{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Write|Edit|MultiEdit",
        "hooks": [
          {
            "type": "prompt",
            "prompt": "[code-sentinel] SECURITY CHECK for CODE files only:\n\nSKIP entirely for: *.md, *.json, *.yml, *.yaml, *.txt, README, CHANGELOG, LICENSE, docs/*\n\nFor CODE files (.py, .js, .ts, .sh, etc.), check for:\n- eval()/exec() with unsanitized user input\n- SQL string concatenation with user data\n- shell=True with user input\n- Hardcoded real secrets (actual keys/passwords, not placeholders)\n\nResponse:\n- Security issue in code: '[code-sentinel] BLOCKED: {10 words max}'\n- Otherwise: proceed silently (say nothing)\n\nNEVER block docs/config. NEVER do lengthy analysis."
          }
        ]
      }
    ]
  }
}