#!/bin/sh
# CoM Enterprise — PreToolUse Validation Hook
# Intercepts commands before execution and blocks dangerous patterns.
# Claude Code passes tool input as JSON on stdin.
# POSIX-compatible (works in Git Bash on Windows and native bash on Linux).
# Exit 0 = allow, Exit 2 = block (exit 2 = block without error message)

# Read JSON input from stdin and extract the command field
INPUT=$(cat)
COMMAND=$(printf '%s' "$INPUT" | node -e "let d='';process.stdin.on('data',c=>d+=c);process.stdin.on('end',()=>{try{const j=JSON.parse(d);const cmd=j.command||j.cmd||(j.tool_input&&j.tool_input.command)||'';console.log(cmd);}catch(e){console.log('');}})" 2>/dev/null || echo "")

# Block pipe-to-shell patterns (supply chain attack vector)
case "$COMMAND" in
  *curl*\|*sh*|*curl*\|*bash*|*wget*\|*sh*|*wget*\|*bash*)
    echo "BLOCKED: Pipe-to-shell detected. Download first, inspect, then execute." >&2
    exit 2
    ;;
esac

# Block --no-verify (bypasses git hooks / safety checks)
case "$COMMAND" in
  *--no-verify*)
    echo "BLOCKED: --no-verify bypasses safety hooks. Remove the flag or get explicit approval." >&2
    exit 2
    ;;
esac

# Block insecure permission changes
case "$COMMAND" in
  *chmod\ 777*|*chmod\ -R\ 777*)
    echo "BLOCKED: chmod 777 is world-writable. Use specific permissions (e.g., 755, 644)." >&2
    exit 2
    ;;
esac

# Block destructive operations on critical paths
case "$COMMAND" in
  *rm\ -rf\ /*)
    echo "BLOCKED: Recursive delete on root path. This is catastrophic." >&2
    exit 2
    ;;
  *rm\ -rf\ .git*|*rm\ -rf\ .claude*)
    echo "BLOCKED: Deleting project infrastructure (.git or .claude). Requires manual confirmation." >&2
    exit 2
    ;;
  *rm\ -rf\ src/*|*rm\ -rf\ crates/*|*rm\ -rf\ core/*)
    echo "BLOCKED: Recursive delete on source directories. Requires explicit approval." >&2
    exit 2
    ;;
esac

# Block disk-destroying commands
case "$COMMAND" in
  *dd\ if=/dev/zero*|*mkfs*)
    echo "BLOCKED: Disk formatting / overwrite command detected." >&2
    exit 2
    ;;
esac

# Block force-push to main
case "$COMMAND" in
  *git\ push\ --force*|*git\ push\ -f*)
    echo "BLOCKED: Force-push detected. Use --force-with-lease or get explicit approval." >&2
    exit 2
    ;;
esac

# Block Windows-specific destructive operations
case "$COMMAND" in
  *powershell*Remove-Item*-Recurse*-Force*C:\\*|*powershell*Remove-Item*-Recurse*-Force*X:\\*)
    echo "BLOCKED: PowerShell recursive force-delete on system drive." >&2
    exit 2
    ;;
  *powershell*Set-ExecutionPolicy*Unrestricted*)
    echo "BLOCKED: Setting unrestricted execution policy. Use RemoteSigned or AllSigned." >&2
    exit 2
    ;;
  *reg*delete*HKLM*|*reg*delete*HKCU*)
    echo "BLOCKED: Registry deletion. Requires explicit approval." >&2
    exit 2
    ;;
  *bcdedit*|*bcdboot*)
    echo "BLOCKED: Boot configuration modification. Requires explicit approval." >&2
    exit 2
    ;;
  *netsh*advfirewall*set*state*off*)
    echo "BLOCKED: Disabling Windows Firewall. Requires explicit approval." >&2
    exit 2
    ;;
esac

# Block credential exposure patterns
case "$COMMAND" in
  *cat*.env*|*type*.env*|*echo*TOKEN*|*echo*SECRET*|*echo*PASSWORD*)
    echo "BLOCKED: Potential credential exposure to stdout. Use env vars instead." >&2
    exit 2
    ;;
esac

# All checks passed
exit 0