{
"event": "PreToolUse",
"tool_name": "Read",
"tool_input": {
"file_path": "\/var\/www\/tools\/ki-protokoll\/claude-hook\/quality\/pre_rules_htmx.py"
}
}
{
"tool_response": {
"type": "text",
"file": {
"filePath": "\/var\/www\/tools\/ki-protokoll\/claude-hook\/quality\/pre_rules_htmx.py",
"content": "#!\/usr\/bin\/env python3\n\"\"\"\nPre-Hook HTMX Regeln (BLOCK) - Contract #14: htmx-patterns.\n\nKritische Regeln aus dem HTMX-Contract:\n- HTMX-C1: CSRF auf hx-post\n- HTMX-C2: CSRF auf hx-delete\n- HTMX-C3: CSRF auf hx-patch\n- HTMX-C4: Confirm auf hx-delete\n\"\"\"\n\nimport re\nfrom typing import Optional\nfrom .rule_base import block\n\n\n# =============================================================================\n# VIEW FILE CHECK\n# =============================================================================\n\ndef is_view_file(file_path: str) -> bool:\n \"\"\"Prüft ob es sich um eine View-Datei handelt.\"\"\"\n return \"\/View\/\" in file_path and file_path.endswith(\".php\")\n\n\n# =============================================================================\n# HTMX CONTRACT RULES (Critical)\n# =============================================================================\n\ndef htmx_c1_csrf_on_post(file_path: str, content: str) -> Optional[dict]:\n \"\"\"HTMX-C1: hx-post MUSS X-CSRF-TOKEN in hx-headers haben.\"\"\"\n if not is_view_file(file_path):\n return None\n\n # Finde alle hx-post Attribute\n hx_post_pattern = r'hx-post\\s*=\\s*[\"\\'][^\"\\']+[\"\\']'\n hx_posts = list(re.finditer(hx_post_pattern, content))\n\n if not hx_posts:\n return None\n\n # Prüfe jedes hx-post auf CSRF\n for match in hx_posts:\n # Suche im umgebenden Kontext (100 Zeichen vor und nach)\n start = max(0, match.start() - 150)\n end = min(len(content), match.end() + 150)\n context = content[start:end]\n\n # Muss hx-headers mit X-CSRF-TOKEN haben\n if 'hx-headers' not in context or 'CSRF' not in context.upper():\n line_num = content[:match.start()].count('\\n') + 1\n return block(\n \"HTMX-C1\",\n f\"hx-post at line {line_num} missing CSRF token. \"\n \"Add: hx-headers='{\\\"X-CSRF-TOKEN\\\": \\\"<?= $csrfToken ?>\\\"}'\"\n )\n\n return None\n\n\ndef htmx_c2_csrf_on_delete(file_path: str, content: str) -> Optional[dict]:\n \"\"\"HTMX-C2: hx-delete MUSS X-CSRF-TOKEN in hx-headers haben.\"\"\"\n if not is_view_file(file_path):\n return None\n\n hx_delete_pattern = r'hx-delete\\s*=\\s*[\"\\'][^\"\\']+[\"\\']'\n hx_deletes = list(re.finditer(hx_delete_pattern, content))\n\n if not hx_deletes:\n return None\n\n for match in hx_deletes:\n start = max(0, match.start() - 150)\n end = min(len(content), match.end() + 150)\n context = content[start:end]\n\n if 'hx-headers' not in context or 'CSRF' not in context.upper():\n line_num = content[:match.start()].count('\\n') + 1\n return block(\n \"HTMX-C2\",\n f\"hx-delete at line {line_num} missing CSRF token. \"\n \"Add: hx-headers='{\\\"X-CSRF-TOKEN\\\": \\\"<?= $csrfToken ?>\\\"}'\"\n )\n\n return None\n\n\ndef htmx_c3_csrf_on_patch(file_path: str, content: str) -> Optional[dict]:\n \"\"\"HTMX-C3: hx-patch MUSS X-CSRF-TOKEN in hx-headers haben.\"\"\"\n if not is_view_file(file_path):\n return None\n\n hx_patch_pattern = r'hx-patch\\s*=\\s*[\"\\'][^\"\\']+[\"\\']'\n hx_patches = list(re.finditer(hx_patch_pattern, content))\n\n if not hx_patches:\n return None\n\n for match in hx_patches:\n start = max(0, match.start() - 150)\n end = min(len(content), match.end() + 150)\n context = content[start:end]\n\n if 'hx-headers' not in context or 'CSRF' not in context.upper():\n line_num = content[:match.start()].count('\\n') + 1\n return block(\n \"HTMX-C3\",\n f\"hx-patch at line {line_num} missing CSRF token. \"\n \"Add: hx-headers='{\\\"X-CSRF-TOKEN\\\": \\\"<?= $csrfToken ?>\\\"}'\"\n )\n\n return None\n\n\ndef htmx_c4_delete_requires_confirm(file_path: str, content: str) -> Optional[dict]:\n \"\"\"HTMX-C4: hx-delete MUSS hx-confirm Attribut haben.\"\"\"\n if not is_view_file(file_path):\n return None\n\n hx_delete_pattern = r'hx-delete\\s*=\\s*[\"\\'][^\"\\']+[\"\\']'\n hx_deletes = list(re.finditer(hx_delete_pattern, content))\n\n if not hx_deletes:\n return None\n\n for match in hx_deletes:\n # Suche im Element-Kontext (vom < bis zum nächsten >)\n # Gehe zurück bis zum < und vorwärts bis zum >\n element_start = content.rfind('<', 0, match.start())\n element_end = content.find('>', match.end())\n\n if element_start == -1 or element_end == -1:\n continue\n\n element = content[element_start:element_end + 1]\n\n if 'hx-confirm' not in element:\n line_num = content[:match.start()].count('\\n') + 1\n return block(\n \"HTMX-C4\",\n f\"hx-delete at line {line_num} missing confirmation. \"\n \"Add: hx-confirm=\\\"Wirklich loeschen?\\\"\"\n )\n\n return None\n\n\n# =============================================================================\n# RULE COLLECTION\n# =============================================================================\n\nRULES = [\n htmx_c1_csrf_on_post,\n htmx_c2_csrf_on_delete,\n htmx_c3_csrf_on_patch,\n htmx_c4_delete_requires_confirm,\n]\n",
"numLines": 158,
"startLine": 1,
"totalLines": 158
}
}
}