#!/usr/bin/env bash # # Pre-commit hook: Validate that no personal information is being committed # # This hook checks staged files for personal domains, IPs, and paths # to prevent accidental leakage of sensitive information. set -euo pipefail # Get repository root REPO_ROOT="$(git rev-parse --show-toplevel)" # Colors RED='\033[0;31m' GREEN='\033[0;32m' NC='\033[0m' # Get list of staged Nix and Markdown files STAGED_FILES=$(git diff --cached --name-only --diff-filter=ACM | grep -E '\.(nix|md)$' || true) if [ -z "$STAGED_FILES" ]; then # No Nix or Markdown files staged, skip validation exit 0 fi echo "==> Validating staged files for personal information..." VALIDATION_FAILED=0 # Check for personal domains if echo "$STAGED_FILES" | xargs git diff --cached | grep -E 'clarun\.xyz|talu\.uno' >/dev/null 2>&1; then echo -e "${RED}✗ ERROR: Staged changes contain personal domains (clarun.xyz or talu.uno)${NC}" echo " These domains must be replaced with example.com or matrix.example.org" VALIDATION_FAILED=1 fi # Check for personal IPs if echo "$STAGED_FILES" | xargs git diff --cached | grep -E '192\.168\.1\.|45\.77\.205\.49' >/dev/null 2>&1; then echo -e "${RED}✗ ERROR: Staged changes contain personal IP addresses${NC}" echo " Replace 192.168.1.x with 10.0.0.x and 45.77.205.49 with 203.0.113.10" VALIDATION_FAILED=1 fi # Check for personal paths if echo "$STAGED_FILES" | xargs git diff --cached | grep -E '/home/dan' >/dev/null 2>&1; then echo -e "${RED}✗ ERROR: Staged changes contain personal paths (/home/dan)${NC}" echo " Replace with /home/user or generic paths" VALIDATION_FAILED=1 fi # Check for hostname jrz1 (but allow ops-jrz1 since that's the server name) if echo "$STAGED_FILES" | xargs git diff --cached | grep -E '\bjrz1\b' | grep -v 'ops-jrz1' >/dev/null 2>&1; then echo -e "${RED}✗ ERROR: Staged changes contain personal hostname (jrz1)${NC}" echo " Replace with 'matrix' or generic hostname (ops-jrz1 is allowed)" VALIDATION_FAILED=1 fi if [ $VALIDATION_FAILED -eq 1 ]; then echo "" echo "Commit blocked. Please fix the issues above and try again." echo "Run './scripts/sanitize-files.sh ' to apply sanitization rules." exit 1 fi echo -e "${GREEN}✓ Sanitization validation passed${NC}" exit 0