#!/usr/bin/env python3
"""Block obviously destructive shell commands before Codex runs them."""

from __future__ import annotations

import json
import re
import sys


BLOCK_PATTERNS = (
    r"\brm\s+-rf\b",
    r"\bgit\s+push\s+--force(?:-with-lease)?\b",
    r"\bgit\s+reset\s+--hard\b",
    r"\bDROP\s+TABLE\b",
    r"\btruncate\s+table\b",
    r"\bRemove-Item\b.*\b-Recurse\b",
    r"\bdel\b\s+/s\b",
)


def main() -> int:
    try:
        payload = json.load(sys.stdin)
    except json.JSONDecodeError:
        return 0

    command = payload.get("tool_input", {}).get("command", "")
    for pattern in BLOCK_PATTERNS:
        if re.search(pattern, command, re.IGNORECASE):
            json.dump(
                {
                    "hookSpecificOutput": {
                        "hookEventName": "PreToolUse",
                        "permissionDecision": "deny",
                        "permissionDecisionReason": "Harness guardrail blocked a risky shell command.",
                    }
                },
                sys.stdout,
            )
            return 0

    return 0


if __name__ == "__main__":
    raise SystemExit(main())