Add Claude Code hooks and new-credential skill
Hooks: - PreToolUse: block direct edits to credential files (99-claude, etc.) - PostToolUse: auto-run shellcheck after editing bash.d scripts Skill: - /new-credential: scaffolds a credential file pair (.example template + real file), adds to .gitignore, sets permissions Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
2b747b6945
commit
ed82cebd16
4 changed files with 130 additions and 0 deletions
23
.claude/hooks/block-credential-edit.sh
Executable file
23
.claude/hooks/block-credential-edit.sh
Executable file
|
|
@ -0,0 +1,23 @@
|
|||
#!/bin/bash
|
||||
# PreToolUse hook: block direct edits to credential files.
|
||||
# Only .example templates should be modified — real secrets stay untouched.
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
input=$(cat)
|
||||
file_path=$(echo "$input" | jq -r '.tool_input.file_path // empty')
|
||||
|
||||
# No file path in input (e.g. Bash tool) — allow
|
||||
[[ -z "$file_path" ]] && exit 0
|
||||
|
||||
basename=$(basename "$file_path")
|
||||
|
||||
# Block known credential files (but allow .example templates)
|
||||
case "$basename" in
|
||||
99-claude|99-gemini|99-google|99-huggingface|99-replicate)
|
||||
echo "Blocked: do not edit credential files directly — edit the .example template instead" >&2
|
||||
exit 2
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0
|
||||
Loading…
Add table
Add a link
Reference in a new issue