npx claudepluginhub maguire-murphy/pre-deploy-checklist --plugin pre-deploy-checklistDefined in hooks/hooks.json
Bashecho "${TOOL_INPUT_COMMAND}" | grep -qE 'supabase.*db.*push' && echo "${TOOL_INPUT_COMMAND}" | grep -qvE 'staging|dev|preview|local' && echo '{"feedback": "⚠️ Migration push detected — verify this is not production."}' || trueWritef="${TOOL_INPUT_FILE_PATH}"; echo "$f" | grep -qE '(api/|actions/).*\.ts' && ! grep -qE '(from.*zod|require.*zod|\.parse\(|\.safeParse\()' "$f" 2>/dev/null && grep -qE '(POST|PUT|PATCH|DELETE|use server)' "$f" 2>/dev/null && echo '{"feedback": "⚠️ Mutation endpoint without Zod validation."}' || trueWritef="${TOOL_INPUT_FILE_PATH}"; grep -qiE 'NEXT_PUBLIC_.*SERVICE_ROLE|NEXT_PUBLIC_.*SECRET' "$f" 2>/dev/null && echo '{"feedback": "🔴 Sensitive key exposed with NEXT_PUBLIC_ prefix."}' || trueWritef="${TOOL_INPUT_FILE_PATH}"; grep -qE 'Access-Control-Allow-Origin.*\*' "$f" 2>/dev/null && echo '{"feedback": "⚠️ CORS wildcard origin detected. Use explicit allowlist."}' || trueWritef="${TOOL_INPUT_FILE_PATH}"; echo "$f" | grep -qE '(components/|app/.*page\.|app/.*layout\.)' && grep -qiE 'service_role' "$f" 2>/dev/null && echo '{"feedback": "🔴 service_role key referenced in client-side file. This key bypasses RLS and must never be exposed to the browser."}' || trueRuns bash pre-tool-check.sh before and post-tool-audit.sh after Bash|Write|Edit|NotebookEdit|mcp__ tools. PreToolUse enables blocking; touches bash execution and file writes.
Share bugs, ideas, or general feedback.