You can either:
ask your client to use a
pre-commit
hook (also presented in this article or illustrated in this question), but they can bypass it if they wantor you can set up a
pre-receive
hook which will deny the push on the server side if your policy isn't followed.
It would usegit diff-index --cached --name-only
, as in this question to get the content of each file pushed.
The server-side approach is generally favored, as it is easier to deply, maintain and enforce.