chore: add bun enforcement hook and local config patterns

[42tg]

Summary

• Add .claude/hooks/enforce-bun.sh to prevent accidental npm/yarn/pnpm usage in this bun-based monorepo
• Add .claude/settings.json with hook configuration
• Add local config patterns to .gitignore

Test plan

• Verify bun install still works normally
• Verify npm install is blocked by the hook

---

Note

Low Risk
Only adds a Claude Bash pre-hook and expands .gitignore; no runtime application logic is affected, though the hook could block some developer workflows if it false-positives.

Overview
Adds a Claude PreToolUse Bash hook that reads the tool command input and fails fast if it detects npm, npx, yarn, or pnpm, steering usage to bun (including bunx for npx).

Registers this hook in .claude/settings.json so it runs before Bash tool executions, and expands .gitignore to exclude *.local.*, **/coverage/, and .playwright-mcp/ artifacts.

^{Written by Cursor Bugbot for commit 185abf0. This will update automatically on new commits. Configure here.}

Note

Add bun enforcement hook to block npm, npx, yarn, and pnpm in Bash tool executions

• Adds enforce-bun.sh, a PreToolUse hook that parses the Bash tool's command input via jq and exits with code 2 if it detects npm, npx, yarn, or pnpm usage, printing guidance to stderr.
• Registers the hook in .claude/settings.json so it runs automatically before every Bash tool invocation in this environment.
• Adds *.local.*, **/coverage/, and .playwright-mcp/ patterns to .gitignore.

^{Macroscope summarized 185abf0.}

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: ce3afcd2-9355-44c0-bb89-01abb5bd4741

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[macroscopeapp]

Approvability

Verdict: Approved

This PR adds developer tooling only - a Claude Code hook to enforce bun usage and gitignore patterns. No application runtime behavior is affected. The open review comment about regex edge cases is a valid improvement but doesn't block approval since it only affects completeness of the dev tool guard.

^{You can customize Macroscope's approvability policy. Learn more.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

[cursor]

Regex misses env-var-prefixed and sudo-prefixed commands

Medium Severity

The grep pattern (^|[;&|][[:space:]]*)npm([[:space:]]|$) only matches npm at line-start or after shell operators (;, &, |), so commands prefixed with environment variables like NODE_ENV=production npm run build or prefix utilities like sudo npm install slip through undetected. The space before npm in these cases doesn't match [;&|], bypassing the hook entirely. The same gap applies to all four regex checks (npm, npx, yarn, pnpm). Adding [[:space:]] to the character class (e.g. (^|[;&|[:space:]])[[:space:]]*npm) would close this gap.

Additional Locations (2)

• .claude/hooks/enforce-bun.sh#L16-L17
• .claude/hooks/enforce-bun.sh#L22-L23