refactor: Reorganize repository structure for optimal learning path
Reorder folders based on learning dependencies, complexity, and frequency of use: - 01-slash-commands (unchanged) - Quick wins for beginners - 02-memory (was 03) - Essential foundation - 03-skills (was 05) - Auto-invoked capabilities - 04-subagents (was 02) - Task delegation - 05-mcp (was 04) - External integration - 06-hooks (was 07) - Event automation - 07-plugins (was 06) - Bundled solutions - 08-checkpoints (unchanged) - Safe experimentation - 09-advanced-features (unchanged) - Power user tools Documentation improvements: - Add LEARNING-ROADMAP.md with detailed milestones and exercises - Simplify README.md for better scannability - Consolidate Quick Start and Getting Started sections - Combine Feature Comparison and Use Case Matrix tables - Reorder README sections: Learning Path → Quick Reference → Getting Started - Update all cross-references across module READMEs 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
61
06-hooks/security-scan.sh
Normal file
61
06-hooks/security-scan.sh
Normal file
@@ -0,0 +1,61 @@
|
||||
#!/bin/bash
|
||||
# Security scan on file write
|
||||
# Hook: PostToolUse:Write
|
||||
|
||||
FILE=$1
|
||||
|
||||
if [ -z "$FILE" ]; then
|
||||
echo "Usage: $0 <file_path>"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
echo "🔒 Running security scan on: $FILE"
|
||||
|
||||
ISSUES_FOUND=0
|
||||
|
||||
# Check for hardcoded passwords
|
||||
if grep -qE "(password|passwd|pwd)\s*=\s*['\"][^'\"]+['\"]" "$FILE"; then
|
||||
echo "⚠️ WARNING: Potential hardcoded password detected in $FILE"
|
||||
ISSUES_FOUND=1
|
||||
fi
|
||||
|
||||
# Check for hardcoded API keys
|
||||
if grep -qE "(api[_-]?key|apikey|access[_-]?token)\s*=\s*['\"][^'\"]+['\"]" "$FILE"; then
|
||||
echo "⚠️ WARNING: Potential hardcoded API key detected in $FILE"
|
||||
ISSUES_FOUND=1
|
||||
fi
|
||||
|
||||
# Check for hardcoded secrets
|
||||
if grep -qE "(secret|token)\s*=\s*['\"][^'\"]+['\"]" "$FILE"; then
|
||||
echo "⚠️ WARNING: Potential hardcoded secret detected in $FILE"
|
||||
ISSUES_FOUND=1
|
||||
fi
|
||||
|
||||
# Check for private keys
|
||||
if grep -q "BEGIN.*PRIVATE KEY" "$FILE"; then
|
||||
echo "⚠️ WARNING: Private key detected in $FILE"
|
||||
ISSUES_FOUND=1
|
||||
fi
|
||||
|
||||
# Check for AWS keys
|
||||
if grep -qE "AKIA[0-9A-Z]{16}" "$FILE"; then
|
||||
echo "⚠️ WARNING: AWS access key detected in $FILE"
|
||||
ISSUES_FOUND=1
|
||||
fi
|
||||
|
||||
# Scan with semgrep if available
|
||||
if command -v semgrep &> /dev/null; then
|
||||
semgrep --config=auto "$FILE" --quiet 2>/dev/null
|
||||
fi
|
||||
|
||||
# Scan with trufflehog if available
|
||||
if command -v trufflehog &> /dev/null; then
|
||||
trufflehog filesystem "$FILE" --only-verified --quiet 2>/dev/null
|
||||
fi
|
||||
|
||||
if [ $ISSUES_FOUND -eq 0 ]; then
|
||||
echo "✅ No security issues found"
|
||||
fi
|
||||
|
||||
# Don't block the operation, just warn
|
||||
exit 0
|
||||
Reference in New Issue
Block a user