aa8daf8de2
- cmd/hook.go: install/uninstall subcommands with --force flag - cmd/hook_script.sh: embedded via go:embed, runs keyhunter scan on staged files - KEYHUNTER-HOOK v1 marker prevents accidental deletion of non-owned hooks - Backup existing hooks on --force install - cmd/hook_test.go: 10 tests covering fresh install, non-repo, force/backup, overwrite, uninstall lifecycle - Remove hookCmd stub from cmd/stubs.go
20 lines
579 B
Bash
20 lines
579 B
Bash
#!/usr/bin/env bash
|
|
# KEYHUNTER-HOOK v1 — managed by `keyhunter hook install`
|
|
# Remove via `keyhunter hook uninstall`.
|
|
set -e
|
|
|
|
files=$(git diff --cached --name-only --diff-filter=ACMR)
|
|
if [ -z "$files" ]; then
|
|
exit 0
|
|
fi
|
|
|
|
# Run keyhunter against each staged file. Exit code 1 from keyhunter
|
|
# means findings present; 2 means scan error. Either blocks the commit.
|
|
echo "$files" | xargs -r keyhunter scan --exit-code
|
|
status=$?
|
|
if [ $status -ne 0 ]; then
|
|
echo "keyhunter: pre-commit blocked (exit $status). Run 'git commit --no-verify' to bypass." >&2
|
|
exit $status
|
|
fi
|
|
exit 0
|