14cb0f4d7b
This change introduces a new hook that runs before a file is written or edited. The hook executes a script that scans the file content for patterns that match common secret formats, such as API keys, AWS keys, and private keys. If a potential secret is found, the script exits with a non-zero status code, which blocks the file operation and prevents the secret from being committed. The script also provides a user-friendly error message with the filename, line number, and a suggestion to use environment variables. This helps to prevent accidental commits of sensitive credentials to the repository.
103 lines
2.8 KiB
JSON
103 lines
2.8 KiB
JSON
{
|
|
"$schema": "https://claude.ai/schemas/hooks.json",
|
|
"hooks": {
|
|
"PreToolUse": [
|
|
{
|
|
"matcher": "Bash",
|
|
"hooks": [
|
|
{
|
|
"type": "command",
|
|
"command": "${CLAUDE_PLUGIN_ROOT}/hooks/prefer-core.sh"
|
|
}
|
|
],
|
|
"description": "Block destructive commands (rm -rf, sed -i, xargs rm) and enforce core CLI"
|
|
},
|
|
{
|
|
"matcher": "Write",
|
|
"hooks": [
|
|
{
|
|
"type": "command",
|
|
"command": "${CLAUDE_PLUGIN_ROOT}/scripts/block-docs.sh"
|
|
}
|
|
],
|
|
"description": "Block random .md file creation"
|
|
},
|
|
{
|
|
"matcher": "tool == \"Write\" || tool == \"Edit\"",
|
|
"hooks": [
|
|
{
|
|
"type": "command",
|
|
"command": "echo \"${tool_input.content}\" | ${CLAUDE_PLUGIN_ROOT}/scripts/detect-secrets.sh ${tool_input.filepath}"
|
|
}
|
|
],
|
|
"description": "Detect secrets in code before writing or editing files."
|
|
}
|
|
],
|
|
"PostToolUse": [
|
|
{
|
|
"matcher": "tool == \"Edit\" && tool_input.file_path matches \"\\.go$\"",
|
|
"hooks": [
|
|
{
|
|
"type": "command",
|
|
"command": "${CLAUDE_PLUGIN_ROOT}/scripts/go-format.sh"
|
|
}
|
|
],
|
|
"description": "Auto-format Go files after edits"
|
|
},
|
|
{
|
|
"matcher": "tool == \"Edit\" && tool_input.file_path matches \"\\.php$\"",
|
|
"hooks": [
|
|
{
|
|
"type": "command",
|
|
"command": "${CLAUDE_PLUGIN_ROOT}/scripts/php-format.sh"
|
|
}
|
|
],
|
|
"description": "Auto-format PHP files after edits"
|
|
},
|
|
{
|
|
"matcher": "tool == \"Edit\"",
|
|
"hooks": [
|
|
{
|
|
"type": "command",
|
|
"command": "${CLAUDE_PLUGIN_ROOT}/scripts/check-debug.sh"
|
|
}
|
|
],
|
|
"description": "Warn about debug statements (dd, dump, fmt.Println)"
|
|
},
|
|
{
|
|
"matcher": "tool == \"Bash\" && tool_input.command matches \"^git commit\"",
|
|
"hooks": [
|
|
{
|
|
"type": "command",
|
|
"command": "${CLAUDE_PLUGIN_ROOT}/scripts/post-commit-check.sh"
|
|
}
|
|
],
|
|
"description": "Warn about uncommitted work after git commit"
|
|
}
|
|
],
|
|
"PreCompact": [
|
|
{
|
|
"matcher": "*",
|
|
"hooks": [
|
|
{
|
|
"type": "command",
|
|
"command": "${CLAUDE_PLUGIN_ROOT}/scripts/pre-compact.sh"
|
|
}
|
|
],
|
|
"description": "Save state before auto-compact to prevent amnesia"
|
|
}
|
|
],
|
|
"SessionStart": [
|
|
{
|
|
"matcher": "*",
|
|
"hooks": [
|
|
{
|
|
"type": "command",
|
|
"command": "${CLAUDE_PLUGIN_ROOT}/scripts/session-start.sh"
|
|
}
|
|
],
|
|
"description": "Restore recent session context on startup"
|
|
}
|
|
]
|
|
}
|
|
}
|