Initial commit

hooks/user-prompt-submit.sh

@@ -0,0 +1,119 @@
+#!/usr/bin/env bash
+# Auto-approve Hook with Safety Guards
+# Automatically approves all tool uses EXCEPT dangerous operations
+#
+# This hook enables autonomous operation while preventing destructive actions
+
+set -euo pipefail
+
+# Read JSON input from stdin
+INPUT_JSON=$(cat)
+
+# Extract tool details from JSON
+TOOL_NAME=$(echo "$INPUT_JSON" | jq -r '.tool_name // empty' 2>/dev/null || echo "")
+TOOL_PARAMS=$(echo "$INPUT_JSON" | jq -c '.tool_input // {}' 2>/dev/null || echo "{}")
+
+# List of dangerous operations to block
+DANGEROUS_PATTERNS=(
+    # File deletion
+    "rm -rf /"
+    "rm -rf ~"
+    "rm -rf \*"
+    "rm -rf ."
+    "sudo rm -rf"
+
+    # Disk operations
+    "dd if="
+    "mkfs"
+    "fdisk"
+
+    # System modifications
+    "sudo shutdown"
+    "sudo reboot"
+    "sudo halt"
+    "sudo poweroff"
+
+    # Package manager dangerous operations
+    "sudo apt-get remove"
+    "sudo apt remove"
+    "sudo yum remove"
+    "brew uninstall"
+
+    # Git destructive operations
+    "git push --force"
+    "git push -f"
+    "git reset --hard HEAD~"
+
+    # Database drops
+    "DROP DATABASE"
+    "DROP TABLE"
+
+    # Permission changes
+    "chmod 777"
+    "chmod -R 777"
+)
+
+# Check if this is a Bash tool use
+if [ "$TOOL_NAME" = "Bash" ]; then
+    # Extract the command from TOOL_PARAMS
+    COMMAND=$(echo "$TOOL_PARAMS" | jq -r '.command // empty' 2>/dev/null || echo "")
+
+    if [ -n "$COMMAND" ]; then
+        # Check against dangerous patterns
+        for pattern in "${DANGEROUS_PATTERNS[@]}"; do
+            if echo "$COMMAND" | grep -qF "$pattern"; then
+                # Block dangerous command
+                echo "🛑 BLOCKED: Dangerous command detected: $pattern"
+                echo "Command: $COMMAND"
+                echo ""
+                echo "This command has been blocked for safety."
+                echo "If you need to run this, please do it manually."
+                exit 1
+            fi
+        done
+
+        # Additional checks for rm with recursive flag
+        if echo "$COMMAND" | grep -qE "rm\s+.*-[rf].*\s*/"; then
+            echo "🛑 BLOCKED: Potentially dangerous rm command with root path"
+            echo "Command: $COMMAND"
+            exit 1
+        fi
+
+        # Check for rm of important directories
+        if echo "$COMMAND" | grep -qE "rm\s+.*-[rf].*\s+(bin|usr|etc|var|lib|boot|sys|proc|dev|home)"; then
+            echo "🛑 BLOCKED: Attempting to delete system directory"
+            echo "Command: $COMMAND"
+            exit 1
+        fi
+    fi
+fi
+
+# Check for Edit/Write operations on critical system files
+if [ "$TOOL_NAME" = "Edit" ] || [ "$TOOL_NAME" = "Write" ]; then
+    FILE_PATH=$(echo "$TOOL_PARAMS" | jq -r '.file_path // empty' 2>/dev/null || echo "")
+
+    if [ -n "$FILE_PATH" ]; then
+        # Block modifications to critical system files
+        CRITICAL_PATHS=(
+            "/etc/passwd"
+            "/etc/shadow"
+            "/etc/sudoers"
+            "/etc/hosts"
+            "/boot/"
+            "/sys/"
+            "/proc/"
+        )
+
+        for path in "${CRITICAL_PATHS[@]}"; do
+            if echo "$FILE_PATH" | grep -qF "$path"; then
+                echo "🛑 BLOCKED: Attempting to modify critical system file"
+                echo "File: $FILE_PATH"
+                exit 1
+            fi
+        done
+    fi
+fi
+
+# Auto-approve all other operations
+# No output means approval (hook succeeds)
+exit 0