safe-chains 0.127.0

Auto-allow safe, read-only bash commands in agentic coding tools
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90

[[command]]
name = "go"
url = "https://pkg.go.dev/cmd/go"
bare_flags = ["--help", "--version", "-V", "-h"]

[[command.sub]]
name = "build"
level = "SafeWrite"
bare = false
standalone = [
    "--help",
    "-a", "-asan", "-cover", "-h", "-linkshared", "-modcacherw",
    "-msan", "-n", "-race", "-trimpath", "-v", "-work", "-x",
]
valued = [
    "-asmflags", "-buildmode", "-buildvcs", "-compiler", "-covermode",
    "-coverpkg", "-gccgoflags", "-gcflags", "-installsuffix",
    "-ldflags", "-mod", "-modfile", "-o", "-overlay", "-p",
    "-pgo", "-pkgdir", "-tags",
]

[[command.sub]]
name = "doc"
standalone = ["--help", "-all", "-c", "-cmd", "-h", "-short", "-src", "-u"]

[[command.sub]]
name = "env"
standalone = ["--help", "-h", "-json"]

[[command.sub]]
name = "help"
allow_all = true

[[command.sub]]
name = "list"
standalone = [
    "--help",
    "-a", "-asan", "-compiled", "-cover", "-deps", "-e", "-export",
    "-find", "-h", "-linkshared", "-m", "-modcacherw", "-msan", "-n",
    "-race", "-retract", "-test", "-trimpath", "-u", "-v",
    "-versions", "-work", "-x",
]
valued = [
    "-asmflags", "-buildmode", "-buildvcs", "-compiler", "-covermode",
    "-coverpkg", "-f", "-gccgoflags", "-gcflags", "-installsuffix",
    "-json", "-ldflags", "-mod", "-modfile", "-overlay", "-p",
    "-pgo", "-pkgdir", "-reuse", "-tags",
]

[[command.sub]]
name = "test"
level = "SafeRead"
bare = false
standalone = [
    "--help",
    "-a", "-asan", "-benchmem", "-cover", "-failfast", "-h", "-json",
    "-linkshared", "-modcacherw", "-msan", "-n", "-race",
    "-short", "-trimpath", "-v", "-work", "-x",
]
valued = [
    "-asmflags", "-bench", "-benchtime", "-blockprofile",
    "-blockprofilerate", "-buildmode", "-buildvcs", "-compiler",
    "-count", "-covermode", "-coverpkg", "-coverprofile",
    "-cpu", "-cpuprofile", "-fuzz", "-fuzzminimizetime", "-fuzztime",
    "-gccgoflags", "-gcflags", "-installsuffix",
    "-ldflags", "-list", "-memprofile", "-memprofilerate",
    "-mod", "-modfile", "-mutexprofile", "-mutexprofilefraction",
    "-o", "-outputdir", "-overlay", "-p", "-parallel",
    "-pgo", "-pkgdir", "-run", "-shuffle", "-skip",
    "-tags", "-timeout", "-trace",
]

[[command.sub]]
name = "version"
standalone = ["--help", "-h", "-m", "-v"]

[[command.sub]]
name = "vet"
level = "SafeRead"
standalone = [
    "--help",
    "-a", "-asan", "-cover", "-h", "-json", "-linkshared", "-modcacherw",
    "-msan", "-n", "-race", "-trimpath", "-v", "-work", "-x",
]
valued = [
    "-asmflags", "-buildmode", "-buildvcs", "-c", "-compiler",
    "-covermode", "-coverpkg", "-gccgoflags", "-gcflags",
    "-installsuffix", "-ldflags", "-mod", "-modfile", "-overlay",
    "-p", "-pgo", "-pkgdir", "-tags",
]