git

package
v0.12.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 11, 2026 License: MIT Imports: 2 Imported by: 0

Documentation

Overview

Package git implements the "safe git" wrapper: it parses a git argv and reports known-dangerous invocations so the command layer can refuse them.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Check

func Check(argv []string) []safe.Violation

Check parses argv and returns a safe.Violation for every matched rule, in Rules() order. A nil/empty result means the invocation is allowed. (internal/safe/git imports internal/safe; safe does not import git, so there is no package cycle.)

Types

type GlobalOpt

type GlobalOpt struct {
	Name  string
	Value string
}

GlobalOpt is a git global option appearing before the subcommand, e.g. {Name: "-c", Value: "core.hooksPath=/dev/null"} or {Name: "-p"}.

type Invocation

type Invocation struct {
	Global     []GlobalOpt
	Subcommand string
	Args       []string
}

Invocation is a git command line split into its global options, the subcommand, and the subcommand's own arguments (flags and positionals).

func Parse

func Parse(argv []string) Invocation

Parse splits argv into global options followed by the first non-global token (the subcommand) and its remaining args.

type Rule

type Rule struct {
	ID      string
	Message string
	Match   func(inv Invocation) bool
}

Rule is one entry in the semantic denylist. Match reports whether the parsed invocation is refused; Message is the human-readable reason surfaced to the user; ID is a stable key for tests and diagnostics.

func Rules

func Rules() []Rule

Rules returns the semantic denylist, a port of the agent-sandbox.toml git drop patterns with two deliberate differences: --force-with-lease is allowed, and -c hook/signature bypasses are detected.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL