Add .claude/hooks for command auditing, dangerous command blocking, file protection, and auto-formatting; update documentation and configuration to integrate new hooks.

2026-02-14 21:22:27 +02:00
parent 5b28ea675d
commit 6d2eef5317
8 changed files with 227 additions and 0 deletions
--- a/.claude/hooks/protect-files.sh
+++ b/.claude/hooks/protect-files.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+# Protect sensitive files from accidental edits
+# Event: PreToolUse | Matcher: Edit|Write
+# Exit 2 = block, Exit 0 = allow
+
+INPUT=$(cat)
+FILE_PATH=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty')
+
+if [ -z "$FILE_PATH" ]; then
+  exit 0
+fi
+
+PROTECTED_PATTERNS=(
+  ".env"
+  ".env.local"
+  ".env.production"
+  "package-lock.json"
+  "pnpm-lock.yaml"
+  "yarn.lock"
+  ".git/"
+  ".git/config"
+  "id_rsa"
+  "id_ed25519"
+  ".pem"
+)
+
+for pattern in "${PROTECTED_PATTERNS[@]}"; do
+  if [[ "$FILE_PATH" == *"$pattern"* ]]; then
+    echo "Blocked: editing '$FILE_PATH' — matches protected pattern '$pattern'" >&2
+    exit 2
+  fi
+done
+
+exit 0