initial commit

.codex/hooks/pre_tool_use_policy.py

@@ -0,0 +1,47 @@
+#!/usr/bin/env python3
+"""Block obviously destructive shell commands before Codex runs them."""
+
+from __future__ import annotations
+
+import json
+import re
+import sys
+
+
+BLOCK_PATTERNS = (
+    r"\brm\s+-rf\b",
+    r"\bgit\s+push\s+--force(?:-with-lease)?\b",
+    r"\bgit\s+reset\s+--hard\b",
+    r"\bDROP\s+TABLE\b",
+    r"\btruncate\s+table\b",
+    r"\bRemove-Item\b.*\b-Recurse\b",
+    r"\bdel\b\s+/s\b",
+)
+
+
+def main() -> int:
+    try:
+        payload = json.load(sys.stdin)
+    except json.JSONDecodeError:
+        return 0
+
+    command = payload.get("tool_input", {}).get("command", "")
+    for pattern in BLOCK_PATTERNS:
+        if re.search(pattern, command, re.IGNORECASE):
+            json.dump(
+                {
+                    "hookSpecificOutput": {
+                        "hookEventName": "PreToolUse",
+                        "permissionDecision": "deny",
+                        "permissionDecisionReason": "Harness guardrail blocked a risky shell command.",
+                    }
+                },
+                sys.stdout,
+            )
+            return 0
+
+    return 0
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())