRENT_BRANCH" == *-* ]]; then | |
| HASH_SUFFIX="${CURRENT_BRANCH##*-}" | |
| else | |
| HASH_SUFFIX="${CURRENT_BRANCH#claude/}" | |
| fi | |
| NEW_BRANCH="chore/session-${HASH_SUFFIX}" |
|
|
||
| # Push the new branch name to origin and delete the old remote branch. | ||
| # Use || true on the delete so a pre-deleted remote branch doesn't fail the hook. | ||
| git push -u origin "${NEW_BRANCH}" |
There was a problem hiding this comment.
If the remote push fails (e.g., due to network issues, lack of write permissions, or missing remote configuration), the script will exit with an error due to set -e, which might block the Claude session from starting. It is safer to handle push failures gracefully.
| git push -u origin "${NEW_BRANCH}" | |
| git push -u origin "${NEW_BRANCH}" || echo "==> Warning: Could not push the new branch to origin." |
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01RjsaYw9xviBvDkgSAEsQsc
…in session hook - Add fallback for branch names without hyphens (e.g. claude/test) to strip the prefix correctly rather than producing chore/session-claude/test - Make the origin push non-fatal so network failures don't block session startup Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01RjsaYw9xviBvDkgSAEsQsc
Signed-off-by: Ash Shaw <ashley@lightspeedwp.agency>
github-actions
Bot
added
status:needs-review
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 62448ff2d9
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| { | ||
| "hooks": { | ||
| "SessionStart": [ | ||
| { |
There was a problem hiding this comment.
The hook group has no matcher, and the Claude Code hook reference says an omitted matcher fires for every SessionStart source, including clear and compact (https://code.claude.com/docs/en/hooks#sessionstart). In a remote session, /clear or automatic compaction will therefore rerun npm install instead of only initial setup, which can stall the agent and potentially dirty the worktree mid-task; scope this group to startup or startup|resume if that is the intended lifecycle.
Useful? React with 👍 / 👎.
| # ── 1. Install npm dependencies ────────────────────────────────────────────── | ||
| echo "==> Installing npm dependencies..." | ||
| cd "${CLAUDE_PROJECT_DIR:-.}" | ||
| npm install --prefer-offline --no-fund --no-audit 2>&1 |
There was a problem hiding this comment.
Because set -e is active, any npm install failure here, such as a registry, cache, or lockfile issue, exits before the branch-rename block runs. The Claude Code hook reference describes SessionStart as context-only with no blocking decision control (https://code.claude.com/docs/en/hooks#sessionstart-decision-control), so the session continues on the forbidden claude/* branch instead of being stopped; move the rename before dependency installation or make install failures non-fatal.
Useful? React with 👍 / 👎.
…urces Two fixes from Codex review: - Move branch rename before npm install so a failing install never leaves the session on a forbidden claude/ branch (set -e would exit early) - Read source from stdin and exit early on clear/compact events so npm install does not re-run unnecessarily mid-session Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01RjsaYw9xviBvDkgSAEsQsc
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01RjsaYw9xviBvDkgSAEsQsc
github-actions
Bot
added
type:chore
|
@Mergifyio queue |
Merge Queue Status
Waiting for
All conditions
|
3 participants
Chore Pull Request
Linked issues
Relates to #984 — no separate issue; this is a self-contained ops improvement tracked in this PR.
Summary
Adds a Claude Code remote session-start hook that automatically installs npm dependencies and renames auto-generated
claude/prefixed branches (explicitly forbidden byCLAUDE.md) to validchore/session-{hash}names before any work begins.Changes
.claude/hooks/session-start.sh— detectsclaude/branch prefix, renames locally and on origin tochore/session-{hash}, prints action-required banner to rename further before committing. Handles branch names without hyphens; push failures are non-fatal so they don't block session startup..claude/settings.json— registers the hook underSessionStartCHANGELOG.mdwith entry under[Unreleased] > AddedImpact / Compatibility
claude/branches at startupVerification
claude/admiring-mendel-nqdk8j→chore/session-nqdk8jsuccessfullychore/session-nqdk8jpassesnpm run validate:branch-nameRisk & Rollback
.claude/hooks/session-start.shand.claude/settings.jsonChangelog
Added
.claude/hooks/session-start.shand.claude/settings.jsonto install npm dependencies and auto-rename auto-generatedclaude/prefixed branches (forbidden byCLAUDE.md) to validchore/session-{hash}names at the start of every remote session. Prevents forbidden branch names from ever reaching a commit and reduces manual cleanup overhead. (#984)Checklist (Global DoD / PR)
CHANGELOG.mdupdated)🤖 Generated with Claude Code
https://claude.ai/code/session_01RjsaYw9xviBvDkgSAEsQsc