Stats
Actions
Tags
From pre-deploy-checklist
Enforces delegation rules before file writes and bash commands, then surfaces progress after bash execution. Uses bash scripts to manage operation flow.
2 events · 5 hooks
Safety signals detected in this hook configuration
Where this hook configuration is defined
Defined in hooks/hooks.json
Event handlers and matchers — expand Raw Configuration for the full JSON
Bashecho "${TOOL_INPUT_COMMAND}" | grep -qE 'supabase.*db.*push' && echo "${TOOL_INPUT_COMMAND}" | grep -qvE 'staging|dev|preview|local' && echo '{"feedback": "⚠️ Migration push detected — verify this is not production."}' || trueWritef="${TOOL_INPUT_FILE_PATH}"; echo "$f" | grep -qE '(api/|actions/).*\.ts' && ! grep -qE '(from.*zod|require.*zod|\.parse\(|\.safeParse\()' "$f" 2>/dev/null && grep -qE '(POST|PUT|PATCH|DELETE|use server)' "$f" 2>/dev/null && echo '{"feedback": "⚠️ Mutation endpoint without Zod validation."}' || trueWritef="${TOOL_INPUT_FILE_PATH}"; grep -qiE 'NEXT_PUBLIC_.*SERVICE_ROLE|NEXT_PUBLIC_.*SECRET' "$f" 2>/dev/null && echo '{"feedback": "🔴 Sensitive key exposed with NEXT_PUBLIC_ prefix."}' || trueWritef="${TOOL_INPUT_FILE_PATH}"; grep -qE 'Access-Control-Allow-Origin.*\*' "$f" 2>/dev/null && echo '{"feedback": "⚠️ CORS wildcard origin detected. Use explicit allowlist."}' || trueWritef="${TOOL_INPUT_FILE_PATH}"; echo "$f" | grep -qE '(components/|app/.*page\.|app/.*layout\.)' && grep -qiE 'service_role' "$f" 2>/dev/null && echo '{"feedback": "🔴 service_role key referenced in client-side file. This key bypasses RLS and must never be exposed to the browser."}' || truenpx claudepluginhub maguire-murphy/pre-deploy-checklist --plugin pre-deploy-checklist