lmiranda
2248184359
- Add protected branch detection to /commit command (Step 1) - Warn users before committing to protected branches - Offer to create feature branch automatically - Rewrite doc-guardian hook to be truly non-blocking - Enforce strict [plugin-name] prefix in all hook outputs - Add forbidden words list to prevent accidental blocking Fixes #109, #110 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
16 lines
1.1 KiB
JSON
16 lines
1.1 KiB
JSON
{
|
|
"hooks": {
|
|
"PreToolUse": [
|
|
{
|
|
"matcher": "Write|Edit|MultiEdit",
|
|
"hooks": [
|
|
{
|
|
"type": "prompt",
|
|
"prompt": "SECURITY SCAN - STRICT OUTPUT FORMAT:\n\nALL outputs MUST start with '[code-sentinel]' - NO EXCEPTIONS.\n\nScan the code being written for:\n\n**Critical (BLOCK):**\n- eval()/exec() with user input\n- SQL string concatenation\n- shell=True with user input\n- Hardcoded secrets (API keys, passwords, tokens)\n- Pickle/marshal deserialization of untrusted data\n- innerHTML/dangerouslySetInnerHTML with user content\n\n**Warning (ALLOW but note):**\n- subprocess without input validation\n- File operations without path sanitization\n- HTTP requests without timeout\n- Broad exception catches\n\n**Output Format (MANDATORY):**\n- Critical found: '[code-sentinel] BLOCKED: {brief reason}. Fix: {suggestion}'\n- Warning found: '[code-sentinel] Warning: {brief reason}. Proceeding.'\n- Clean: Say nothing (empty response)\n\nNEVER output without the '[code-sentinel]' prefix. Keep messages under 30 words."
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|