- Copy code/image/config files across all modules - Translate brand-voice and code-review templates - Translate CONTRIBUTING, CODE_OF_CONDUCT, SECURITY, STYLE_GUIDE - Copy CHANGELOG as-is (technical log) Ref: luongnv89/claude-howto#63
55 lines
1.5 KiB
Bash
55 lines
1.5 KiB
Bash
#!/bin/bash
|
|
# Validate user prompts
|
|
# Hook: UserPromptSubmit
|
|
#
|
|
# Reads the user prompt from stdin JSON and blocks dangerous operations.
|
|
#
|
|
# Compatible with: macOS, Linux, Windows (Git Bash)
|
|
|
|
# Read JSON input from stdin (Claude Code hook protocol)
|
|
INPUT=$(cat)
|
|
|
|
# Extract the prompt text from JSON input
|
|
# Claude Code sends UserPromptSubmit with field "user_prompt" (falls back to "prompt")
|
|
PROMPT=$(echo "$INPUT" | sed -n 's/.*"user_prompt"[[:space:]]*:[[:space:]]*"\([^"]*\)".*/\1/p' | head -1)
|
|
if [ -z "$PROMPT" ]; then
|
|
PROMPT=$(echo "$INPUT" | sed -n 's/.*"prompt"[[:space:]]*:[[:space:]]*"\([^"]*\)".*/\1/p' | head -1)
|
|
fi
|
|
|
|
if [ -z "$PROMPT" ]; then
|
|
exit 0
|
|
fi
|
|
|
|
# Check for dangerous operations
|
|
DANGEROUS_PATTERNS=(
|
|
"rm -rf /"
|
|
"delete database"
|
|
"drop database"
|
|
"format disk"
|
|
"dd if="
|
|
)
|
|
|
|
for pattern in "${DANGEROUS_PATTERNS[@]}"; do
|
|
if echo "$PROMPT" | grep -qi "$pattern"; then
|
|
printf '{"decision": "block", "reason": "Dangerous operation detected: %s"}' "$pattern"
|
|
exit 0
|
|
fi
|
|
done
|
|
|
|
# Check for production deployments
|
|
if echo "$PROMPT" | grep -qiE "(deploy|push).*production"; then
|
|
if [ ! -f ".deployment-approved" ]; then
|
|
echo '{"decision": "block", "reason": "Production deployment requires approval. Create .deployment-approved file to proceed."}'
|
|
exit 0
|
|
fi
|
|
fi
|
|
|
|
# Check for required context in certain operations
|
|
if echo "$PROMPT" | grep -qi "refactor"; then
|
|
if [ ! -d "tests" ] && [ ! -d "test" ]; then
|
|
printf '{"additionalContext": "Warning: Refactoring without tests may be risky. Consider writing tests first."}'
|
|
fi
|
|
fi
|
|
|
|
exit 0
|