From bb7c2ee017da08c54cec47000c785ac9416a9114 Mon Sep 17 00:00:00 2001
From: Henrik Brodin <90325907+hbrodin@users.noreply.github.com>
Date: Thu, 2 Apr 2026 11:17:11 +0200
Subject: [PATCH 1/2] fix: narrow git push hook regex to match whole ref
 targets only

Fixes #46

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 settings.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/settings.json b/settings.json
index 2aa8d9b9..2fff78cc 100644
--- a/settings.json
+++ b/settings.json
@@ -57,7 +57,7 @@
           },
           {
             "type": "command",
-            "command": "CMD=$(jq -r '.tool_input.command'); if echo \"$CMD\" | grep -qE 'git[[:space:]]+push.*(main|master)'; then echo 'BLOCKED: Use feature branches, not direct push to main' >&2; exit 2; fi"
+            "command": "CMD=$(jq -r '.tool_input.command'); if echo \"$CMD\" | grep -qE 'git[[:space:]]+push[[:space:]].*([[:space:]]|:|/|\\+)(main|master)([[:space:]]|$)'; then echo 'BLOCKED: Use feature branches, not direct push to main' >&2; exit 2; fi"
           }
         ]
       }

From 6c20c5f2967d281f4d46dd63018824efb82d1d97 Mon Sep 17 00:00:00 2001
From: Henrik Brodin <90325907+hbrodin@users.noreply.github.com>
Date: Thu, 2 Apr 2026 11:26:08 +0200
Subject: [PATCH 2/2] fix: simplify separator to POSIX-portable character class
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Use [[:space:]:/+] instead of alternation group with \+ —
unambiguously literal in all POSIX ERE implementations.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 settings.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/settings.json b/settings.json
index 2fff78cc..6ada9397 100644
--- a/settings.json
+++ b/settings.json
@@ -57,7 +57,7 @@
           },
           {
             "type": "command",
-            "command": "CMD=$(jq -r '.tool_input.command'); if echo \"$CMD\" | grep -qE 'git[[:space:]]+push[[:space:]].*([[:space:]]|:|/|\\+)(main|master)([[:space:]]|$)'; then echo 'BLOCKED: Use feature branches, not direct push to main' >&2; exit 2; fi"
+            "command": "CMD=$(jq -r '.tool_input.command'); if echo \"$CMD\" | grep -qE 'git[[:space:]]+push[[:space:]].*[[:space:]:/+](main|master)([[:space:]]|$)'; then echo 'BLOCKED: Use feature branches, not direct push to main' >&2; exit 2; fi"
           }
         ]
       }