destructive_command_guard 0.4.3

A Claude Code hook that blocks destructive commands before they execute
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204

//! `Velero` pack - protections for destructive Kubernetes backup operations.
//!
//! Covers destructive CLI operations:
//! - Backup, restore, and schedule deletion
//! - Location deletion
//! - Uninstall

use crate::packs::{DestructivePattern, Pack, SafePattern};
use crate::{destructive_pattern, safe_pattern};

/// Create the `Velero` pack.
#[must_use]
pub fn create_pack() -> Pack {
    Pack {
        id: "backup.velero".to_string(),
        name: "Velero",
        description: "Protects against destructive velero operations like deleting backups, schedules, and locations.",
        keywords: &["velero"],
        safe_patterns: create_safe_patterns(),
        destructive_patterns: create_destructive_patterns(),
        keyword_matcher: None,
        safe_regex_set: None,
        safe_regex_set_is_complete: false,
    }
}

fn create_safe_patterns() -> Vec<SafePattern> {
    vec![
        safe_pattern!(
            "velero-backup-get",
            r"velero(?:\s+--?\S+(?:\s+\S+)?)*\s+backup\s+get\b"
        ),
        safe_pattern!(
            "velero-backup-describe",
            r"velero(?:\s+--?\S+(?:\s+\S+)?)*\s+backup\s+describe\b"
        ),
        safe_pattern!(
            "velero-backup-logs",
            r"velero(?:\s+--?\S+(?:\s+\S+)?)*\s+backup\s+logs\b"
        ),
        safe_pattern!(
            "velero-backup-create",
            r"velero(?:\s+--?\S+(?:\s+\S+)?)*\s+backup\s+create\b"
        ),
        safe_pattern!(
            "velero-schedule-get",
            r"velero(?:\s+--?\S+(?:\s+\S+)?)*\s+schedule\s+get\b"
        ),
        safe_pattern!(
            "velero-restore-create",
            r"velero(?:\s+--?\S+(?:\s+\S+)?)*\s+restore\s+create\b"
        ),
        safe_pattern!(
            "velero-version",
            r"velero(?:\s+--?\S+(?:\s+\S+)?)*\s+version\b"
        ),
    ]
}

fn create_destructive_patterns() -> Vec<DestructivePattern> {
    vec![
        destructive_pattern!(
            "velero-backup-delete",
            r"velero(?:\s+--?\S+(?:\s+\S+)?)*\s+backup\s+delete\b",
            "velero backup delete removes a backup and its data.",
            High,
            "Deleting a Velero backup removes both the backup metadata in Kubernetes and the \
             actual backup data from object storage. Once deleted, you cannot restore your \
             cluster or applications to that backup point. This is irreversible.\n\n\
             Safer alternatives:\n\
             - velero backup describe: Review backup contents before deletion\n\
             - velero backup get: List all backups to verify target\n\
             - Consider retaining backups with TTL policies instead of manual deletion"
        ),
        destructive_pattern!(
            "velero-schedule-delete",
            r"velero(?:\s+--?\S+(?:\s+\S+)?)*\s+schedule\s+delete\b",
            "velero schedule delete removes scheduled backups.",
            Medium,
            "Deleting a backup schedule stops automatic backup creation. Existing backups \
             created by the schedule are not affected, but no new backups will be created. \
             If forgotten, this can lead to outdated backups and recovery gaps.\n\n\
             Safer alternatives:\n\
             - velero schedule get: Review all schedules first\n\
             - velero schedule describe: Check schedule configuration\n\
             - Pause the schedule instead if temporary"
        ),
        destructive_pattern!(
            "velero-restore-delete",
            r"velero(?:\s+--?\S+(?:\s+\S+)?)*\s+restore\s+delete\b",
            "velero restore delete removes restore records.",
            Low,
            "Deleting restore records removes the metadata about past restore operations from \
             Kubernetes. This does not affect the restored resources themselves or the original \
             backups. However, audit trails of restore operations will be lost.\n\n\
             Safer alternatives:\n\
             - velero restore get: List restores before deletion\n\
             - Document restore history externally if needed for compliance"
        ),
        destructive_pattern!(
            "velero-backup-location-delete",
            r"velero(?:\s+--?\S+(?:\s+\S+)?)*\s+backup-location\s+delete\b",
            "velero backup-location delete removes a backup storage location.",
            High,
            "Removing a backup storage location disconnects Velero from that storage backend. \
             Backups stored there become inaccessible to Velero (though data remains in storage). \
             You won't be able to restore from those backups until the location is recreated.\n\n\
             Safer alternatives:\n\
             - velero backup-location get: Review all locations\n\
             - Verify no critical backups depend on this location\n\
             - Migrate backups to another location before deletion"
        ),
        destructive_pattern!(
            "velero-snapshot-location-delete",
            r"velero(?:\s+--?\S+(?:\s+\S+)?)*\s+snapshot-location\s+delete\b",
            "velero snapshot-location delete removes a snapshot location.",
            High,
            "Deleting a snapshot location removes the configuration for volume snapshots. \
             Existing snapshots may become orphaned and inaccessible through Velero. Volume \
             restores that depend on this location will fail.\n\n\
             Safer alternatives:\n\
             - velero snapshot-location get: Review all snapshot locations\n\
             - Verify no backups use this snapshot location\n\
             - Migrate to a new snapshot location before deletion"
        ),
        destructive_pattern!(
            "velero-uninstall",
            r"velero(?:\s+--?\S+(?:\s+\S+)?)*\s+uninstall\b",
            "velero uninstall removes the Velero deployment and related resources.",
            Critical,
            "Uninstalling Velero removes the deployment, CRDs, and all Velero-managed resources \
             from your cluster. Backup schedules stop immediately. While backup data in object \
             storage is preserved, you cannot restore from backups until Velero is reinstalled \
             and reconfigured.\n\n\
             Safer alternatives:\n\
             - Document current configuration before uninstalling\n\
             - velero backup-location get: Record storage locations\n\
             - velero schedule get: Record all schedules\n\
             - Export Velero resources: kubectl get -o yaml"
        ),
    ]
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::packs::test_helpers::*;

    #[test]
    fn test_pack_creation() {
        let pack = create_pack();
        assert_eq!(pack.id, "backup.velero");
        assert_eq!(pack.name, "Velero");
        assert!(!pack.description.is_empty());
        assert!(pack.keywords.contains(&"velero"));

        assert_patterns_compile(&pack);
        assert_all_patterns_have_reasons(&pack);
        assert_unique_pattern_names(&pack);
    }

    #[test]
    fn allows_safe_commands() {
        let pack = create_pack();
        assert_safe_pattern_matches(&pack, "velero backup get");
        assert_safe_pattern_matches(&pack, "velero backup describe nightly");
        assert_safe_pattern_matches(&pack, "velero backup logs nightly");
        assert_safe_pattern_matches(&pack, "velero backup create nightly");
        assert_safe_pattern_matches(&pack, "velero schedule get");
        assert_safe_pattern_matches(&pack, "velero restore create restore-1");
        assert_safe_pattern_matches(&pack, "velero version");
    }

    #[test]
    fn blocks_destructive_commands() {
        let pack = create_pack();
        assert_blocks_with_pattern(
            &pack,
            "velero backup delete nightly",
            "velero-backup-delete",
        );
        assert_blocks_with_pattern(
            &pack,
            "velero schedule delete nightly",
            "velero-schedule-delete",
        );
        assert_blocks_with_pattern(
            &pack,
            "velero restore delete restore-1",
            "velero-restore-delete",
        );
        assert_blocks_with_pattern(
            &pack,
            "velero backup-location delete default",
            "velero-backup-location-delete",
        );
        assert_blocks_with_pattern(
            &pack,
            "velero snapshot-location delete default",
            "velero-snapshot-location-delete",
        );
        assert_blocks_with_pattern(&pack, "velero uninstall", "velero-uninstall");
    }
}