Problem
Today boundaries are enforced purely retrospectively: Copilot runs freely for 10 minutes, creates a PR, then verify flags violations. Copilot can blow through every NOT-in-scope path and burn 1000s of tokens before we say anything.
Why it matters
Retrospective enforcement wastes tokens, produces PRs that need rewrites, and makes the amend flow more common than it should be.
Approach
Option A: pre-commit hook
When `ghcp-worktree.ts add` creates the worktree, install a `.git/hooks/pre-commit` that:
- Reads the metadata block from `.gstack/ghcp-handoff/.md`
- Runs the same boundary check as verify against the staged diff
- Aborts the commit with a clear message if any file matches a NOT-in-scope glob
Copilot will see the commit failure and course-correct in-session.
Option B: real-time JSONL monitor
If G1 (streaming) lands, watch Copilot's tool-call events and kill the process when it touches a forbidden path. More intrusive but catches earlier.
Option A is cheaper to implement and probably sufficient.
Related: G15 (forbidden-deps).
Review reference
Adversarial review G14
Problem
Today boundaries are enforced purely retrospectively: Copilot runs freely for 10 minutes, creates a PR, then verify flags violations. Copilot can blow through every NOT-in-scope path and burn 1000s of tokens before we say anything.
Why it matters
Retrospective enforcement wastes tokens, produces PRs that need rewrites, and makes the amend flow more common than it should be.
Approach
Option A: pre-commit hook
When `ghcp-worktree.ts add` creates the worktree, install a `.git/hooks/pre-commit` that:
Copilot will see the commit failure and course-correct in-session.
Option B: real-time JSONL monitor
If G1 (streaming) lands, watch Copilot's tool-call events and kill the process when it touches a forbidden path. More intrusive but catches earlier.
Option A is cheaper to implement and probably sufficient.
Related: G15 (forbidden-deps).
Review reference
Adversarial review G14