[
  {
    "id": "plugin_cerberus_wrap_pre",
    "hook_point": "*.Tool.bash.pre",
    "command": "python3 <wrap_bash_with_cerberus_script.py>",
    "config": {
      "cerberus_path": "~/.cargo/bin/cerberus",
      "policy_file": "<policy_file_path>"
    }
  },
  {
    "id": "plugin_cerberus_alert_post",
    "hook_point": "*.Tool.bash.post",
    "command": "python3 <alert_on_cerberus_permission_script.py>",
    "config": {
      "alert_log_path": "<alert_log_path>",
      "denial_markers": [
        "Error: Execution error: Filter error:",
        "Sandbox capability error:",
        "Violation triggered",
        "Seccomp setup failed:",
        "Mount isolation failed:",
        "Namespace setup failed:",
        "Permission denied",
        "/etc/shadow",
        "Could not resolve host"
      ]
    }
  }
]