#!/bin/bash
INPUT=$(cat)
PROMPT=$(echo "$INPUT" | sed -n 's/.*"user_prompt"[[:space:]]*:[[:space:]]*"\([^"]*\)".*/\1/p' | head -1)
if [ -z "$PROMPT" ]; then
PROMPT=$(echo "$INPUT" | sed -n 's/.*"prompt"[[:space:]]*:[[:space:]]*"\([^"]*\)".*/\1/p' | head -1)
fi
if [ -z "$PROMPT" ]; then
exit 0
fi
DANGEROUS_PATTERNS=(
"rm -rf /"
"delete database"
"drop database"
"format disk"
"dd if="
)
for pattern in "${DANGEROUS_PATTERNS[@]}"; do
if echo "$PROMPT" | grep -qi "$pattern"; then
printf '{"decision": "block", "reason": "Dangerous operation detected: %s"}' "$pattern"
exit 0
fi
done
if echo "$PROMPT" | grep -qiE "(deploy|push).*production"; then
if [ ! -f ".deployment-approved" ]; then
echo '{"decision": "block", "reason": "Production deployment requires approval. Create .deployment-approved file to proceed."}'
exit 0
fi
fi
if echo "$PROMPT" | grep -qi "refactor"; then
if [ ! -d "tests" ] && [ ! -d "test" ]; then
printf '{"additionalContext": "Warning: Refactoring without tests may be risky. Consider writing tests first."}'
fi
fi
exit 0