{ "//说明": "Clover 启动包 Hooks 配置。四道质量门禁,承接治理指南§9.3模板。退出码 0=放行 2=阻止 其他非零=脚本错误。", "env": { "CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS": "1" }, "hooks": { "PreToolUse": [ { "//门禁1": "危险命令拦截", "matcher": "Bash", "hooks": [ { "type": "command", "command": "cmd=$(jq -r '.tool_input.command // empty'); if echo \"$cmd\" | grep -qE 'rm -rf|DROP TABLE|--force|--no-verify|reset --hard|git push.*main|git push.*master'; then echo \"危险命令被拦截: $cmd\" >&2; exit 2; fi; exit 0" } ] }, { "//门禁2": "敏感文件保护 + 源目录只读保护", "matcher": "Edit|Write", "hooks": [ { "type": "command", "command": "file=$(jq -r '.tool_input.file_path // empty'); if echo \"$file\" | grep -qE '\\.env|\\.key|credentials|secrets|FERNET'; then echo \"禁止编辑敏感文件: $file\" >&2; exit 2; fi; if echo \"$file\" | grep -qE 'O2中间件平台/banana|产品包/worker|万牛会L1准备/worker'; then echo \"源目录只读,禁止修改(铁律): $file\" >&2; exit 2; fi; exit 0" } ] } ], "PostToolUse": [ { "//门禁3": "自动 lint", "matcher": "Write|Edit", "hooks": [ { "type": "command", "command": "file=$(jq -r '.tool_input.file_path // empty'); case \"$file\" in *.ts|*.tsx|*.js|*.jsx) npx eslint --fix \"$file\" 2>&1 || true;; *.py) ruff check --fix \"$file\" 2>&1 || true;; esac; exit 0" } ] } ], "Stop": [ { "//门禁4": "测试验证 + 临时文件提醒", "hooks": [ { "type": "command", "command": "bash -c 'echo \"请确认是否已运行测试并通过(软件测试过≠内容质量过,内容需北哥抽检)。\" >&2; tmp=$(find . -name \"*_tmp*\" 2>/dev/null | head -5); if [ -n \"$tmp\" ]; then echo \"发现临时文件待清理:\" >&2; echo \"$tmp\" >&2; fi; exit 0'" } ] } ] } }