mirror of
https://github.com/affaan-m/everything-claude-code.git
synced 2026-04-01 22:53:27 +08:00
fix: restore ci lockfile and hook validation
This commit is contained in:
Affaan Mustafa
73
scripts/hooks/post-bash-command-log.js
Normal file
73
scripts/hooks/post-bash-command-log.js
Normal file
@@ -0,0 +1,73 @@
|
||||
#!/usr/bin/env node
|
||||
'use strict';
|
||||
|
||||
const fs = require('fs');
|
||||
const os = require('os');
|
||||
const path = require('path');
|
||||
|
||||
const MAX_STDIN = 1024 * 1024;
|
||||
let raw = '';
|
||||
|
||||
const MODE_CONFIG = {
|
||||
audit: {
|
||||
fileName: 'bash-commands.log',
|
||||
format: command => `[${new Date().toISOString()}] ${command}`,
|
||||
},
|
||||
cost: {
|
||||
fileName: 'cost-tracker.log',
|
||||
format: command => `[${new Date().toISOString()}] tool=Bash command=${command}`,
|
||||
},
|
||||
};
|
||||
|
||||
function sanitizeCommand(command) {
|
||||
return String(command || '')
|
||||
.replace(/\n/g, ' ')
|
||||
.replace(/--token[= ][^ ]*/g, '--token=<REDACTED>')
|
||||
.replace(/Authorization:[: ]*[^ ]*[: ]*[^ ]*/gi, 'Authorization:<REDACTED>')
|
||||
.replace(/\bAKIA[A-Z0-9]{16}\b/g, '<REDACTED>')
|
||||
.replace(/\bASIA[A-Z0-9]{16}\b/g, '<REDACTED>')
|
||||
.replace(/password[= ][^ ]*/gi, 'password=<REDACTED>')
|
||||
.replace(/\bghp_[A-Za-z0-9_]+\b/g, '<REDACTED>')
|
||||
.replace(/\bgho_[A-Za-z0-9_]+\b/g, '<REDACTED>')
|
||||
.replace(/\bghs_[A-Za-z0-9_]+\b/g, '<REDACTED>')
|
||||
.replace(/\bgithub_pat_[A-Za-z0-9_]+\b/g, '<REDACTED>');
|
||||
}
|
||||
|
||||
function appendLine(filePath, line) {
|
||||
fs.mkdirSync(path.dirname(filePath), { recursive: true });
|
||||
fs.appendFileSync(filePath, `${line}\n`, 'utf8');
|
||||
}
|
||||
|
||||
function main() {
|
||||
const config = MODE_CONFIG[process.argv[2]];
|
||||
|
||||
process.stdin.setEncoding('utf8');
|
||||
process.stdin.on('data', chunk => {
|
||||
if (raw.length < MAX_STDIN) {
|
||||
const remaining = MAX_STDIN - raw.length;
|
||||
raw += chunk.substring(0, remaining);
|
||||
}
|
||||
});
|
||||
|
||||
process.stdin.on('end', () => {
|
||||
try {
|
||||
if (config) {
|
||||
const input = raw.trim() ? JSON.parse(raw) : {};
|
||||
const command = sanitizeCommand(input.tool_input?.command || '?');
|
||||
appendLine(path.join(os.homedir(), '.claude', config.fileName), config.format(command));
|
||||
}
|
||||
} catch {
|
||||
// Logging must never block the calling hook.
|
||||
}
|
||||
|
||||
process.stdout.write(raw);
|
||||
});
|
||||
}
|
||||
|
||||
if (require.main === module) {
|
||||
main();
|
||||
}
|
||||
|
||||
module.exports = {
|
||||
sanitizeCommand,
|
||||
};
|
||||
Reference in New Issue
Block a user