longline 0.10.2

System-installed safety hook for Claude Code
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252

# Django: safe manage.py commands and destructive operations

allowlists:
  commands:
    # ── Django: safe manage.py commands (read-only/inspection) ─────
    - { command: "python manage.py check", trust: minimal }
    - { command: "python manage.py showmigrations", trust: minimal }
    - { command: "python manage.py diffsettings", trust: minimal }
    - { command: "python manage.py sqlmigrate", trust: minimal }
    - { command: "python manage.py sqlflush", trust: minimal }
    - { command: "python manage.py sqlsequencereset", trust: minimal }
    - { command: "python manage.py inspectdb", trust: minimal }
    # ── Django: common dev commands ───────────────────────────────────
    - { command: "python manage.py test", trust: standard, reason: "Runs Django tests" }
    - { command: "python manage.py makemigrations", trust: standard, reason: "Creates Django database migration files" }
    - { command: "python manage.py runserver", trust: standard, reason: "Starts the Django development server" }
    - { command: "python manage.py startapp", trust: standard, reason: "Creates a new Django application" }
    - { command: "python manage.py startproject", trust: standard, reason: "Creates a new Django project" }
    - { command: "python manage.py dumpdata", trust: standard, reason: "Exports Django database data as JSON" }
    - { command: "python manage.py makemessages", trust: standard, reason: "Extracts translatable strings for i18n" }
    - { command: "python manage.py compilemessages", trust: standard, reason: "Compiles translation message files" }
    # ── Django: python3 variants (read-only/inspection) ───────────────
    - { command: "python3 manage.py check", trust: minimal }
    - { command: "python3 manage.py showmigrations", trust: minimal }
    - { command: "python3 manage.py diffsettings", trust: minimal }
    - { command: "python3 manage.py sqlmigrate", trust: minimal }
    - { command: "python3 manage.py sqlflush", trust: minimal }
    - { command: "python3 manage.py sqlsequencereset", trust: minimal }
    - { command: "python3 manage.py inspectdb", trust: minimal }
    # ── Django: python3 common dev commands ──────────────────────────
    - { command: "python3 manage.py test", trust: standard, reason: "Runs Django tests" }
    - { command: "python3 manage.py makemigrations", trust: standard, reason: "Creates Django database migration files" }
    - { command: "python3 manage.py runserver", trust: standard, reason: "Starts the Django development server" }
    - { command: "python3 manage.py startapp", trust: standard, reason: "Creates a new Django application" }
    - { command: "python3 manage.py startproject", trust: standard, reason: "Creates a new Django project" }
    - { command: "python3 manage.py dumpdata", trust: standard, reason: "Exports Django database data as JSON" }
    - { command: "python3 manage.py makemessages", trust: standard, reason: "Extracts translatable strings for i18n" }
    - { command: "python3 manage.py compilemessages", trust: standard, reason: "Compiles translation message files" }
    # ── Django: uv run variants (read-only/inspection) ────────────────
    - { command: "uv run python manage.py check", trust: minimal }
    - { command: "uv run python manage.py showmigrations", trust: minimal }
    - { command: "uv run python manage.py diffsettings", trust: minimal }
    - { command: "uv run python manage.py sqlmigrate", trust: minimal }
    - { command: "uv run python manage.py sqlflush", trust: minimal }
    - { command: "uv run python manage.py sqlsequencereset", trust: minimal }
    - { command: "uv run python manage.py inspectdb", trust: minimal }
    # ── Django: uv run common dev commands ────────────────────────────
    - { command: "uv run python manage.py test", trust: standard, reason: "Runs Django tests" }
    - { command: "uv run python manage.py makemigrations", trust: standard, reason: "Creates Django database migration files" }
    - { command: "uv run python manage.py migrate", trust: standard, reason: "Applies Django database migrations" }
    - { command: "uv run python manage.py runserver", trust: standard, reason: "Starts the Django development server" }
    - { command: "uv run python manage.py startapp", trust: standard, reason: "Creates a new Django application" }
    - { command: "uv run python manage.py startproject", trust: standard, reason: "Creates a new Django project" }
    - { command: "uv run python manage.py dumpdata", trust: standard, reason: "Exports Django database data as JSON" }
    - { command: "uv run python manage.py makemessages", trust: standard, reason: "Extracts translatable strings for i18n" }
    - { command: "uv run python manage.py compilemessages", trust: standard, reason: "Compiles translation message files" }
    # ── Django: uv run python3 variants (read-only/inspection) ────────
    - { command: "uv run python3 manage.py check", trust: minimal }
    - { command: "uv run python3 manage.py showmigrations", trust: minimal }
    - { command: "uv run python3 manage.py diffsettings", trust: minimal }
    - { command: "uv run python3 manage.py sqlmigrate", trust: minimal }
    - { command: "uv run python3 manage.py sqlflush", trust: minimal }
    - { command: "uv run python3 manage.py sqlsequencereset", trust: minimal }
    - { command: "uv run python3 manage.py inspectdb", trust: minimal }
    # ── Django: uv run python3 common dev commands ───────────────────
    - { command: "uv run python3 manage.py test", trust: standard, reason: "Runs Django tests" }
    - { command: "uv run python3 manage.py makemigrations", trust: standard, reason: "Creates Django database migration files" }
    - { command: "uv run python3 manage.py migrate", trust: standard, reason: "Applies Django database migrations" }
    - { command: "uv run python3 manage.py runserver", trust: standard, reason: "Starts the Django development server" }
    - { command: "uv run python3 manage.py startapp", trust: standard, reason: "Creates a new Django application" }
    - { command: "uv run python3 manage.py startproject", trust: standard, reason: "Creates a new Django project" }
    - { command: "uv run python3 manage.py dumpdata", trust: standard, reason: "Exports Django database data as JSON" }
    - { command: "uv run python3 manage.py makemessages", trust: standard, reason: "Extracts translatable strings for i18n" }
    - { command: "uv run python3 manage.py compilemessages", trust: standard, reason: "Compiles translation message files" }

rules:
  # ============================================================
  # HIGH: Django destructive operations
  # ============================================================
  - id: django-migrate
    level: high
    match:
      command:
        any_of: [python, python3]
      args:
        any_of: ["manage.py", "*/manage.py"]
      flags:
        any_of: ["migrate"]
    decision: ask
    reason: "Django migrate modifies database schema"

  - id: django-flush
    level: high
    match:
      command:
        any_of: [python, python3]
      args:
        any_of: ["manage.py", "*/manage.py"]
      flags:
        any_of: ["flush"]
    decision: ask
    reason: "Django flush deletes all data from database"

  - id: django-loaddata
    level: high
    match:
      command:
        any_of: [python, python3]
      args:
        any_of: ["manage.py", "*/manage.py"]
      flags:
        any_of: ["loaddata"]
    decision: ask
    reason: "Django loaddata modifies database content"

  - id: django-createsuperuser
    level: high
    match:
      command:
        any_of: [python, python3]
      args:
        any_of: ["manage.py", "*/manage.py"]
      flags:
        any_of: ["createsuperuser"]
    decision: ask
    reason: "Django createsuperuser creates admin user"

  - id: django-changepassword
    level: high
    match:
      command:
        any_of: [python, python3]
      args:
        any_of: ["manage.py", "*/manage.py"]
      flags:
        any_of: ["changepassword"]
    decision: ask
    reason: "Django changepassword modifies user credentials"

  - id: django-clearsessions
    level: high
    match:
      command:
        any_of: [python, python3]
      args:
        any_of: ["manage.py", "*/manage.py"]
      flags:
        any_of: ["clearsessions"]
    decision: ask
    reason: "Django clearsessions deletes session data"

  - id: django-dbshell
    level: high
    match:
      command:
        any_of: [python, python3]
      args:
        any_of: ["manage.py", "*/manage.py"]
      flags:
        any_of: ["dbshell"]
    decision: ask
    reason: "Django dbshell provides direct database access"

  - id: django-shell
    level: high
    match:
      command:
        any_of: [python, python3]
      args:
        any_of: ["manage.py", "*/manage.py"]
      flags:
        any_of: ["shell", "shell_plus"]
    decision: ask
    reason: "Django shell provides arbitrary code execution"

  # ── Django: uv run variants ───────────────────────────────────
  - id: uv-django-flush
    level: high
    match:
      command: uv
      args:
        any_of: ["run"]
      flags:
        any_of: ["flush"]
    decision: ask
    reason: "Django flush deletes all data from database"

  - id: uv-django-loaddata
    level: high
    match:
      command: uv
      args:
        any_of: ["run"]
      flags:
        any_of: ["loaddata"]
    decision: ask
    reason: "Django loaddata modifies database content"

  - id: uv-django-createsuperuser
    level: high
    match:
      command: uv
      args:
        any_of: ["run"]
      flags:
        any_of: ["createsuperuser"]
    decision: ask
    reason: "Django createsuperuser creates admin user"

  - id: uv-django-changepassword
    level: high
    match:
      command: uv
      args:
        any_of: ["run"]
      flags:
        any_of: ["changepassword"]
    decision: ask
    reason: "Django changepassword modifies user credentials"

  - id: uv-django-clearsessions
    level: high
    match:
      command: uv
      args:
        any_of: ["run"]
      flags:
        any_of: ["clearsessions"]
    decision: ask
    reason: "Django clearsessions deletes session data"

  - id: uv-django-dbshell
    level: high
    match:
      command: uv
      args:
        any_of: ["run"]
      flags:
        any_of: ["dbshell"]
    decision: ask
    reason: "Django dbshell provides direct database access"

  - id: uv-django-shell
    level: high
    match:
      command: uv
      args:
        any_of: ["run"]
      flags:
        any_of: ["shell", "shell_plus"]
    decision: ask
    reason: "Django shell provides arbitrary code execution"