modify documents
This commit is contained in:
NINI
@@ -0,0 +1,67 @@
|
||||
#!/usr/bin/env python3
|
||||
"""Codex PreToolUse guard for obviously destructive shell commands."""
|
||||
|
||||
import json
|
||||
import re
|
||||
import sys
|
||||
from typing import Any
|
||||
|
||||
|
||||
DANGEROUS_PATTERNS = [
|
||||
(r"\brm\s+-rf\b", "Recursive force deletion is blocked by the document harness."),
|
||||
(
|
||||
r"\bRemove-Item\b(?=.*\b-Recurse\b|\s-r\b)(?=.*\b-Force\b|\s-f\b)",
|
||||
"PowerShell recursive force deletion is blocked by the document harness.",
|
||||
),
|
||||
(r"\bgit\s+reset\s+--hard\b", "Hard reset is blocked because it can discard user work."),
|
||||
(r"\bgit\s+push\b.*\s--force(?:-with-lease)?\b", "Force push is blocked by the document harness."),
|
||||
(r"\bDROP\s+TABLE\b", "Destructive database commands are blocked by the document harness."),
|
||||
]
|
||||
|
||||
|
||||
def iter_strings(value: Any):
|
||||
if isinstance(value, str):
|
||||
yield value
|
||||
elif isinstance(value, dict):
|
||||
for key, item in value.items():
|
||||
yield str(key)
|
||||
yield from iter_strings(item)
|
||||
elif isinstance(value, list):
|
||||
for item in value:
|
||||
yield from iter_strings(item)
|
||||
|
||||
|
||||
def deny(reason: str) -> None:
|
||||
payload = {
|
||||
"hookSpecificOutput": {
|
||||
"permissionDecision": "deny",
|
||||
"permissionDecisionReason": reason,
|
||||
},
|
||||
"decision": "block",
|
||||
"reason": reason,
|
||||
}
|
||||
print(json.dumps(payload, ensure_ascii=False))
|
||||
|
||||
|
||||
def main() -> int:
|
||||
raw = sys.stdin.read()
|
||||
haystack = raw
|
||||
|
||||
try:
|
||||
data = json.loads(raw) if raw.strip() else {}
|
||||
except json.JSONDecodeError:
|
||||
data = {}
|
||||
|
||||
if data:
|
||||
haystack += "\n" + "\n".join(iter_strings(data))
|
||||
|
||||
for pattern, reason in DANGEROUS_PATTERNS:
|
||||
if re.search(pattern, haystack, flags=re.IGNORECASE | re.DOTALL):
|
||||
deny(reason)
|
||||
return 0
|
||||
|
||||
return 0
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
sys.exit(main())
|
||||
@@ -0,0 +1,39 @@
|
||||
#!/usr/bin/env python3
|
||||
"""Codex Stop hook that asks the agent to continue when template validation fails."""
|
||||
|
||||
import json
|
||||
import subprocess
|
||||
import sys
|
||||
from pathlib import Path
|
||||
|
||||
|
||||
ROOT = Path(__file__).resolve().parents[2]
|
||||
|
||||
|
||||
def main() -> int:
|
||||
result = subprocess.run(
|
||||
[sys.executable, "scripts/validate_docs.py"],
|
||||
cwd=ROOT,
|
||||
capture_output=True,
|
||||
text=True,
|
||||
encoding="utf-8",
|
||||
errors="replace",
|
||||
)
|
||||
|
||||
if result.returncode == 0:
|
||||
return 0
|
||||
|
||||
details = "\n".join(part for part in [result.stdout.strip(), result.stderr.strip()] if part)
|
||||
payload = {
|
||||
"decision": "block",
|
||||
"reason": (
|
||||
"Document harness validation failed. Continue the turn, fix the listed "
|
||||
f"issues, and run `python scripts/validate_docs.py` again.\n\n{details}"
|
||||
),
|
||||
}
|
||||
print(json.dumps(payload, ensure_ascii=False))
|
||||
return 0
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
sys.exit(main())
|
||||
Reference in New Issue
Block a user