baram2584/FESADev
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
90307dc13c9a69e341d4d9afc4c4b437668211d5
FESADev/.codex/hooks/pre_tool_use_policy.py
T
NINI e99b5b8eff modify documents
2026-05-01 02:29:30 +09:00

54 lines
1.3 KiB
Python
Raw Blame History

#!/usr/bin/env python3
"""Block obviously destructive shell commands before Codex runs them."""
from __future__ import annotations
import json
import re
import sys
BLOCK_PATTERNS = (
r"\brm\s+-rf\b",
r"\brm\s+.*-[a-zA-Z]*r[a-zA-Z]*f\b",
r"\brm\s+.*-[a-zA-Z]*f[a-zA-Z]*r\b",
r"\bgit\s+push\s+--force(?:-with-lease)?\b",
r"\bgit\s+reset\s+--hard\b",
r"\bgit\s+clean\s+-[a-zA-Z]*f[a-zA-Z]*d\b",
r"\bDROP\s+TABLE\b",
r"\btruncate\s+table\b",
r"\bRemove-Item\b.*\b-Recurse\b",
r"\bRemove-Item\b.*\b-Force\b.*\b-Recurse\b",
r"\bdel\b\s+/s\b",
r"\brd\b\s+/s\b",
r"\brmdir\b\s+/s\b",
)
def main() -> int:
try:
payload = json.load(sys.stdin)
except json.JSONDecodeError:
return 0
command = payload.get("tool_input", {}).get("command", "")
for pattern in BLOCK_PATTERNS:
if re.search(pattern, command, re.IGNORECASE):
json.dump(
{
"hookSpecificOutput": {
"hookEventName": "PreToolUse",
"permissionDecision": "deny",
"permissionDecisionReason": "Harness guardrail blocked a risky shell command.",
}
},
sys.stdout,
)
return 0
return 0
if __name__ == "__main__":
raise SystemExit(main())
Reference in New Issue View Git Blame Copy Permalink