safe-chains 0.197.0

Auto-allow safe bash commands in agentic coding tools
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163

[[command]]
name = "yes"
aliases = ["gyes"]
description = "Repeatedly prints a string (default: 'y') to stdout until killed. Pure stdout producer; no filesystem writes, no network. POSIX/coreutils; frozen surface."
url = "https://www.gnu.org/software/coreutils/manual/coreutils.html#yes-invocation"
researched_version = "GNU coreutils 9.7"
level = "Inert"
bare = true
standalone = ["--help", "--version"]

[[command]]
name = "tee"
aliases = ["gtee"]
description = "Reads from stdin and writes to stdout AND to each named file. Writes local files only (does not access network or invoke other programs). -a/--append extends rather than truncates. Part of GNU coreutils; surface frozen for decades."
url = "https://www.gnu.org/software/coreutils/manual/coreutils.html#tee-invocation"
researched_version = "GNU coreutils 9.7"
level = "SafeWrite"
bare = true
standalone = [
    "--append", "--help", "--ignore-interrupts", "--output-error",
    "--version",
    "-a", "-i", "-p",
]

[[command]]
name = "tsort"
aliases = ["gtsort"]
description = "Performs topological sort on whitespace-separated pairs of names from stdin or a file. Pure read-only computation; writes ordered output to stdout. POSIX/coreutils."
url = "https://www.gnu.org/software/coreutils/manual/coreutils.html#tsort-invocation"
researched_version = "GNU coreutils 9.7"
level = "Inert"
bare = true
max_positional = 1
standalone = ["--help", "--version"]

[[command]]
name = "nohup"
aliases = ["gnohup"]
description = "Runs a command immune to SIGHUP, redirecting stdout/stderr to nohup.out (or specified file) if attached to a terminal. Wraps an inner command; safety depends on the inner command. POSIX/coreutils."
url = "https://www.gnu.org/software/coreutils/manual/coreutils.html#nohup-invocation"
researched_version = "GNU coreutils 9.7"
[command.wrapper]
standalone = ["--help", "--version"]

[[command]]
name = "join"
aliases = ["gjoin"]
description = "Performs a relational join on two sorted files based on a common field. Read-only: reads both files and writes joined records to stdout. POSIX/coreutils; surface frozen."
url = "https://www.gnu.org/software/coreutils/manual/coreutils.html#join-invocation"
researched_version = "GNU coreutils 9.7"
level = "Inert"
bare = false
standalone = [
    "--check-order", "--header", "--help", "--ignore-case",
    "--nocheck-order", "--version", "--zero-terminated",
    "-V", "-h", "-i", "-z",
]
valued = [
    "--empty", "--output-delimiter",
    "-1", "-2", "-a", "-e", "-j", "-o", "-t", "-v",
]

[[command]]
name = "dircolors"
aliases = ["gdircolors"]
description = "Outputs shell commands to set LS_COLORS from a configuration file or built-in defaults. Pure stdout producer; no filesystem writes. Coreutils."
url = "https://www.gnu.org/software/coreutils/manual/coreutils.html#dircolors-invocation"
researched_version = "GNU coreutils 9.7"
level = "Inert"
bare = true
standalone = [
    "--bourne-shell", "--c-shell", "--csh", "--help", "--print-database",
    "--print-ls-colors", "--sh", "--version",
    "-V", "-b", "-c", "-h", "-p",
]

[[command]]
name = "shred"
aliases = ["gshred"]
description = "Overwrites files repeatedly to make recovery harder, optionally removing them. Destructive local-filesystem write; safety level reflects that. -u removes the file after overwriting. Coreutils."
url = "https://www.gnu.org/software/coreutils/manual/coreutils.html#shred-invocation"
researched_version = "GNU coreutils 9.7"
level = "SafeWrite"
bare = false
standalone = [
    "--exact", "--force", "--help", "--remove", "--verbose",
    "--version", "--zero",
    "-f", "-u", "-v", "-x", "-z",
]
valued = ["--iterations", "--random-source", "--size", "-n", "-s"]

[[command]]
name = "ptx"
aliases = ["gptx"]
description = "Produces a permuted (KWIC) index of input. Read-only filter to stdout. Coreutils; frozen surface."
url = "https://www.gnu.org/software/coreutils/manual/coreutils.html#ptx-invocation"
researched_version = "GNU coreutils 9.7"
level = "Inert"
bare = true
standalone = [
    "--auto-reference", "--flag-truncation", "--help",
    "--ignore-case", "--references", "--version",
    "-A", "-G", "-O", "-T", "-f", "-r",
]
valued = [
    "--break-file", "--gap-size", "--ignore-file",
    "--macro-name", "--only-file", "--sentence-regexp",
    "--width", "--word-regexp", "--format",
    "-F", "-M", "-S", "-W", "-b", "-g", "-i", "-o", "-w",
]

[[command]]
name = "pr"
aliases = ["gpr"]
description = "Paginates and formats text for printing, with options for headers, columns, line numbering, and double-spacing. Read-only filter to stdout. Coreutils."
url = "https://www.gnu.org/software/coreutils/manual/coreutils.html#pr-invocation"
researched_version = "GNU coreutils 9.7"
level = "Inert"
bare = true
tolerate_unknown_short = true
standalone = [
    "--double-space", "--expand-tabs", "--first-line-number", "--form-feed",
    "--help", "--join-lines", "--merge", "--no-file-warnings",
    "--number-lines", "--omit-header", "--omit-pagination",
    "--page-width", "--pages", "--show-control-chars",
    "--show-nonprinting", "--show-tabs", "--version",
    "-F", "-J", "-T", "-V", "-d", "-f", "-h", "-l", "-m", "-r", "-t", "-v",
]
valued = [
    "--columns", "--header", "--indent", "--length",
    "--separator", "--sep-string", "--width",
    "-N", "-S", "-W", "-e", "-i", "-n", "-o", "-s", "-w",
]

[[command]]
name = "stdbuf"
description = "Runs an inner command with adjusted stdio buffering. The wrapper itself only sets buffering; safety depends on the inner command. Coreutils."
url = "https://www.gnu.org/software/coreutils/manual/coreutils.html#stdbuf-invocation"
researched_version = "GNU coreutils 9.7"
[command.wrapper]
standalone = ["--help", "--version"]
valued = ["--error", "--input", "--output", "-e", "-i", "-o"]

[[command]]
name = "tput"
description = "Looks up terminfo capabilities and outputs the corresponding escape sequence or numeric value. Read-only terminfo lookup; writes the result to stdout. ncurses utility, very stable."
url = "https://man7.org/linux/man-pages/man1/tput.1.html"
researched_version = "ncurses 6.x"
level = "Inert"
bare = false
tolerate_unknown_short = true
standalone = ["-S", "-V"]
valued = ["-T"]

[[command]]
name = "ul"
description = "Translates underscores and backspaces in input into the terminal's underline sequences. Read-only stdin-to-stdout filter; never modifies files. util-linux."
url = "https://man7.org/linux/man-pages/man1/ul.1.html"
researched_version = "util-linux 2.40"
level = "Inert"
bare = true
standalone = ["--help", "--version", "-V", "-h", "-i"]
valued = ["--terminal", "-t"]