#!/bin/bash
# PreToolUse hook: Block Bash commands that should use dedicated tools.
# Runs before every Bash call (main agent + subagents).
# Exit 0 = allow, Exit 2 = block with message.

INPUT=$(cat)
COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // empty')

# Strip leading whitespace and env vars (e.g. FOO=bar cat file)
CLEAN=$(echo "$COMMAND" | sed 's/^[[:space:]]*//' | sed 's/^[A-Za-z_][A-Za-z_0-9]*=[^ ]* *//')

# Extract the first word (the actual command)
FIRST=$(echo "$CLEAN" | awk '{print $1}' | sed 's|.*/||')

case "$FIRST" in
  cat)
    echo "Use the Read tool instead of cat." >&2
    exit 2
    ;;
  head|tail)
    echo "Use the Read tool (with offset/limit) instead of $FIRST." >&2
    exit 2
    ;;
  ls)
    echo "Use the Glob tool instead of ls." >&2
    exit 2
    ;;
  find)
    echo "Use the Glob tool instead of find." >&2
    exit 2
    ;;
  grep|rg)
    echo "Use the Grep tool instead of $FIRST." >&2
    exit 2
    ;;
  sed|awk)
    echo "Use the Edit tool instead of $FIRST." >&2
    exit 2
    ;;
  echo)
    # Block echo used for file writing (echo > file, echo >> file)
    if echo "$COMMAND" | grep -qE '>\s*\S'; then
      echo "Use the Write or Edit tool instead of echo redirection." >&2
      exit 2
    fi
    ;;
esac

exit 0