# METADATA
# scope: package
# title: Block Code Quality Test (Bash)
# description: Blocks Bash edits to src/test/code-quality.test.ts
# custom:
#   routing:
#     required_events: ["PreToolUse"]
#     required_tools: ["Bash"]
package cupcake.policies.opencode.block_code_quality_test_bash
import rego.v1

pattern := `(sed|awk|cat\s*>|echo\s*>|tee|cp\s+.*code-quality\.test\.ts|mv\s+.*code-quality\.test\.ts|rm\s+.*code-quality\.test\.ts|>|>>).*code-quality\.test\.ts|code-quality\.test\.ts.*(>|>>|\|.*tee)`

deny contains decision if {
    input.hook_event_name == "PreToolUse"
    input.tool_name == "Bash"

    command := input.tool_input.command
    regex.match(pattern, command)

    decision := {
        "rule_id": "TS-QUALITY-001",
        "reason": "Direct edits to src/test/code-quality.test.ts are prohibited.",
        "severity": "HIGH"
    }
}