diff --git a/hooks/hooks.json b/hooks/hooks.json index a24d2ae..0f0066d 100644 --- a/hooks/hooks.json +++ b/hooks/hooks.json @@ -1,24 +1,26 @@ { - "hooks": [ - { - "event": "PreToolUse", - "matcher": "Bash", - "hooks": [ - { - "type": "command", - "command": "${CLAUDE_PLUGIN_ROOT}/hooks/scripts/validate-cloud-command.py" - } - ] - }, - { - "event": "SessionStart", - "matcher": "*", - "hooks": [ - { - "type": "command", - "command": "echo '{\"hookSpecificOutput\":{\"hookEventName\":\"SessionStart\",\"contextForAgent\":\"DeployShield is active. Write/mutating operations are blocked for: cloud CLIs (aws, gcloud, az, kubectl, helm, terraform, pulumi), database CLIs (psql, mysql, mongosh, redis-cli), IaC tools (cdk, sam, serverless, ansible-playbook), secrets (vault), GitHub CLI (gh), container runtimes (docker, podman), and package publishing (npm/yarn/pnpm publish, twine, gem, cargo). Only read-only commands are allowed. Suggest --dry-run flags and terraform plan instead of terraform apply where appropriate.\"}}'" - } - ] - } - ] + "hooks": { + "PreToolUse": [ + { + "matcher": "Bash", + "hooks": [ + { + "type": "command", + "command": "${CLAUDE_PLUGIN_ROOT}/hooks/scripts/validate-cloud-command.py" + } + ] + } + ], + "SessionStart": [ + { + "matcher": "*", + "hooks": [ + { + "type": "command", + "command": "echo '{\"hookSpecificOutput\":{\"hookEventName\":\"SessionStart\",\"contextForAgent\":\"DeployShield is active. Write/mutating operations are blocked for: cloud CLIs (aws, gcloud, az, kubectl, helm, terraform, pulumi), database CLIs (psql, mysql, mongosh, redis-cli), IaC tools (cdk, sam, serverless, ansible-playbook), secrets (vault), GitHub CLI (gh), container runtimes (docker, podman), and package publishing (npm/yarn/pnpm publish, twine, gem, cargo). Only read-only commands are allowed. Suggest --dry-run flags and terraform plan instead of terraform apply where appropriate.\"}}'" + } + ] + } + ] + } }