mati_core/hooks/pre_edit.rs
1/// pre-edit.sh — core hook for file EDIT interception (WI-01, L1).
2///
3/// Thin wrapper that delegates to `mati hook-decide claude-pre-edit`. PreToolUse
4/// on Edit/Write/NotebookEdit: denies an edit to a file carrying an unconsulted
5/// confirmed gotcha until the agent calls `mem_get`. Because Claude Code's own
6/// read-before-edit rule forces a prior read (which the read-gate already gates),
7/// this only fires on *blind* edits — closing the residual shell-read→edit hole
8/// and emitting an explicit edit-time enforcement event.
9///
10/// Non-deny outcomes DEFER to the normal permission flow (empty stdout, exit 0)
11/// rather than emitting `permissionDecision: "allow"`. Edits are
12/// permission-required tools, so force-allowing would suppress the user's own
13/// edit-approval prompt on every non-gotcha file — unlike reads, which are
14/// no-permission tools where force-allow is a harmless no-op. All enforcement
15/// logic lives in Rust (`hooks::decide` + `cli::hook_decide`).
16pub const SCRIPT: &str = r#"#!/usr/bin/env bash
17set -euo pipefail
18HOOKS_DIR="$(cd "$(dirname "$0")" && pwd)" && export PATH="$HOOKS_DIR:$PATH"
19command -v mati >/dev/null 2>&1 || exit 0
20exec mati hook-decide claude-pre-edit
21"#;