Add block-no-verify to prevent agents from bypassing git hooks

Problem

.claude/settings.json currently configures extensive permissions.allow and permissions.deny rules for xcodebuild and git commands, but does not include a PreToolUse hook to prevent AI agents from running git commit or git push with the hook-bypass flag. When an agent uses this flag, it silently skips pre-commit, commit-msg, and pre-push hooks — defeating linting, formatting, and test-before-commit checks entirely.

Solution

Add block-no-verify as a PreToolUse Bash hook:

{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Bash",
        "hooks": [{ "type": "command", "command": "npx block-no-verify@1.1.2" }]
      }
    ]
  }
}

block-no-verify reads tool_input.command from the Claude Code hook stdin payload, detects the hook-bypass flag across all git subcommands, and exits 2 to block. The existing permissions configuration is preserved unchanged.

I'm happy to open a PR for this if the maintainers are interested.