personal-projects/leo-claude-mktplace
Template
0
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: protected branch detection and non-blocking hooks

Browse Source 
- Add protected branch detection to /commit command (Step 1)
- Warn users before committing to protected branches
- Offer to create feature branch automatically
- Rewrite doc-guardian hook to be truly non-blocking
- Enforce strict [plugin-name] prefix in all hook outputs
- Add forbidden words list to prevent accidental blocking

Fixes #109, #110

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Leo Miranda
2026-01-23 11:05:12 -05:00
parent 0d120bd041
commit 2248184359
7 changed files with 68 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
plugins/code-sentinel/hooks/hooks.json
View File

@@ -6,7 +6,7 @@
"hooks": [
{
"type": "prompt",
"prompt": "[code-sentinel] SECURITY CHECK - Before writing this code, scan for these patterns:\n\n**Critical (BLOCK if found):**\n- eval(), exec() with user input\n- SQL string concatenation (SQL injection)\n- shell=True with user input (command injection)\n- Hardcoded secrets (API keys, passwords, tokens)\n- Pickle/marshal deserialization of untrusted data\n- innerHTML/dangerouslySetInnerHTML with user content (XSS)\n\n**Warning (WARN but allow):**\n- subprocess without input validation\n- File operations without path sanitization\n- HTTP requests without timeout\n- Broad exception catches (except:)\n- Debug/print statements with sensitive data\n\n**Response:**\n- If CRITICAL found: STOP with '[code-sentinel] BLOCKED:', explain the issue, suggest safe alternative\n- If WARNING found: Note briefly with '[code-sentinel] WARNING:', proceed with suggestion\n- If clean: Proceed silently (say nothing)\n\nDo NOT announce clean scans. Only speak if issues found."
"prompt": "SECURITY SCAN - STRICT OUTPUT FORMAT:\n\nALL outputs MUST start with '[code-sentinel]' - NO EXCEPTIONS.\n\nScan the code being written for:\n\n**Critical (BLOCK):**\n- eval()/exec() with user input\n- SQL string concatenation\n- shell=True with user input\n- Hardcoded secrets (API keys, passwords, tokens)\n- Pickle/marshal deserialization of untrusted data\n- innerHTML/dangerouslySetInnerHTML with user content\n\n**Warning (ALLOW but note):**\n- subprocess without input validation\n- File operations without path sanitization\n- HTTP requests without timeout\n- Broad exception catches\n\n**Output Format (MANDATORY):**\n- Critical found: '[code-sentinel] BLOCKED: {brief reason}. Fix: {suggestion}'\n- Warning found: '[code-sentinel] Warning: {brief reason}. Proceeding.'\n- Clean: Say nothing (empty response)\n\nNEVER output without the '[code-sentinel]' prefix. Keep messages under 30 words."
}
]
}