# Claude Code PreToolUse hook: DB-vedelem — csak _DEV nevu adatbazis erheto el shell-parancsbol.
# Bemenet: hook JSON a stdin-en; ha a parancs connection stringet tartalmaz (Initial Catalog= / Database=)
# es a DB-nev NEM tartalmazza a "_DEV"-et, a tool-hivast DENY-jal blokkolja.

$payloadText = [Console]::In.ReadToEnd()
if ([string]::IsNullOrWhiteSpace($payloadText)) { exit 0 }

try { $payload = $payloadText | ConvertFrom-Json } catch { exit 0 }

$command = $payload.tool_input.command
if ([string]::IsNullOrWhiteSpace($command)) { exit 0 }

$pattern = [regex]'(?i)(?:Initial\s+Catalog|Database)\s*=\s*([^;"''\s]+)'

foreach ($match in $pattern.Matches($command)) {
    $dbName = $match.Groups[1].Value
    if ($dbName -notmatch '(?i)_DEV') {
        $reason = "Blokkolt: csak _DEV adatbazis modosithato! (talalt adatbazis: $dbName)"
        $result = @{ hookSpecificOutput = @{ hookEventName = 'PreToolUse'; permissionDecision = 'deny'; permissionDecisionReason = $reason } }
        Write-Output ($result | ConvertTo-Json -Depth 5 -Compress)
        exit 0
    }
}

exit 0