Using pre-commit to improve AI-generated code quality and security
Practical pre-commit setup for AI coding workflows
A developer on r/ClaudeAI shared their approach to improving code quality when using AI coding assistants like Claude Code. They use pre-commit with a detailed configuration file to catch outdated packages, vulnerabilities, and quality issues before code is committed.
Configuration details
The .pre-commit-config.yaml includes multiple hooks:
- Basic formatting: trailing-whitespace, end-of-file-fixer, check-yaml, check-merge-conflict
- Go-specific: golangci-lint (v1.64.0) with --timeout=5m argument, govulncheck, go test -short
- Documentation: markdownlint-cli (v0.43.0), yamllint (v1.35.1)
- Writing: vale (v3.10.0) with --config=.vale.ini for language checking
- Security: checkov for Infrastructure as Code and GitHub Actions scanning
Setup and workflow
Install pre-commit via:
brew install pre-commitor
pip install pre-commitThen configure globally:
pre-commit init-templatedir ~/.git-template
git config --global init.templateDir ~/.git-templateThis ensures pre-commit runs automatically when cloning or creating repositories with a configuration file.
Integration strategies
The developer uses Makefiles for Go projects to control what actions Claude Code can take, redirecting all go commands through the makefile. This prevents Claude from creating binaries randomly and forces security scanning and vulnerability management during builds.
For Java with Maven, similar checks can be integrated into mvn clean verify to ensure vulnerability checks and security scans.
Why this approach works
The developer notes that Claude Code suggests code from its training which often lacks security rigor or contains vulnerabilities. When the commit fails due to pre-commit checks, Claude Code can detect and fix the issues. This approach doesn't interfere with file editing like Claude Hooks might, potentially saving tokens.
They found this more effective than adding Claude hooks for formatting and scanning, with lower token usage and benefits for manual development work too.
Additional tools mentioned
- act for testing GitHub Actions locally
- actlint for validating GitHub Actions configurations
- vale for language checking, particularly useful for non-native English speakers
The developer emphasizes this approach works regardless of the AI assistant or model being used, as even advanced models like Opus 4.6 can generate insecure code based on training data.
📖 Read the full source: r/ClaudeAI
👀 See Also
Claude Code UltraPlan Workflow Changes and Performance Observations
Claude Code UltraPlan introduces a cloud-based planning workflow with terminal launch, browser review interface, and execution options. Testing showed approximately 2x faster repeated runs than local planning, with mixed quality improvements.
Claude IDE Bridge: MCP Tool for Remote Editor Access
Claude IDE Bridge is an open-source tool that provides Claude AI with remote control access to code editors via MCP (Model Context Protocol). It exposes editor knowledge like live type information and debugger state as callable tools.
Nakkas MCP Server Generates Animated SVGs from AI Descriptions
Nakkas is an MCP server where AI constructs complete animated SVG configurations from descriptions, rendering clean animated SVGs with shapes, gradients, animations, and filters. It supports parametric curves, 15 filter presets, CSS @keyframes and SMIL animations, and works anywhere SVG renders.
SeeFlow: Architecture Diagrams That Are Wired to Your Live App
SeeFlow generates a flow canvas from your codebase and wires each node to your actual running app, with plugins for Claude Code, Codex, Cursor, Windsurf, and an MCP server.