safe-chains 0.136.0

Auto-allow safe bash commands in agentic coding tools
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

[[command]]
name = "dotnet"
description = "Unified CLI for the .NET platform covering project creation, building, testing, publishing, and package management. build and test compile and execute code, meaning they run arbitrary user-authored code (test especially, since test projects can do anything a normal program can). list is read-only, querying local package metadata. publish, run, and pack (not listed here) can produce artifacts or execute code. The CLI is network-aware: restore and publish reach out to NuGet feeds. Microsoft ships a major .NET release annually each November with monthly servicing patches; new CLI subcommands (e.g. dotnet tool exec in .NET 10) and flags are added with each major version."
url = "https://learn.microsoft.com/en-us/dotnet/core/tools/"
bare_flags = ["--help", "--info", "--list-runtimes", "--list-sdks", "--version", "-V", "-h"]

[[command.sub]]
name = "build"
level = "SafeWrite"
standalone = [
    "--force", "--help", "--no-dependencies", "--no-incremental",
    "--no-restore", "--nologo", "--self-contained",
    "--tl", "--use-current-runtime",
    "-h",
]
valued = [
    "--arch", "--artifacts-path", "--configuration", "--framework",
    "--os", "--output", "--property", "--runtime", "--source",
    "--verbosity", "--version-suffix",
    "-a", "-c", "-f", "-o", "-p", "-r", "-s", "-v",
]

[[command.sub]]
name = "list"
standalone = [
    "--deprecated", "--help", "--highest-minor", "--highest-patch",
    "--include-prerelease", "--include-transitive", "--outdated",
    "--vulnerable",
    "-h",
]
valued = [
    "--config", "--format", "--framework", "--source", "--verbosity",
    "-v",
]

[[command.sub]]
name = "test"
level = "SafeRead"
standalone = [
    "--blame", "--blame-crash", "--blame-hang", "--force",
    "--help", "--list-tests", "--no-build", "--no-dependencies",
    "--no-restore", "--nologo",
    "-h",
]
valued = [
    "--arch", "--artifacts-path", "--blame-crash-collect-always",
    "--blame-crash-dump-type", "--blame-hang-dump-type",
    "--blame-hang-timeout", "--collect", "--configuration",
    "--diag", "--environment", "--filter", "--framework",
    "--logger", "--os", "--output", "--property",
    "--results-directory", "--runtime", "--settings",
    "--test-adapter-path", "--verbosity",
    "-a", "-c", "-d", "-e", "-f", "-l", "-o", "-r", "-s", "-v",
]