({ $ })
| 20 | } |
| 21 | |
| 22 | export const SecurityScanPlugin = async ({ $ }) => { |
| 23 | return { |
| 24 | "tool.execute.before": async (input, output) => { |
| 25 | // Only check file modification tools |
| 26 | if (!["write", "edit", "patch"].includes(input.tool)) { |
| 27 | return |
| 28 | } |
| 29 | |
| 30 | const filePath = input.args?.file_path || input.args?.filePath || input.args?.path || "" |
| 31 | |
| 32 | if (filePath && isSensitiveFile(filePath)) { |
| 33 | throw new Error( |
| 34 | `SECURITY BLOCK: Cannot edit sensitive file "${filePath}". Edit manually if needed.` |
| 35 | ) |
| 36 | } |
| 37 | }, |
| 38 | } |
| 39 | } |
nothing calls this directly
no test coverage detected