Stats
Actions
Tags
From safety-essentials
Blocks file writes and bash commands until a 'springfield hook-guard' check passes, enforcing a pre-commit guard on every Write/Edit/Bash call. Runs bash, modifies files.
1 event · 5 hooks
Safety signals detected in this hook configuration
Where this hook configuration is defined
Defined inline in plugin.json manifest
Event handlers and matchers — expand Raw Configuration for the full JSON
BashINPUT=$(cat); CMD=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null); [ -z "$CMD" ] && exit 0; if echo "$CMD" | grep -qE 'rm\s+-r(f|F)|rm\s+-(f|F)r|rm\s+--force.*-r|rm\s+-r.*--force'; then echo 'BLOCKED: rm -rf detected. Use git clean or manual deletion instead.' >&2; exit 2; fiBashINPUT=$(cat); CMD=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null); [ -z "$CMD" ] && exit 0; if echo "$CMD" | grep -qE 'git\s+push.*--force|git\s+push.*-f\b'; then echo 'BLOCKED: Force push detected. Use --force-with-lease or push normally.' >&2; exit 2; fiBashINPUT=$(cat); CMD=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null); [ -z "$CMD" ] && exit 0; if echo "$CMD" | grep -qE 'git\s+reset\s+--hard'; then echo 'BLOCKED: git reset --hard discards uncommitted changes. Use git stash instead.' >&2; exit 2; fiWriteINPUT=$(cat); FILE=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty' 2>/dev/null); [ -z "$FILE" ] && exit 0; if echo "$FILE" | grep -qE '\.env$|\.env\.'; then echo "BLOCKED: Writing to environment file: $FILE" >&2; exit 2; fiBashINPUT=$(cat); CMD=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null); [ -z "$CMD" ] && exit 0; if echo "$CMD" | grep -qE 'npm\s+publish|yarn\s+publish'; then echo 'BLOCKED: Package publish requires manual execution.' >&2; exit 2; finpx claudepluginhub gaebalai/cc-guard --plugin safety-essentials