#!/usr/bin/env bash
set -euo pipefail

payload_json="$(cat)"

PAYLOAD_JSON="$payload_json" python3 - <<'PY'
import json
import os
import re
import sys

payload = json.loads(os.environ.get("PAYLOAD_JSON", "{}"))
command = str(payload.get("tool_input", {}).get("command", "")).strip()

blocked = [
    (r"(^|\s)rm\s+-[^;&|]*[rf]", "Recursive or forced removal must be reviewed manually."),
    (r"(^|\s)sudo(\s|$)", "sudo is blocked for Devin sessions in this workspace."),
    (r"(^|\s)git\s+reset\s+--hard(\s|$)", "Hard resets can discard user work."),
    (r"(^|\s)git\s+checkout\s+--(\s|$)", "Checkout restore can discard user work."),
    (r"(^|\s)git\s+clean(\s|$)", "git clean can delete untracked user work."),
    (r"(^|\s)chmod\s+-R(\s|$)", "Recursive chmod is too broad for an automated hook."),
    (r"(^|\s)chown\s+-R(\s|$)", "Recursive chown is too broad for an automated hook."),
]

for pattern, reason in blocked:
    if re.search(pattern, command):
        print(json.dumps({"decision": "block", "reason": reason}))
        sys.exit(2)

sys.exit(0)
PY