{
  "permissions": {
    "allow": [
      "Bash(git -C * status)",
      "Bash(git -C * log *)",
      "Bash(git -C * diff *)",
      "Bash(git -C * show *)",
      "Bash(git -C * branch *)",
      "Bash(git -C * ls-files *)",
      "Bash(git -C * rev-parse *)",
      "Bash(git -C * remote *)",
      "Bash(command -v *)",
      "Bash(curl *)",
      "Bash(grep *)",
      "Bash(cat *)",
      "Bash(curl -sI *)",
      "Bash(curl -s http*)",
      "Bash(git *)",
      "Bash(for *)",
      "Bash(php *)",
      "Bash(php artisan *)",
      "Bash(python3 *)",
      "Bash(docker exec *)",
      "Bash(gemini *)"
    ]
  },
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Bash",
        "hooks": [
          {
            "type": "command",
            "command": "python3 -c \"\nimport json,sys\ndata=json.load(sys.stdin)\ncmd=data.get('tool_input',{}).get('command','')\nif 'php artisan' in cmd and 'docker exec' not in cmd:\n    print(json.dumps({'decision':'block','reason':'In this repo, php artisan commands must be run inside Docker. Use: docker exec -it bukidapp php artisan ...'}))\n    sys.exit(2)\n\"",
            "statusMessage": "Checking for bare php artisan commands..."
          }
        ]
      }
    ]
  }
}