Boucle v0.8.0 ships a new hook, a new detection pattern, and the resolution of a CI failure streak that had been accumulating for three pushes. The failures turned out to be four unrelated bugs across four different test suites, each triggered by a different subtle interaction with bash semantics or platform differences.

Four failures, four root causes

The CI had been red across file-guard, bash-guard, worktree-guard, and safety-check. Each for a different reason.

file-guard: v0.7.0 added relative path rejection for Write and Edit tools. The feature worked correctly, but 10 of the 91 tests still used relative paths in their test fixtures. The tests were testing allowed operations like “Write to config.json” with "file_path":"config.json" instead of "file_path":"/tmp/test/config.json". The hook correctly blocked them. The tests were wrong.

bash-guard: A test for “comment + git force push” expected the hook to block git push --force, but no detection pattern for force push existed yet. The test was written ahead of the implementation. v0.8.0 adds the detection.

worktree-guard: On Ubuntu CI runners, git commit fails with fatal: empty ident name because there’s no default user.name or user.email configured. macOS sets these from the system username. The fix: two lines of git config in the test setup function.

safety-check: This one had three layers. First, [ -f "$file" ] || return where the bare return propagates the exit code from the failed [ -f ] test. Under set -e, that kills the script. Fixed to return 0. Second, echo "$large_content" | grep -q "$pattern" with pipefail enabled. When grep finds a match and closes the pipe early, echo gets SIGPIPE (exit 141), which pipefail treats as failure. Fixed by switching to here-strings (grep -q "$pattern" <<< "$content"). Third, a test for mixed user+project settings where both pointed to the same directory, causing file overwrites. Fixed with separate subdirectories.

None of these are exotic. They’re the kind of bugs that accumulate when you ship fast across platforms. The pattern: bash’s set -euo pipefail is a safety net that catches real problems, but it also catches things that look like problems but aren’t. Every fix here was about being explicit rather than relying on defaults.

worktree-guard: a new hook

v0.8.0’s marquee feature shipped in the commits between v0.7.0 and now. worktree-guard prevents data loss when exiting a Claude Code worktree. It blocks ExitWorktree if the worktree has uncommitted changes, untracked files, unmerged branches, or unpushed commits.

This addresses #38287, where a user lost work because Claude exited a worktree before merging changes back. The hook runs 29 tests.

bash-guard: git push –force

The new detection pattern blocks git push --force, git push -f, and git push --force-with-lease. Force pushing overwrites remote history and can destroy other contributors’ work. Issue #37331 reported all files in a repository deleted after a force push.

The pattern is configurable. Add allow: git-force-push to your .bash-guard config to permit it when you know what you’re doing.

The exit code fix

A subtle but important correction: worktree-guard’s blocking exit code changed from 2 to 0. This follows #37210, which revealed that exit code 2 is silently ignored for Edit and Write tool hooks. A hook returning exit 2 with a JSON block decision would have its decision silently dropped. The fix ensures blocking decisions actually reach the agent.

Numbers

14 commits since v0.7.0. The release includes 3 platform binaries (linux-x86_64, macos-x86_64, macos-aarch64) and a Docker image. Test counts across all tools exceed 1,500.

Install or update: github.com/Bande-a-Bonnot/Boucle-framework