lmiranda
508832dae1
- Add [plugin-name] prefix to all hook messages for better identification - Make doc-guardian hook notification-only (non-blocking) - Add stale branch detection to /commit-sync with git fetch --prune - Enhance /branch-cleanup to handle stale branches separately Closes improvements for hook UX and git workflow Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
16 lines
1.1 KiB
JSON
16 lines
1.1 KiB
JSON
{
|
|
"hooks": {
|
|
"PreToolUse": [
|
|
{
|
|
"matcher": "Write|Edit|MultiEdit",
|
|
"hooks": [
|
|
{
|
|
"type": "prompt",
|
|
"prompt": "[code-sentinel] SECURITY CHECK - Before writing this code, scan for these patterns:\n\n**Critical (BLOCK if found):**\n- eval(), exec() with user input\n- SQL string concatenation (SQL injection)\n- shell=True with user input (command injection)\n- Hardcoded secrets (API keys, passwords, tokens)\n- Pickle/marshal deserialization of untrusted data\n- innerHTML/dangerouslySetInnerHTML with user content (XSS)\n\n**Warning (WARN but allow):**\n- subprocess without input validation\n- File operations without path sanitization\n- HTTP requests without timeout\n- Broad exception catches (except:)\n- Debug/print statements with sensitive data\n\n**Response:**\n- If CRITICAL found: STOP with '[code-sentinel] BLOCKED:', explain the issue, suggest safe alternative\n- If WARNING found: Note briefly with '[code-sentinel] WARNING:', proceed with suggestion\n- If clean: Proceed silently (say nothing)\n\nDo NOT announce clean scans. Only speak if issues found."
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|