28 lines
828 B
Rego
28 lines
828 B
Rego
# METADATA
|
|
# scope: package
|
|
# title: Block Tests Quality (Bash)
|
|
# description: Blocks Bash edits to tests/quality (except baselines.json)
|
|
# custom:
|
|
# routing:
|
|
# required_events: ["PreToolUse"]
|
|
# required_tools: ["Bash"]
|
|
package cupcake.policies.opencode.block_tests_quality_bash
|
|
import rego.v1
|
|
|
|
pattern := `(rm|mv|cp|sed|awk|chmod|chown|touch|mkdir|rmdir|truncate|tee|>|>>)\s.*tests/quality/`
|
|
|
|
deny contains decision if {
|
|
input.hook_event_name == "PreToolUse"
|
|
input.tool_name == "Bash"
|
|
|
|
command := input.tool_input.command
|
|
regex.match(pattern, command)
|
|
not contains(lower(command), "tests/quality/baselines.json")
|
|
|
|
decision := {
|
|
"rule_id": "TEST-QUALITY-001",
|
|
"reason": "Direct edits to tests/quality are prohibited (except baselines.json).",
|
|
"severity": "HIGH"
|
|
}
|
|
}
|