safe-chains 0.185.0

Auto-allow safe bash commands in agentic coding tools
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98

[[command]]
name = "pre-commit"
description = "Multi-language framework for managing pre-commit / pre-push / commit-msg hooks. install writes git hook scripts into .git/hooks/ that delegate to pre-commit on commit. uninstall removes them. autoupdate rewrites .pre-commit-config.yaml with newer hook revisions (network — fetches each repo's tags). gc cleans unused hooks from the cache. clean removes the entire pre-commit cache. validate-config and validate-manifest are read-only schema checks. sample-config prints a default config to stdout. run, hook-impl, try-repo, init-templatedir, migrate-config all execute hook commands or modify config files — those are not part of the safe surface."
url = "https://pre-commit.com/"
researched_version = "pre-commit 4.x"
bare_flags = ["--help", "--version", "-h"]

[[command.sub]]
name = "install"
level = "SafeWrite"
bare = true
standalone = [
    "--allow-missing-config", "--config",
    "--help", "--install-hooks", "--overwrite",
    "-c", "-f", "-h",
]
valued = ["--hook-type", "-t"]

[[command.sub]]
name = "uninstall"
level = "SafeWrite"
bare = true
standalone = ["--config", "--help", "-c", "-h"]
valued = ["--hook-type", "-t"]

[[command.sub]]
name = "install-hooks"
level = "SafeWrite"
bare = true
standalone = ["--config", "--help", "-c", "-h"]

[[command.sub]]
name = "autoupdate"
level = "SafeWrite"
bare = true
standalone = [
    "--bleeding-edge", "--config",
    "--dry-run", "--freeze",
    "--help", "--jobs",
    "-c", "-h", "-j",
]
valued = ["--repo"]

[[command.sub]]
name = "validate-config"
level = "SafeRead"
bare = false
tolerate_unknown_short = true
standalone = ["--help", "-h"]

[[command.sub]]
name = "validate-manifest"
level = "SafeRead"
bare = false
tolerate_unknown_short = true
standalone = ["--help", "-h"]

[[command.sub]]
name = "sample-config"
level = "SafeRead"
bare = true
standalone = ["--help", "-h"]

[[command.sub]]
name = "gc"
level = "SafeWrite"
bare = true
standalone = ["--help", "-h"]

[[command.sub]]
name = "clean"
level = "SafeWrite"
bare = true
standalone = ["--help", "-h"]

[[command.sub]]
name = "help"
allow_all = true

[[command.sub]]
name = "run"
candidate = true

[[command.sub]]
name = "hook-impl"
candidate = true

[[command.sub]]
name = "try-repo"
candidate = true

[[command.sub]]
name = "init-templatedir"
candidate = true

[[command.sub]]
name = "migrate-config"
candidate = true