NINI
60 lines
1.7 KiB
Python
60 lines
1.7 KiB
Python
#!/usr/bin/env python3
|
|
"""Gemini CLI BeforeTool hook for obviously destructive shell commands."""
|
|
|
|
import json
|
|
import re
|
|
import sys
|
|
from typing import Any
|
|
|
|
|
|
DANGEROUS_PATTERNS = [
|
|
(r"\brm\s+-rf\b", "Recursive force deletion is blocked by the document harness."),
|
|
(
|
|
r"\bRemove-Item\b(?=.*\b-Recurse\b|\s-r\b)(?=.*\b-Force\b|\s-f\b)",
|
|
"PowerShell recursive force deletion is blocked by the document harness.",
|
|
),
|
|
(r"\bgit\s+reset\s+--hard\b", "Hard reset is blocked because it can discard user work."),
|
|
(r"\bgit\s+push\b.*\s--force(?:-with-lease)?\b", "Force push is blocked by the document harness."),
|
|
(r"\bDROP\s+TABLE\b", "Destructive database commands are blocked by the document harness."),
|
|
]
|
|
|
|
|
|
def iter_strings(value: Any):
|
|
if isinstance(value, str):
|
|
yield value
|
|
elif isinstance(value, dict):
|
|
for key, item in value.items():
|
|
yield str(key)
|
|
yield from iter_strings(item)
|
|
elif isinstance(value, list):
|
|
for item in value:
|
|
yield from iter_strings(item)
|
|
|
|
|
|
def emit(payload: dict) -> None:
|
|
print(json.dumps(payload, ensure_ascii=False))
|
|
|
|
|
|
def main() -> int:
|
|
raw = sys.stdin.read()
|
|
try:
|
|
data = json.loads(raw) if raw.strip() else {}
|
|
except json.JSONDecodeError:
|
|
data = {}
|
|
|
|
haystack = raw
|
|
if data:
|
|
haystack += "\n" + "\n".join(iter_strings(data.get("tool_input", data)))
|
|
|
|
for pattern, reason in DANGEROUS_PATTERNS:
|
|
if re.search(pattern, haystack, flags=re.IGNORECASE | re.DOTALL):
|
|
emit({"decision": "deny", "reason": reason, "suppressOutput": True})
|
|
return 0
|
|
|
|
emit({})
|
|
return 0
|
|
|
|
|
|
if __name__ == "__main__":
|
|
sys.exit(main())
|