longline 0.12.1

System-installed safety hook for Claude Code
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259

# Node.js: node, npm, npx, pnpm, bunx, yarn ecosystems

allowlists:
  commands:
    # ── Node: version checks ──────────────────────────────────────────
    - { command: "node --version", trust: minimal }
    - { command: "node -v", trust: minimal }
    # ── npm: read-only invocations ───────────────────────────────────
    - { command: "npm ls", trust: minimal }
    - { command: "npm outdated", trust: minimal }
    - { command: "npm audit", trust: minimal }
    - { command: "npm info", trust: minimal }
    # ── npm: build/test/run tools ────────────────────────────────────
    # npm install/ci/exec - covered by rules (ask for confirmation)
    - { command: "npm test", trust: standard, reason: "Runs the project's test suite" }
    - { command: "npm run", trust: standard, reason: "Runs a script defined in package.json" }
    - { command: "npm start", trust: standard, reason: "Starts the application" }
    - { command: "npm init", trust: standard, reason: "Creates a new package.json" }
    - { command: "npm pack", trust: standard, reason: "Creates a tarball from a package" }
    # ── npx: local dev tool invocations ────────────────────────────────
    # npx runs tools from local node_modules or downloads them.
    # Only known-safe dev tools are listed here; unknown packages
    # still get ask via default_decision.
    # -- Test runners --
    - { command: "npx vitest", trust: standard, reason: "Runs tests" }
    - { command: "npx jest", trust: standard, reason: "Runs tests" }
    - { command: "npx mocha", trust: standard, reason: "Runs tests" }
    - { command: "npx playwright", trust: standard, reason: "Runs end-to-end tests" }
    - { command: "npx cypress", trust: standard, reason: "Runs end-to-end tests" }
    - { command: "npx ava", trust: standard, reason: "Runs tests" }
    # -- Linters --
    - { command: "npx eslint", trust: standard, reason: "Lints JavaScript/TypeScript code" }
    - { command: "npx biome", trust: standard, reason: "Lints and formats code" }
    - { command: "npx stylelint", trust: standard, reason: "Lints CSS and style files" }
    - { command: "npx markdownlint", trust: standard, reason: "Lints Markdown files" }
    - { command: "npx oxlint", trust: standard, reason: "Lints JavaScript/TypeScript code" }
    # -- Formatters --
    - { command: "npx prettier", trust: standard, reason: "Formats source files" }
    # -- Type checkers --
    - { command: "npx tsc", trust: standard, reason: "Type-checks TypeScript code" }
    - { command: "npx vue-tsc", trust: standard, reason: "Type-checks Vue TypeScript code" }
    - { command: "npx svelte-check", trust: standard, reason: "Type-checks Svelte code" }
    # -- Build/dev tools --
    - { command: "npx vite", trust: standard, reason: "Runs the Vite development server or bundler" }
    - { command: "npx webpack", trust: standard, reason: "Bundles project files" }
    - { command: "npx rollup", trust: standard, reason: "Bundles project files" }
    - { command: "npx esbuild", trust: standard, reason: "Bundles project files" }
    - { command: "npx turbo", trust: standard, reason: "Runs build tasks across the monorepo" }
    - { command: "npx nx", trust: standard, reason: "Runs build tasks across the monorepo" }
    - { command: "npx next", trust: standard, reason: "Runs Next.js CLI commands" }
    - { command: "npx nuxt", trust: standard, reason: "Runs Nuxt CLI commands" }
    - { command: "npx astro", trust: standard, reason: "Runs Astro CLI commands" }
    - { command: "npx svelte-kit", trust: standard, reason: "Runs SvelteKit CLI commands" }
    # -- Dev utilities --
    - { command: "npx storybook", trust: standard, reason: "Runs Storybook component explorer" }
    - { command: "npx tailwindcss", trust: standard, reason: "Processes Tailwind CSS" }
    - { command: "npx postcss", trust: standard, reason: "Processes CSS with PostCSS plugins" }
    - { command: "npx lint-staged", trust: standard, reason: "Runs linters on staged files" }
    - { command: "npx tsx", trust: standard, reason: "Runs TypeScript files directly" }
    - { command: "npx ts-node", trust: standard, reason: "Runs TypeScript files directly" }
    # ── pnpm: direct tool invocations ──────────────────────────────────
    # pnpm <tool> runs from local node_modules, same as pnpm exec <tool>.
    # -- Test runners --
    - { command: "pnpm vitest", trust: standard, reason: "Runs tests" }
    - { command: "pnpm jest", trust: standard, reason: "Runs tests" }
    - { command: "pnpm mocha", trust: standard, reason: "Runs tests" }
    - { command: "pnpm playwright", trust: standard, reason: "Runs end-to-end tests" }
    - { command: "pnpm cypress", trust: standard, reason: "Runs end-to-end tests" }
    - { command: "pnpm ava", trust: standard, reason: "Runs tests" }
    # -- Linters --
    - { command: "pnpm eslint", trust: standard, reason: "Lints JavaScript/TypeScript code" }
    - { command: "pnpm biome", trust: standard, reason: "Lints and formats code" }
    - { command: "pnpm stylelint", trust: standard, reason: "Lints CSS and style files" }
    - { command: "pnpm markdownlint", trust: standard, reason: "Lints Markdown files" }
    - { command: "pnpm oxlint", trust: standard, reason: "Lints JavaScript/TypeScript code" }
    # -- Formatters --
    - { command: "pnpm prettier", trust: standard, reason: "Formats source files" }
    # -- Type checkers --
    - { command: "pnpm tsc", trust: standard, reason: "Type-checks TypeScript code" }
    - { command: "pnpm vue-tsc", trust: standard, reason: "Type-checks Vue TypeScript code" }
    - { command: "pnpm svelte-check", trust: standard, reason: "Type-checks Svelte code" }
    # -- Build/dev tools --
    - { command: "pnpm vite", trust: standard, reason: "Runs the Vite development server or bundler" }
    - { command: "pnpm webpack", trust: standard, reason: "Bundles project files" }
    - { command: "pnpm rollup", trust: standard, reason: "Bundles project files" }
    - { command: "pnpm esbuild", trust: standard, reason: "Bundles project files" }
    - { command: "pnpm turbo", trust: standard, reason: "Runs build tasks across the monorepo" }
    - { command: "pnpm nx", trust: standard, reason: "Runs build tasks across the monorepo" }
    - { command: "pnpm next", trust: standard, reason: "Runs Next.js CLI commands" }
    - { command: "pnpm nuxt", trust: standard, reason: "Runs Nuxt CLI commands" }
    - { command: "pnpm astro", trust: standard, reason: "Runs Astro CLI commands" }
    - { command: "pnpm svelte-kit", trust: standard, reason: "Runs SvelteKit CLI commands" }
    # -- Dev utilities --
    - { command: "pnpm storybook", trust: standard, reason: "Runs Storybook component explorer" }
    - { command: "pnpm tailwindcss", trust: standard, reason: "Processes Tailwind CSS" }
    - { command: "pnpm postcss", trust: standard, reason: "Processes CSS with PostCSS plugins" }
    - { command: "pnpm lint-staged", trust: standard, reason: "Runs linters on staged files" }
    - { command: "pnpm tsx", trust: standard, reason: "Runs TypeScript files directly" }
    - { command: "pnpm ts-node", trust: standard, reason: "Runs TypeScript files directly" }
    # ── pnpm exec: specific safe dev tools ────────────────────────────
    # pnpm exec is NOT blanket-allowed (can run arbitrary system commands).
    # Only known-safe dev tools listed; unknown commands get ask via default.
    # -- Test runners --
    - { command: "pnpm exec vitest", trust: standard, reason: "Runs tests" }
    - { command: "pnpm exec jest", trust: standard, reason: "Runs tests" }
    - { command: "pnpm exec mocha", trust: standard, reason: "Runs tests" }
    - { command: "pnpm exec playwright", trust: standard, reason: "Runs end-to-end tests" }
    - { command: "pnpm exec cypress", trust: standard, reason: "Runs end-to-end tests" }
    - { command: "pnpm exec ava", trust: standard, reason: "Runs tests" }
    # -- Linters --
    - { command: "pnpm exec eslint", trust: standard, reason: "Lints JavaScript/TypeScript code" }
    - { command: "pnpm exec biome", trust: standard, reason: "Lints and formats code" }
    - { command: "pnpm exec stylelint", trust: standard, reason: "Lints CSS and style files" }
    - { command: "pnpm exec markdownlint", trust: standard, reason: "Lints Markdown files" }
    - { command: "pnpm exec oxlint", trust: standard, reason: "Lints JavaScript/TypeScript code" }
    # -- Formatters --
    - { command: "pnpm exec prettier", trust: standard, reason: "Formats source files" }
    # -- Type checkers --
    - { command: "pnpm exec tsc", trust: standard, reason: "Type-checks TypeScript code" }
    - { command: "pnpm exec vue-tsc", trust: standard, reason: "Type-checks Vue TypeScript code" }
    - { command: "pnpm exec svelte-check", trust: standard, reason: "Type-checks Svelte code" }
    # -- Build/dev tools --
    - { command: "pnpm exec vite", trust: standard, reason: "Runs the Vite development server or bundler" }
    - { command: "pnpm exec webpack", trust: standard, reason: "Bundles project files" }
    - { command: "pnpm exec rollup", trust: standard, reason: "Bundles project files" }
    - { command: "pnpm exec esbuild", trust: standard, reason: "Bundles project files" }
    - { command: "pnpm exec turbo", trust: standard, reason: "Runs build tasks across the monorepo" }
    - { command: "pnpm exec nx", trust: standard, reason: "Runs build tasks across the monorepo" }
    - { command: "pnpm exec next", trust: standard, reason: "Runs Next.js CLI commands" }
    - { command: "pnpm exec nuxt", trust: standard, reason: "Runs Nuxt CLI commands" }
    - { command: "pnpm exec astro", trust: standard, reason: "Runs Astro CLI commands" }
    - { command: "pnpm exec svelte-kit", trust: standard, reason: "Runs SvelteKit CLI commands" }
    # -- Dev utilities --
    - { command: "pnpm exec storybook", trust: standard, reason: "Runs Storybook component explorer" }
    - { command: "pnpm exec tailwindcss", trust: standard, reason: "Processes Tailwind CSS" }
    - { command: "pnpm exec postcss", trust: standard, reason: "Processes CSS with PostCSS plugins" }
    - { command: "pnpm exec lint-staged", trust: standard, reason: "Runs linters on staged files" }
    - { command: "pnpm exec tsx", trust: standard, reason: "Runs TypeScript files directly" }
    - { command: "pnpm exec ts-node", trust: standard, reason: "Runs TypeScript files directly" }
    # ── bunx: local dev tool invocations ───────────────────────────────
    # bunx is bun's equivalent of npx. Same tool list.
    # -- Test runners --
    - { command: "bunx vitest", trust: standard, reason: "Runs tests" }
    - { command: "bunx jest", trust: standard, reason: "Runs tests" }
    - { command: "bunx mocha", trust: standard, reason: "Runs tests" }
    - { command: "bunx playwright", trust: standard, reason: "Runs end-to-end tests" }
    - { command: "bunx cypress", trust: standard, reason: "Runs end-to-end tests" }
    - { command: "bunx ava", trust: standard, reason: "Runs tests" }
    # -- Linters --
    - { command: "bunx eslint", trust: standard, reason: "Lints JavaScript/TypeScript code" }
    - { command: "bunx biome", trust: standard, reason: "Lints and formats code" }
    - { command: "bunx stylelint", trust: standard, reason: "Lints CSS and style files" }
    - { command: "bunx markdownlint", trust: standard, reason: "Lints Markdown files" }
    - { command: "bunx oxlint", trust: standard, reason: "Lints JavaScript/TypeScript code" }
    # -- Formatters --
    - { command: "bunx prettier", trust: standard, reason: "Formats source files" }
    # -- Type checkers --
    - { command: "bunx tsc", trust: standard, reason: "Type-checks TypeScript code" }
    - { command: "bunx vue-tsc", trust: standard, reason: "Type-checks Vue TypeScript code" }
    - { command: "bunx svelte-check", trust: standard, reason: "Type-checks Svelte code" }
    # -- Build/dev tools --
    - { command: "bunx vite", trust: standard, reason: "Runs the Vite development server or bundler" }
    - { command: "bunx webpack", trust: standard, reason: "Bundles project files" }
    - { command: "bunx rollup", trust: standard, reason: "Bundles project files" }
    - { command: "bunx esbuild", trust: standard, reason: "Bundles project files" }
    - { command: "bunx turbo", trust: standard, reason: "Runs build tasks across the monorepo" }
    - { command: "bunx nx", trust: standard, reason: "Runs build tasks across the monorepo" }
    - { command: "bunx next", trust: standard, reason: "Runs Next.js CLI commands" }
    - { command: "bunx nuxt", trust: standard, reason: "Runs Nuxt CLI commands" }
    - { command: "bunx astro", trust: standard, reason: "Runs Astro CLI commands" }
    - { command: "bunx svelte-kit", trust: standard, reason: "Runs SvelteKit CLI commands" }
    # -- Dev utilities --
    - { command: "bunx storybook", trust: standard, reason: "Runs Storybook component explorer" }
    - { command: "bunx tailwindcss", trust: standard, reason: "Processes Tailwind CSS" }
    - { command: "bunx postcss", trust: standard, reason: "Processes CSS with PostCSS plugins" }
    - { command: "bunx lint-staged", trust: standard, reason: "Runs linters on staged files" }
    - { command: "bunx tsx", trust: standard, reason: "Runs TypeScript files directly" }
    - { command: "bunx ts-node", trust: standard, reason: "Runs TypeScript files directly" }
    # ── yarn dlx: dev tool invocations ─────────────────────────────────
    # yarn dlx is yarn's equivalent of npx. Same tool list.
    # -- Test runners --
    - { command: "yarn dlx vitest", trust: standard, reason: "Runs tests" }
    - { command: "yarn dlx jest", trust: standard, reason: "Runs tests" }
    - { command: "yarn dlx mocha", trust: standard, reason: "Runs tests" }
    - { command: "yarn dlx playwright", trust: standard, reason: "Runs end-to-end tests" }
    - { command: "yarn dlx cypress", trust: standard, reason: "Runs end-to-end tests" }
    - { command: "yarn dlx ava", trust: standard, reason: "Runs tests" }
    # -- Linters --
    - { command: "yarn dlx eslint", trust: standard, reason: "Lints JavaScript/TypeScript code" }
    - { command: "yarn dlx biome", trust: standard, reason: "Lints and formats code" }
    - { command: "yarn dlx stylelint", trust: standard, reason: "Lints CSS and style files" }
    - { command: "yarn dlx markdownlint", trust: standard, reason: "Lints Markdown files" }
    - { command: "yarn dlx oxlint", trust: standard, reason: "Lints JavaScript/TypeScript code" }
    # -- Formatters --
    - { command: "yarn dlx prettier", trust: standard, reason: "Formats source files" }
    # -- Type checkers --
    - { command: "yarn dlx tsc", trust: standard, reason: "Type-checks TypeScript code" }
    - { command: "yarn dlx vue-tsc", trust: standard, reason: "Type-checks Vue TypeScript code" }
    - { command: "yarn dlx svelte-check", trust: standard, reason: "Type-checks Svelte code" }
    # -- Build/dev tools --
    - { command: "yarn dlx vite", trust: standard, reason: "Runs the Vite development server or bundler" }
    - { command: "yarn dlx webpack", trust: standard, reason: "Bundles project files" }
    - { command: "yarn dlx rollup", trust: standard, reason: "Bundles project files" }
    - { command: "yarn dlx esbuild", trust: standard, reason: "Bundles project files" }
    - { command: "yarn dlx turbo", trust: standard, reason: "Runs build tasks across the monorepo" }
    - { command: "yarn dlx nx", trust: standard, reason: "Runs build tasks across the monorepo" }
    - { command: "yarn dlx next", trust: standard, reason: "Runs Next.js CLI commands" }
    - { command: "yarn dlx nuxt", trust: standard, reason: "Runs Nuxt CLI commands" }
    - { command: "yarn dlx astro", trust: standard, reason: "Runs Astro CLI commands" }
    - { command: "yarn dlx svelte-kit", trust: standard, reason: "Runs SvelteKit CLI commands" }
    # -- Dev utilities --
    - { command: "yarn dlx storybook", trust: standard, reason: "Runs Storybook component explorer" }
    - { command: "yarn dlx tailwindcss", trust: standard, reason: "Processes Tailwind CSS" }
    - { command: "yarn dlx postcss", trust: standard, reason: "Processes CSS with PostCSS plugins" }
    - { command: "yarn dlx lint-staged", trust: standard, reason: "Runs linters on staged files" }
    - { command: "yarn dlx tsx", trust: standard, reason: "Runs TypeScript files directly" }
    - { command: "yarn dlx ts-node", trust: standard, reason: "Runs TypeScript files directly" }
    # ── yarn exec: specific safe dev tools ────────────────────────────
    # yarn exec is NOT blanket-allowed (can run arbitrary shell commands).
    # Only known-safe dev tools listed; unknown commands get ask via default.
    # -- Test runners --
    - { command: "yarn exec vitest", trust: standard, reason: "Runs tests" }
    - { command: "yarn exec jest", trust: standard, reason: "Runs tests" }
    - { command: "yarn exec mocha", trust: standard, reason: "Runs tests" }
    - { command: "yarn exec playwright", trust: standard, reason: "Runs end-to-end tests" }
    - { command: "yarn exec cypress", trust: standard, reason: "Runs end-to-end tests" }
    - { command: "yarn exec ava", trust: standard, reason: "Runs tests" }
    # -- Linters --
    - { command: "yarn exec eslint", trust: standard, reason: "Lints JavaScript/TypeScript code" }
    - { command: "yarn exec biome", trust: standard, reason: "Lints and formats code" }
    - { command: "yarn exec stylelint", trust: standard, reason: "Lints CSS and style files" }
    - { command: "yarn exec markdownlint", trust: standard, reason: "Lints Markdown files" }
    - { command: "yarn exec oxlint", trust: standard, reason: "Lints JavaScript/TypeScript code" }
    # -- Formatters --
    - { command: "yarn exec prettier", trust: standard, reason: "Formats source files" }
    # -- Type checkers --
    - { command: "yarn exec tsc", trust: standard, reason: "Type-checks TypeScript code" }
    - { command: "yarn exec vue-tsc", trust: standard, reason: "Type-checks Vue TypeScript code" }
    - { command: "yarn exec svelte-check", trust: standard, reason: "Type-checks Svelte code" }
    # -- Build/dev tools --
    - { command: "yarn exec vite", trust: standard, reason: "Runs the Vite development server or bundler" }
    - { command: "yarn exec webpack", trust: standard, reason: "Bundles project files" }
    - { command: "yarn exec rollup", trust: standard, reason: "Bundles project files" }
    - { command: "yarn exec esbuild", trust: standard, reason: "Bundles project files" }
    - { command: "yarn exec turbo", trust: standard, reason: "Runs build tasks across the monorepo" }
    - { command: "yarn exec nx", trust: standard, reason: "Runs build tasks across the monorepo" }
    - { command: "yarn exec next", trust: standard, reason: "Runs Next.js CLI commands" }
    - { command: "yarn exec nuxt", trust: standard, reason: "Runs Nuxt CLI commands" }
    - { command: "yarn exec astro", trust: standard, reason: "Runs Astro CLI commands" }
    - { command: "yarn exec svelte-kit", trust: standard, reason: "Runs SvelteKit CLI commands" }
    # -- Dev utilities --
    - { command: "yarn exec storybook", trust: standard, reason: "Runs Storybook component explorer" }
    - { command: "yarn exec tailwindcss", trust: standard, reason: "Processes Tailwind CSS" }
    - { command: "yarn exec postcss", trust: standard, reason: "Processes CSS with PostCSS plugins" }
    - { command: "yarn exec lint-staged", trust: standard, reason: "Runs linters on staged files" }
    - { command: "yarn exec tsx", trust: standard, reason: "Runs TypeScript files directly" }
    - { command: "yarn exec ts-node", trust: standard, reason: "Runs TypeScript files directly" }

rules: []