27 lines
778 B
Rego
27 lines
778 B
Rego
# METADATA
|
|
# scope: package
|
|
# title: Block Biome Ignore (Bash)
|
|
# description: Blocks Bash commands that add ignore directives to JS/TS files
|
|
# custom:
|
|
# routing:
|
|
# required_events: ["PreToolUse"]
|
|
# required_tools: ["Bash"]
|
|
package cupcake.policies.opencode.block_biome_ignore_bash
|
|
import rego.v1
|
|
|
|
ignore_pattern := `(biome-ignore|@ts-ignore|@ts-expect-error|@ts-nocheck|eslint-disable).*\.(js|jsx|ts|tsx|mjs|cjs)`
|
|
|
|
deny contains decision if {
|
|
input.hook_event_name == "PreToolUse"
|
|
input.tool_name == "Bash"
|
|
|
|
command := input.tool_input.command
|
|
regex.match(ignore_pattern, command)
|
|
|
|
decision := {
|
|
"rule_id": "TS-LINT-001",
|
|
"reason": "Ignore directives for Biome/TypeScript/ESLint are prohibited.",
|
|
"severity": "HIGH"
|
|
}
|
|
}
|