Using pre-commit to improve AI-generated code quality and security

Practical pre-commit setup for AI coding workflows
A developer on r/ClaudeAI shared their approach to improving code quality when using AI coding assistants like Claude Code. They use pre-commit with a detailed configuration file to catch outdated packages, vulnerabilities, and quality issues before code is committed.
Configuration details
The .pre-commit-config.yaml includes multiple hooks:
- Basic formatting: trailing-whitespace, end-of-file-fixer, check-yaml, check-merge-conflict
- Go-specific: golangci-lint (v1.64.0) with --timeout=5m argument, govulncheck, go test -short
- Documentation: markdownlint-cli (v0.43.0), yamllint (v1.35.1)
- Writing: vale (v3.10.0) with --config=.vale.ini for language checking
- Security: checkov for Infrastructure as Code and GitHub Actions scanning
Setup and workflow
Install pre-commit via:
brew install pre-commitor
pip install pre-commitThen configure globally:
pre-commit init-templatedir ~/.git-template
git config --global init.templateDir ~/.git-templateThis ensures pre-commit runs automatically when cloning or creating repositories with a configuration file.
Integration strategies
The developer uses Makefiles for Go projects to control what actions Claude Code can take, redirecting all go commands through the makefile. This prevents Claude from creating binaries randomly and forces security scanning and vulnerability management during builds.
For Java with Maven, similar checks can be integrated into mvn clean verify to ensure vulnerability checks and security scans.
Why this approach works
The developer notes that Claude Code suggests code from its training which often lacks security rigor or contains vulnerabilities. When the commit fails due to pre-commit checks, Claude Code can detect and fix the issues. This approach doesn't interfere with file editing like Claude Hooks might, potentially saving tokens.
They found this more effective than adding Claude hooks for formatting and scanning, with lower token usage and benefits for manual development work too.
Additional tools mentioned
- act for testing GitHub Actions locally
- actlint for validating GitHub Actions configurations
- vale for language checking, particularly useful for non-native English speakers
The developer emphasizes this approach works regardless of the AI assistant or model being used, as even advanced models like Opus 4.6 can generate insecure code based on training data.
📖 Read the full source: r/ClaudeAI
👀 See Also

ClawControl iOS client released for OpenClaw self-hosted servers
ClawControl v1.50 is now available on iOS as a privacy-focused mobile client for self-hosted OpenClaw/Claw servers. The open-source app enables real-time chat with streaming responses, agent management, and session control from mobile devices.

Real Cost of AI Coding Tools: 42 Hours of Overhead per 60 Days — A Solo Dev's Detailed Breakdown
A solo dev tracked every dollar and minute spent on AI coding tools for 60 days. Subscriptions ($200/mo) were the smallest cost; 42 hours of overhead from bad output and tool-switching were the real tax. Net productivity gain was 1.7-2x, not 10x. Surprise: CodeRabbit, a $15/mo review tool, had the highest ROI.

Chrome Skills: Save and Reuse AI Prompts as One-Click Tools
Google's Chrome Skills feature lets users save AI prompts as reusable workflows that run with a single click on any webpage. Skills can be accessed by typing forward slash (/) or clicking the plus sign (+) in Gemini in Chrome.

Claude Code HUD: Terminal Dashboard for Monitoring AI Coding Sessions
claude-code-hud is a terminal dashboard that provides real-time monitoring for Claude Code sessions, showing context window usage, API rate limits, and file changes without requiring an IDE. Run it with npx claude-code-hud.