Summary
The /careful hook uses string matching against the full bash command, including the contents of git commit -m arguments. This means commit messages that describe destructive commands (e.g., "this hook catches recursive deletes and database drops") trigger the safety warning even though no destructive command is being run.
Steps to reproduce
- Activate
/careful
- Run a commit whose message mentions a blocked pattern:
git add file.txt && git commit -m "feat: add guard for recursive delete and database drop patterns"
- The hook fires on patterns found inside the quoted commit message string, not as an actual command.
Expected behavior
The hook should only match destructive patterns in the executable portions of the command, not inside string arguments to git commit -m, echo, printf, or heredoc bodies.
Suggested fix
Before pattern matching, split the command on shell operators (&&, ||, ;), then skip any segment that starts with git commit, echo, cat, or printf since those are producing text output, not executing destructive operations.
Found this while building a similar hook inspired by gstack's /careful approach. Happy to submit a PR if useful.
Summary
The
/carefulhook uses string matching against the full bash command, including the contents ofgit commit -marguments. This means commit messages that describe destructive commands (e.g., "this hook catches recursive deletes and database drops") trigger the safety warning even though no destructive command is being run.Steps to reproduce
/carefulExpected behavior
The hook should only match destructive patterns in the executable portions of the command, not inside string arguments to
git commit -m,echo,printf, or heredoc bodies.Suggested fix
Before pattern matching, split the command on shell operators (
&&,||,;), then skip any segment that starts withgit commit,echo,cat, orprintfsince those are producing text output, not executing destructive operations.Found this while building a similar hook inspired by gstack's
/carefulapproach. Happy to submit a PR if useful.