-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathhooks.json
More file actions
62 lines (61 loc) · 3.14 KB
/
hooks.json
File metadata and controls
62 lines (61 loc) · 3.14 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
{
"$schema": "https://json.schemastore.org/claude-code-settings.json",
"hooks": {
"PreToolUse": [
{
"matcher": "Bash",
"hooks": [
{
"type": "command",
"command": "input=$(cat); cmd=$(echo \"$input\" | jq -r '.tool_input.command // empty'); if echo \"$cmd\" | grep -qE 'cpln\\s+secret\\s+create\\b' && ! echo \"$cmd\" | grep -qE 'cpln\\s+secret\\s+create-'; then echo 'BLOCK: Use type-specific secret commands (cpln secret create-opaque, create-aws, create-tls, etc.). Generic cpln secret create does not exist.' >&2; exit 1; fi"
}
]
},
{
"matcher": "Bash",
"hooks": [
{
"type": "command",
"command": "input=$(cat); cmd=$(echo \"$input\" | jq -r '.tool_input.command // empty'); if echo \"$cmd\" | grep -qE 'cpln\\s+apply' && ! echo \"$cmd\" | grep -qE '--file|--f\\b|-f\\b'; then echo 'BLOCK: cpln apply requires --file flag. Usage: cpln apply --file manifest.yaml' >&2; exit 1; fi"
}
]
},
{
"matcher": "Bash",
"hooks": [
{
"type": "command",
"command": "input=$(cat); cmd=$(echo \"$input\" | jq -r '.tool_input.command // empty'); if echo \"$cmd\" | grep -qE 'cpln\\s+gvc\\s+delete-all-workloads'; then echo 'BLOCK: cpln gvc delete-all-workloads destroys every workload in the GVC. This command is too destructive to run from the AI layer. Confirm the org, GVC, and full blast radius in the conversation, then run this command manually in your terminal.' >&2; exit 1; fi"
}
]
},
{
"matcher": "Bash",
"hooks": [
{
"type": "command",
"command": "input=$(cat); cmd=$(echo \"$input\" | jq -r '.tool_input.command // empty'); if echo \"$cmd\" | grep -qE 'cpln\\s+volumeset\\s+shrink'; then echo 'BLOCK: cpln volumeset shrink causes permanent data loss on the old volume. This command is too destructive to run from the AI layer. Confirm the org, GVC, volumeset name, and new size in the conversation, then run this command manually in your terminal.' >&2; exit 1; fi"
}
]
},
{
"matcher": "Bash",
"hooks": [
{
"type": "command",
"command": "input=$(cat); cmd=$(echo \"$input\" | jq -r '.tool_input.command // empty'); if echo \"$cmd\" | grep -qE 'cpln\\s+\\w+\\s+list\\b'; then echo 'BLOCK: cpln <resource> list does not exist. Use cpln <resource> get (with no arguments to list all, or with a name to get one).' >&2; exit 1; fi"
}
]
},
{
"matcher": "Bash",
"hooks": [
{
"type": "command",
"command": "input=$(cat); cmd=$(echo \"$input\" | jq -r '.tool_input.command // empty'); if echo \"$cmd\" | grep -qE 'cpln\\s+(workload|gvc|secret|identity|domain|policy|volumeset|serviceaccount|cloudaccount|agent|group|ipset|mk8s|image)\\s+delete\\b'; then echo 'WARNING: Destructive delete detected. Verify the correct org, GVC (if applicable), and resource name before proceeding. This action cannot be undone.' >&2; fi"
}
]
}
]
}
}