fix: all hooks respect bypass mode — no prompts in autonomous mode

Both guard-main-merge.sh and guard-branch-context.sh (local + templates)
now respect skipDangerousModePermissionPrompt. In bypass mode: no prompts
for edits, merges, or pushes. The agent follows best practices via
AGENTS.md instructions, not hook interruptions.

Restored auto-merge language in all agent config files (AGENTS.md,
CLAUDE.md, CONVENTIONS.md, .cursorrules, .windsurfrules, copilot-
instructions.md).

Author: vivek7405

AGENTS.md

@@ -65,8 +65,8 @@ using these defaults:**
 |---|---|---|
 | On `main`, need a branch | Auto-create `feature/<task-slug>` | Never pollute main |
 | Parent branch has new commits | Auto-rebase before starting | Avoid conflicts |
-| Ready to merge | **ALWAYS ask user** — merging is never autonomous | Merges are irreversible |
-| Delete branch after merge? | **ALWAYS ask user** — include in the merge prompt | User decides |
+| Ready to merge | Auto-merge, no prompt | User opted into full autonomy |
+| Delete branch after merge? | **Delete** feature/fix branches, **keep** long-lived (dev, staging, release/*) | Feature branches are disposable |
 | Commit message | Auto-generate meaningful message | Never ask "what should the message be?" |
 | Tests failing | Fix them, don't ask | User expects working code |
 | Convention violations | Fix them, don't ask | User expects clean code |

CLAUDE.md

@@ -18,7 +18,7 @@ and defines the AI-driven development workflow for the webjs framework itself.
 3. Verify the branch matches the task at hand
 
 **Autonomous mode (sandbox/bypass):** Don't ask questions. Auto-create
-branches, auto-rebase, auto-generate
+branches, auto-rebase, auto-merge + delete feature branches, auto-generate
 commit messages, fix failing tests and violations. Same quality bar.
 
 **Every change to this framework MUST include — automatically, without the

packages/cli/templates/.claude/hooks/guard-branch-context.sh

@@ -5,19 +5,20 @@
 # Fires before Edit and Write tool calls. If the current branch is `main`
 # or `master`, asks the user for confirmation before allowing file edits.
 #
-# This hook ALWAYS fires, even in bypass/dangerous mode. Editing on main
-# is a safety issue that should always be flagged — the agent should
-# create a feature branch first.
-#
-# Decision matrix:
-#   not a git repo            → allow
-#   detached HEAD             → allow
-#   branch is main/master     → ask (always, even in bypass mode)
-#   branch is anything else   → allow
+# Respects bypass/dangerous mode — user has opted into full autonomy.
 
 # Read the tool input from stdin
 INPUT=$(cat /dev/stdin)
 
+# Respect bypass/dangerous mode
+SETTINGS="$HOME/.claude/settings.json"
+if [ -f "$SETTINGS" ]; then
+  BYPASS=$(jq -r '.skipDangerousModePermissionPrompt // false' "$SETTINGS" 2>/dev/null)
+  if [ "$BYPASS" = "true" ]; then
+    exit 0
+  fi
+fi
+
 # Check if we're in a git repo
 if ! git rev-parse --is-inside-work-tree >/dev/null 2>&1; then
   exit 0
@@ -30,7 +31,7 @@ if [ -z "$BRANCH" ]; then
   exit 0
 fi
 
-# If on main or master, ask before allowing edits — ALWAYS, no bypass
+# If on main or master, ask before allowing edits
 if [ "$BRANCH" = "main" ] || [ "$BRANCH" = "master" ]; then
   jq -n --arg reason "guard-branch-context: You are on the '$BRANCH' branch. Create a feature branch before editing (e.g., git checkout -b feature/<name>). Approve to continue on '$BRANCH'." '{
     hookSpecificOutput: {

packages/cli/templates/.claude/hooks/guard-main-merge.sh

@@ -22,8 +22,14 @@ if [ -z "$COMMAND" ]; then
   exit 0
 fi
 
-# Merge guard NEVER respects bypass mode. Merging is irreversible and
-# always requires explicit user approval, regardless of settings.
+# Respect bypass/dangerous mode — user has opted into full autonomy.
+SETTINGS="$HOME/.claude/settings.json"
+if [ -f "$SETTINGS" ]; then
+  BYPASS=$(jq -r '.skipDangerousModePermissionPrompt // false' "$SETTINGS" 2>/dev/null)
+  if [ "$BYPASS" = "true" ]; then
+    exit 0
+  fi
+fi
 
 # Normalize whitespace so multi-line / heredoc commands match the same way.
 NORMALIZED=$(printf '%s' "$COMMAND" | tr -s '[:space:]' ' ')

packages/cli/templates/.cursorrules

@@ -20,7 +20,7 @@ FIRST, before writing any code:
 If running without interactive approval, auto-decide:
 - On main? Auto-create feature/<task-slug> branch
 - Parent has new commits? Auto-rebase before starting
-- Merge? ALWAYS ask user — merging is never autonomous, even in bypass mode
+- Merge? Auto-merge in autonomous mode, delete feature branches after
 - Commit message? Auto-generate (meaningful, no AI attribution)
 - Tests failing? Fix them. Convention violations? Fix them.
 Quality bar stays the same — just no blocking on questions.

packages/cli/templates/.github/copilot-instructions.md

@@ -16,7 +16,7 @@ FIRST, before writing any code:
 
 If running without interactive approval (sandbox, auto-approve, etc.):
 - On main? Auto-create feature/<task-slug> branch
-- Parent behind? Auto-rebase. Merge? ALWAYS ask user — never autonomous.
+- Parent behind? Auto-rebase. Merge? Auto-merge + delete feature branches.
 - Auto-generate meaningful commit messages. Fix tests and violations.
 
 ## Mandatory workflow

packages/cli/templates/.windsurfrules

@@ -16,7 +16,7 @@ FIRST, before writing any code:
 
 If running without interactive approval, auto-decide:
 - On main? Auto-create feature/<task-slug> branch
-- Parent behind? Auto-rebase. Merge? ALWAYS ask user — never autonomous.
+- Parent behind? Auto-rebase. Merge? Auto-merge + delete feature branches.
 - Auto-generate commit messages. Fix failing tests and violations.
 Quality bar stays the same — no blocking on questions.
 

packages/cli/templates/CONVENTIONS.md

@@ -52,8 +52,8 @@ When running without interactive approval, agents must NOT ask questions.
 Instead, auto-decide using best practices:
 - On `main`? → Auto-create `feature/<task-slug>` branch
 - Parent branch has new commits? → Auto-rebase before starting
-- Ready to merge? → **ALWAYS ask user**, even in bypass mode. Merging
-  is never autonomous. Ask: "Merge <branch> into <target>? Delete or keep?"
+- Ready to merge? → Auto-merge, delete feature/fix branches, keep
+  long-lived branches (dev, staging, release/*)
 - Commit message? → Auto-generate: what changed and why
 - Tests failing? → Fix them, don't report the failure and stop
 - Convention violations? → Fix them silently