#!/bin/bash
# beforeShellExecution: log command, allow by default. Block dangerous patterns if needed.
HOOKS_DIR="$(cd "$(dirname "$0")" && pwd)"
# shellcheck source=lib.sh
. "${HOOKS_DIR}/lib.sh"

input=$(cat)
command=$(echo "$input" | jq -r '.command // ""')
cwd=$(echo "$input" | jq -r '.cwd // "?"')
log_event "beforeShellExecution" "cwd=$cwd cmd=${command:0:100}"

# Allow all commands by default. Add deny rules here if needed (e.g. rm -rf /, etc.)
echo '{"continue":true,"permission":"allow"}'
exit 0