initial commit

2026-04-17 00:08:11 +09:00
parent 92f61ab30e
commit 0d5b982af8
28 changed files with 1695 additions and 1 deletions
--- a/.codex/hooks/pycache/pre_tool_use_policy.cpython-312.pyc
+++ b/.codex/hooks/pycache/pre_tool_use_policy.cpython-312.pyc
--- a/.codex/hooks/pycache/stop_continue.cpython-312.pyc
+++ b/.codex/hooks/pycache/stop_continue.cpython-312.pyc
--- a/.codex/hooks/pre_tool_use_policy.py
+++ b/.codex/hooks/pre_tool_use_policy.py
@@ -0,0 +1,47 @@
+#!/usr/bin/env python3
+"""Block obviously destructive shell commands before Codex runs them."""
+
+from __future__ import annotations
+
+import json
+import re
+import sys
+
+
+BLOCK_PATTERNS = (
+    r"\brm\s+-rf\b",
+    r"\bgit\s+push\s+--force(?:-with-lease)?\b",
+    r"\bgit\s+reset\s+--hard\b",
+    r"\bDROP\s+TABLE\b",
+    r"\btruncate\s+table\b",
+    r"\bRemove-Item\b.*\b-Recurse\b",
+    r"\bdel\b\s+/s\b",
+)
+
+
+def main() -> int:
+    try:
+        payload = json.load(sys.stdin)
+    except json.JSONDecodeError:
+        return 0
+
+    command = payload.get("tool_input", {}).get("command", "")
+    for pattern in BLOCK_PATTERNS:
+        if re.search(pattern, command, re.IGNORECASE):
+            json.dump(
+                {
+                    "hookSpecificOutput": {
+                        "hookEventName": "PreToolUse",
+                        "permissionDecision": "deny",
+                        "permissionDecisionReason": "Harness guardrail blocked a risky shell command.",
+                    }
+                },
+                sys.stdout,
+            )
+            return 0
+
+    return 0
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())
--- a/.codex/hooks/stop_continue.py
+++ b/.codex/hooks/stop_continue.py
@@ -0,0 +1,55 @@
+#!/usr/bin/env python3
+"""Run repository validation when a Codex turn stops and request one more pass if it fails."""
+
+from __future__ import annotations
+
+import json
+import subprocess
+import sys
+from pathlib import Path
+
+
+def main() -> int:
+    try:
+        payload = json.load(sys.stdin)
+    except json.JSONDecodeError:
+        return 0
+
+    if payload.get("stop_hook_active"):
+        return 0
+
+    root = Path(payload.get("cwd") or ".").resolve()
+    validator = root / "scripts" / "validate_workspace.py"
+    if not validator.exists():
+        return 0
+
+    result = subprocess.run(
+        [sys.executable, str(validator)],
+        cwd=root,
+        capture_output=True,
+        text=True,
+        timeout=240,
+    )
+
+    if result.returncode == 0:
+        return 0
+
+    summary = (result.stdout or result.stderr or "workspace validation failed").strip()
+    if len(summary) > 1200:
+        summary = summary[:1200].rstrip() + "..."
+
+    json.dump(
+        {
+            "decision": "block",
+            "reason": (
+                "Validation failed. Review the output, fix the repo, then continue.\n\n"
+                f"{summary}"
+            ),
+        },
+        sys.stdout,
+    )
+    return 0
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())