hook-regex-false-positives-require-cmd-start-not-backup-anchors
The destructive-ops-blocker had two structural flaws: (1) \b word boundary matched MEMORY.md inside MEMORY.md.bak.123 because . is a non-word char, and (2) bare (rm|mv) regex matched ‘rm’ inside echo string literals. Fix: anchor with CMD_START = r’(?:^|[;&|`(]\s*)’ to require command position, and NOT_BACKUP = r’(?![.\w])’ to reject backup-suffixed filenames. Always build a 12-case test suite (real files blocked, backup allowed, string literals allowed) before deploying hook changes.
Related
- destructive-ops-blocker-false-positive-on-backup-suffixes
- hook-regex-needs-cmdstart-and-notbackup-anchors-to-prevent-f
- destructive-hook-regex-word-boundary-backup-false-positive
- destructive-hook-regex-matches-rm-inside-echo-strings
- brainstorming-hardgate-blocks-stop-hook-creating-loop
- hook-regex-cmd-start-not-backup-anchors-required
- hook-regex-word-boundary-false-positives-on-backups
- hook-regex-false-positives-cmd-start-not-backup-anchors
- pine-script-alertcondition-invalid-in-strategy-mode
- session-close-phase-1-6-disposition-is-not-resolution
- security-hook-blocks-exec-eval-tokens-in-prose
- react-native-web-is-wrong-pwa-stack