init claude-code
This commit is contained in:
@@ -0,0 +1,102 @@
|
||||
/**
|
||||
* Detects potentially destructive bash commands and returns a warning string
|
||||
* for display in the permission dialog. This is purely informational — it
|
||||
* doesn't affect permission logic or auto-approval.
|
||||
*/
|
||||
|
||||
type DestructivePattern = {
|
||||
pattern: RegExp
|
||||
warning: string
|
||||
}
|
||||
|
||||
const DESTRUCTIVE_PATTERNS: DestructivePattern[] = [
|
||||
// Git — data loss / hard to reverse
|
||||
{
|
||||
pattern: /\bgit\s+reset\s+--hard\b/,
|
||||
warning: 'Note: may discard uncommitted changes',
|
||||
},
|
||||
{
|
||||
pattern: /\bgit\s+push\b[^;&|\n]*[ \t](--force|--force-with-lease|-f)\b/,
|
||||
warning: 'Note: may overwrite remote history',
|
||||
},
|
||||
{
|
||||
pattern:
|
||||
/\bgit\s+clean\b(?![^;&|\n]*(?:-[a-zA-Z]*n|--dry-run))[^;&|\n]*-[a-zA-Z]*f/,
|
||||
warning: 'Note: may permanently delete untracked files',
|
||||
},
|
||||
{
|
||||
pattern: /\bgit\s+checkout\s+(--\s+)?\.[ \t]*($|[;&|\n])/,
|
||||
warning: 'Note: may discard all working tree changes',
|
||||
},
|
||||
{
|
||||
pattern: /\bgit\s+restore\s+(--\s+)?\.[ \t]*($|[;&|\n])/,
|
||||
warning: 'Note: may discard all working tree changes',
|
||||
},
|
||||
{
|
||||
pattern: /\bgit\s+stash[ \t]+(drop|clear)\b/,
|
||||
warning: 'Note: may permanently remove stashed changes',
|
||||
},
|
||||
{
|
||||
pattern:
|
||||
/\bgit\s+branch\s+(-D[ \t]|--delete\s+--force|--force\s+--delete)\b/,
|
||||
warning: 'Note: may force-delete a branch',
|
||||
},
|
||||
|
||||
// Git — safety bypass
|
||||
{
|
||||
pattern: /\bgit\s+(commit|push|merge)\b[^;&|\n]*--no-verify\b/,
|
||||
warning: 'Note: may skip safety hooks',
|
||||
},
|
||||
{
|
||||
pattern: /\bgit\s+commit\b[^;&|\n]*--amend\b/,
|
||||
warning: 'Note: may rewrite the last commit',
|
||||
},
|
||||
|
||||
// File deletion (dangerous paths already handled by checkDangerousRemovalPaths)
|
||||
{
|
||||
pattern:
|
||||
/(^|[;&|\n]\s*)rm\s+-[a-zA-Z]*[rR][a-zA-Z]*f|(^|[;&|\n]\s*)rm\s+-[a-zA-Z]*f[a-zA-Z]*[rR]/,
|
||||
warning: 'Note: may recursively force-remove files',
|
||||
},
|
||||
{
|
||||
pattern: /(^|[;&|\n]\s*)rm\s+-[a-zA-Z]*[rR]/,
|
||||
warning: 'Note: may recursively remove files',
|
||||
},
|
||||
{
|
||||
pattern: /(^|[;&|\n]\s*)rm\s+-[a-zA-Z]*f/,
|
||||
warning: 'Note: may force-remove files',
|
||||
},
|
||||
|
||||
// Database
|
||||
{
|
||||
pattern: /\b(DROP|TRUNCATE)\s+(TABLE|DATABASE|SCHEMA)\b/i,
|
||||
warning: 'Note: may drop or truncate database objects',
|
||||
},
|
||||
{
|
||||
pattern: /\bDELETE\s+FROM\s+\w+[ \t]*(;|"|'|\n|$)/i,
|
||||
warning: 'Note: may delete all rows from a database table',
|
||||
},
|
||||
|
||||
// Infrastructure
|
||||
{
|
||||
pattern: /\bkubectl\s+delete\b/,
|
||||
warning: 'Note: may delete Kubernetes resources',
|
||||
},
|
||||
{
|
||||
pattern: /\bterraform\s+destroy\b/,
|
||||
warning: 'Note: may destroy Terraform infrastructure',
|
||||
},
|
||||
]
|
||||
|
||||
/**
|
||||
* Checks if a bash command matches known destructive patterns.
|
||||
* Returns a human-readable warning string, or null if no destructive pattern is detected.
|
||||
*/
|
||||
export function getDestructiveCommandWarning(command: string): string | null {
|
||||
for (const { pattern, warning } of DESTRUCTIVE_PATTERNS) {
|
||||
if (pattern.test(command)) {
|
||||
return warning
|
||||
}
|
||||
}
|
||||
return null
|
||||
}
|
||||
Reference in New Issue
Block a user