diff options
| author | Craig Jennings <c@cjennings.net> | 2026-03-29 16:27:59 -0500 |
|---|---|---|
| committer | Craig Jennings <c@cjennings.net> | 2026-03-29 16:27:59 -0500 |
| commit | f894e07ea3c39620e37245f1e1bf829e853bbe5b (patch) | |
| tree | 1ddfd779e37b53e397ec67e3796ad7933eeb7d21 /hooks | |
| parent | 861bab677b4632e9d30e6318bc2a35c36ee77105 (diff) | |
| download | rulesets-f894e07ea3c39620e37245f1e1bf829e853bbe5b.tar.gz rulesets-f894e07ea3c39620e37245f1e1bf829e853bbe5b.zip | |
Add hooks settings.json with install-hooks target
Hooks provide:
- PostEditTool: ruff format/check on Python, terraform fmt on .tf
- PreCommit: block commits containing hardcoded secrets (AWS keys, API tokens, passwords)
Install per-project with: make install-hooks TARGET=/path/to/project
Won't overwrite existing settings.json — shows diff command instead.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Diffstat (limited to 'hooks')
| -rw-r--r-- | hooks/settings.json | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/hooks/settings.json b/hooks/settings.json new file mode 100644 index 0000000..50fdf09 --- /dev/null +++ b/hooks/settings.json @@ -0,0 +1,19 @@ +{ + "hooks": { + "PostEditTool": [ + { + "matcher": "**/*.py", + "command": "ruff format $FILE && ruff check --fix $FILE" + }, + { + "matcher": "**/*.tf", + "command": "terraform fmt $FILE" + } + ], + "PreCommit": [ + { + "command": "! grep -rn --include='*.py' --include='*.ts' --include='*.tsx' --include='*.tf' --include='*.yml' --include='*.yaml' -E '(AKIA[0-9A-Z]{16}|sk-[a-zA-Z0-9]{20,}|password\\s*=\\s*[\"'\\'']{1}[^\"'\\'']+[\"'\\'']{1})' . --exclude-dir=node_modules --exclude-dir=.git --exclude-dir=gathered" + } + ] + } +} |