Agent support¶
lex-align is built primarily around Claude Code, but the guardrail that matters most — the git pre-commit hook — is a plain Git hook that fires for any agent (or human) committing to a governed repo. Other agents trade away the soft, edit-time guardrails but keep the hard one.
Support matrix¶
| Capability | Claude Code | Cursor | Aider |
|---|---|---|---|
Git pre-commit guardrail (hard block on DENIED) | first-class | first-class | first-class |
lex-align-client check / request-approval CLI (works from any shell) | |||
Edit-time pyproject.toml intercept (block before bytes hit disk) | via .claude/settings.json PreToolUse | no equivalent hook | no equivalent hook |
Auto-prompted to run check before adding a dep | via CLAUDE.md (written by lex-align-client init) | user-provided .cursorrules | user-provided CONVENTIONS.md |
Auto-installed by lex-align-client init | hooks + CLAUDE.md | bring your own rules file | bring your own conventions file |
Reading the matrix¶
There are two layers of protection:
- Hard guardrail — the pre-commit hook. A vanilla
.git/hooks/pre-commitshim that re-checks every runtime dep at commit time. It runs no matter who or what triggered the commit, so a denied package is blocked even if the agent never calledcheckitself. This is the layer you can rely on across all agents. - Soft guardrails — plan-time advisor + edit-time intercept. These catch bad packages before they ever reach the staging area, so the agent can self-correct without rolling back. They are wired up natively for Claude Code and require manual setup for others.
If you only have the pre-commit hook, the worst case is that an agent writes a denied dependency into pyproject.toml, tries to commit, gets blocked, and has to back out the edit. With the soft guardrails on top, that round-trip never happens.
Per-agent notes¶
Claude Code (primary, first-class)¶
lex-align-client init configures everything automatically:
- Writes the
lex-alignsection intoCLAUDE.mdso every Claude Code session knows to callcheckandrequest-approvalwith the right flags. - Installs
PreToolUsehooks in.claude/settings.jsonthat intercept every edit topyproject.tomland either allow, advise, or hard-block based on the server's verdict — before the file is written. - Installs the standard git pre-commit hook.
This is the configuration the project is tested against. The For Agents page is written to be loaded into a Claude Code session.
Cursor¶
You get the pre-commit guardrail and the CLI commands. To match Claude Code's auto-prompted advisor, drop a rules file at .cursor/rules/lex-align.mdc (or the legacy .cursorrules) with the same contract that lives in For Agents: always run lex-align-client check --package <name> before editing pyproject.toml, never use --no-verify, etc.
There is no Cursor equivalent of the PreToolUse intercept — Cursor doesn't expose a hook that can block a tool call before it runs — so denied packages are caught at commit time rather than edit time.
Aider¶
Same shape as Cursor. The pre-commit guardrail and CLI commands work without any setup. For auto-prompting, point Aider at a CONVENTIONS.md (via --read CONVENTIONS.md or the read: key in .aider.conf.yml) that mirrors the For Agents playbook.
Aider runs git commit on its own after each successful edit, so the pre-commit hook is the natural backstop: a denied dep simply causes the commit to fail, and Aider will see the error in its loop.
What about other agents?¶
Anything that ultimately invokes git commit — Codex CLI, Windsurf, GitHub Copilot in VS Code, Cline, an internal harness, a human at the terminal — gets the pre-commit guardrail and the CLI commands for free. The soft guardrails follow the same pattern as Cursor and Aider: add the For Agents playbook to whatever rules file that agent reads, and you have plan-time parity with Claude Code on everything except the edit-time intercept.
The edit-time intercept is intentionally Claude-Code-specific because it depends on Claude Code's PreToolUse hook protocol; broader coverage (e.g. via MCP) is not on the current roadmap.