Using pre-commit to improve AI-generated code quality and security
Practical pre-commit setup for AI coding workflows
A developer on r/ClaudeAI shared their approach to improving code quality when using AI coding assistants like Claude Code. They use pre-commit with a detailed configuration file to catch outdated packages, vulnerabilities, and quality issues before code is committed.
Configuration details
The .pre-commit-config.yaml includes multiple hooks:
- Basic formatting: trailing-whitespace, end-of-file-fixer, check-yaml, check-merge-conflict
- Go-specific: golangci-lint (v1.64.0) with --timeout=5m argument, govulncheck, go test -short
- Documentation: markdownlint-cli (v0.43.0), yamllint (v1.35.1)
- Writing: vale (v3.10.0) with --config=.vale.ini for language checking
- Security: checkov for Infrastructure as Code and GitHub Actions scanning
Setup and workflow
Install pre-commit via:
brew install pre-commitor
pip install pre-commitThen configure globally:
pre-commit init-templatedir ~/.git-template
git config --global init.templateDir ~/.git-templateThis ensures pre-commit runs automatically when cloning or creating repositories with a configuration file.
Integration strategies
The developer uses Makefiles for Go projects to control what actions Claude Code can take, redirecting all go commands through the makefile. This prevents Claude from creating binaries randomly and forces security scanning and vulnerability management during builds.
For Java with Maven, similar checks can be integrated into mvn clean verify to ensure vulnerability checks and security scans.
Why this approach works
The developer notes that Claude Code suggests code from its training which often lacks security rigor or contains vulnerabilities. When the commit fails due to pre-commit checks, Claude Code can detect and fix the issues. This approach doesn't interfere with file editing like Claude Hooks might, potentially saving tokens.
They found this more effective than adding Claude hooks for formatting and scanning, with lower token usage and benefits for manual development work too.
Additional tools mentioned
- act for testing GitHub Actions locally
- actlint for validating GitHub Actions configurations
- vale for language checking, particularly useful for non-native English speakers
The developer emphasizes this approach works regardless of the AI assistant or model being used, as even advanced models like Opus 4.6 can generate insecure code based on training data.
📖 Read the full source: r/ClaudeAI
👀 See Also
Hermes Agent v0.6.0 offers improved local model support with per-model tool call parsers
Hermes Agent v0.6.0 from Nous Research provides per-model tool call parsers that handle tool calling properly on 30B class models, supports Ollama, vLLM, and sglang out of the box, and includes six terminal backends including Modal and Daytona for serverless deployment.
ClawProxy: Self-Hosted AI Routing Proxy for Rotating Free-Tier API Keys
ClawProxy is a self-hosted AI routing proxy that manages multiple free-tier AI API keys to avoid rate limits and provider overloads. It features in-flight key rotation, weighted load balancing, model translation, and a dashboard with deep-parsed logs.
MCP Gateway for Secure Remote Access to Internal Tools
An open-source MCP gateway aggregates multiple MCP tool servers into a single connection, enabling secure access via Claude Desktop without exposing public endpoints. It uses OpenZiti/zrok for zero-trust networking and requires only one configuration entry with a share token.
Open Design: Open-Source Alternative to Claude Design Runs on Your Local CLI Agents
Open Design is a local-first, BYOK design engine that turns 11 coding-agent CLIs (Claude Code, Codex, Cursor, Gemini CLI, etc.) into a design workflow with 72 brand-grade design systems and 31 composable skills, exporting HTML/PDF/PPTX/MP4.