From f894e07ea3c39620e37245f1e1bf829e853bbe5b Mon Sep 17 00:00:00 2001
From: Craig Jennings <c@cjennings.net>
Date: Sun, 29 Mar 2026 16:27:59 -0500
Subject: Add hooks settings.json with install-hooks target
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Hooks provide:
- PostEditTool: ruff format/check on Python, terraform fmt on .tf
- PreCommit: block commits containing hardcoded secrets (AWS keys, API tokens, passwords)

Install per-project with: make install-hooks TARGET=/path/to/project
Won't overwrite existing settings.json — shows diff command instead.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 hooks/settings.json | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 hooks/settings.json

(limited to 'hooks')

diff --git a/hooks/settings.json b/hooks/settings.json
new file mode 100644
index 0000000..50fdf09
--- /dev/null
+++ b/hooks/settings.json
@@ -0,0 +1,19 @@
+{
+  "hooks": {
+    "PostEditTool": [
+      {
+        "matcher": "**/*.py",
+        "command": "ruff format $FILE && ruff check --fix $FILE"
+      },
+      {
+        "matcher": "**/*.tf",
+        "command": "terraform fmt $FILE"
+      }
+    ],
+    "PreCommit": [
+      {
+        "command": "! grep -rn --include='*.py' --include='*.ts' --include='*.tsx' --include='*.tf' --include='*.yml' --include='*.yaml' -E '(AKIA[0-9A-Z]{16}|sk-[a-zA-Z0-9]{20,}|password\\s*=\\s*[\"'\\'']{1}[^\"'\\'']+[\"'\\'']{1})' . --exclude-dir=node_modules --exclude-dir=.git --exclude-dir=gathered"
+      }
+    ]
+  }
+}
-- 
cgit v1.2.3