#!/usr/bin/env bash
# check-careful.sh — PreToolUse hook for /careful skill
# Blocks potentially destructive commands and requires user confirmation.

INPUT="$1"

# Destructive file operations
if echo "$INPUT" | grep -qE 'rm\s+(-rf|-r)\s' ; then
  echo "BLOCKED: Recursive file deletion detected (rm -rf / rm -r)"
  exit 1
fi

# Git destructive operations
if echo "$INPUT" | grep -qiE 'git\s+push\s+(-f|--force)' ; then
  echo "BLOCKED: Force push detected"
  exit 1
fi
if echo "$INPUT" | grep -qiE 'git\s+reset\s+--hard' ; then
  echo "BLOCKED: Hard reset detected"
  exit 1
fi
if echo "$INPUT" | grep -qiE 'git\s+clean\s+-f' ; then
  echo "BLOCKED: git clean -f detected"
  exit 1
fi
if echo "$INPUT" | grep -qiE 'git\s+branch\s+-D' ; then
  echo "BLOCKED: Force branch deletion detected"
  exit 1
fi

# Database destructive operations
if echo "$INPUT" | grep -qiE 'DROP\s+(TABLE|DATABASE)' ; then
  echo "BLOCKED: DROP TABLE/DATABASE detected"
  exit 1
fi
if echo "$INPUT" | grep -qiE 'TRUNCATE\s+' ; then
  echo "BLOCKED: TRUNCATE detected"
  exit 1
fi

# All clear
exit 0