Stats
Actions
Tags
From git-protection
Blocks Bash commands that attempt to create GitHub releases or lightweight tags, enforcing release workflow policies. Runs Python scripts on every Bash tool call.
1 event · 5 hooks
Safety signals detected in this hook configuration
Where this hook configuration is defined
Defined inline in plugin.json manifest
Event handlers and matchers — expand Raw Configuration for the full JSON
BashCMD=$(echo "$CC_TOOL_INPUT" | jq -r '.command' 2>/dev/null); if echo "$CMD" | grep -qE 'git\s+push.*--force|git\s+push.*-f\b'; then echo 'BLOCKED: Force push. Use --force-with-lease for safer alternative.' >&2; exit 2; fiBashCMD=$(echo "$CC_TOOL_INPUT" | jq -r '.command' 2>/dev/null); if echo "$CMD" | grep -qE 'git\s+push\s+(origin\s+)?(main|master)\b'; then echo 'BLOCKED: Direct push to main/master. Use a feature branch and PR.' >&2; exit 2; fiBashCMD=$(echo "$CC_TOOL_INPUT" | jq -r '.command' 2>/dev/null); if echo "$CMD" | grep -qE 'git\s+reset\s+--hard'; then echo 'BLOCKED: git reset --hard. Use git stash or git reset --soft.' >&2; exit 2; fiBashCMD=$(echo "$CC_TOOL_INPUT" | jq -r '.command' 2>/dev/null); if echo "$CMD" | grep -qE 'git\s+clean\s+-fd|git\s+clean\s+-f'; then echo 'BLOCKED: git clean removes untracked files permanently. Review with git clean -n first.' >&2; exit 2; fiBashCMD=$(echo "$CC_TOOL_INPUT" | jq -r '.command' 2>/dev/null); if echo "$CMD" | grep -qE 'git\s+branch\s+-D'; then echo 'BLOCKED: Force branch deletion. Use -d (safe delete) instead of -D.' >&2; exit 2; finpx claudepluginhub yurukusa/cc-safe-setup --plugin git-protection