mirror of
https://github.com/dense-analysis/ale.git
synced 2026-05-17 22:09:47 +08:00
Add Codex configuration blocking git writes
CI / Build (push) Has been cancelled
CI / Neovim 0.10 Windows (push) Has been cancelled
CI / Neovim 0.12 Windows (push) Has been cancelled
CI / Vim 8.2 Windows (push) Has been cancelled
CI / Vim 9.2 Windows (push) Has been cancelled
CI / Lint (push) Has been cancelled
CI / Lua (push) Has been cancelled
CI / Neovim 0.10 Linux (push) Has been cancelled
CI / Neovim 0.12 Linux (push) Has been cancelled
CI / Vim 8.2 Linux (push) Has been cancelled
CI / Vim 9.2 Linux (push) Has been cancelled
CI / Build (push) Has been cancelled
CI / Neovim 0.10 Windows (push) Has been cancelled
CI / Neovim 0.12 Windows (push) Has been cancelled
CI / Vim 8.2 Windows (push) Has been cancelled
CI / Vim 9.2 Windows (push) Has been cancelled
CI / Lint (push) Has been cancelled
CI / Lua (push) Has been cancelled
CI / Neovim 0.10 Linux (push) Has been cancelled
CI / Neovim 0.12 Linux (push) Has been cancelled
CI / Vim 8.2 Linux (push) Has been cancelled
CI / Vim 9.2 Linux (push) Has been cancelled
This commit is contained in:
w0rp
@@ -0,0 +1,90 @@
|
||||
# Forbid Codex from changing Git repository state in this project.
|
||||
#
|
||||
# Read-only Git inspection, such as `git status`, `git diff`, `git log`, and
|
||||
# `git show`, is intentionally not matched by this policy.
|
||||
|
||||
prefix_rule(
|
||||
pattern = ["git", [
|
||||
"add",
|
||||
"am",
|
||||
"apply",
|
||||
"bisect",
|
||||
"branch",
|
||||
"checkout",
|
||||
"cherry-pick",
|
||||
"clean",
|
||||
"commit",
|
||||
"fetch",
|
||||
"merge",
|
||||
"mv",
|
||||
"notes",
|
||||
"pull",
|
||||
"push",
|
||||
"rebase",
|
||||
"reflog",
|
||||
"replace",
|
||||
"reset",
|
||||
"restore",
|
||||
"revert",
|
||||
"rm",
|
||||
"stash",
|
||||
"submodule",
|
||||
"switch",
|
||||
"tag",
|
||||
"update-index",
|
||||
"update-ref",
|
||||
"worktree",
|
||||
]],
|
||||
decision = "forbidden",
|
||||
justification = "Git commands that change the index, refs, branches, remotes, commits, or working tree are reserved for the user.",
|
||||
match = [
|
||||
"git add .",
|
||||
"git commit -m test",
|
||||
"git pull --rebase",
|
||||
"git reset --hard HEAD",
|
||||
"git restore --staged AGENTS.md",
|
||||
],
|
||||
not_match = [
|
||||
"git diff -- AGENTS.md",
|
||||
"git log --oneline -5",
|
||||
"git show HEAD",
|
||||
"git status --short",
|
||||
],
|
||||
)
|
||||
|
||||
prefix_rule(
|
||||
pattern = ["git", [
|
||||
"-C",
|
||||
"-c",
|
||||
"--bare",
|
||||
"--config-env",
|
||||
"--exec-path",
|
||||
"--git-dir",
|
||||
"--git-dir=.git",
|
||||
"--git-dir=/home/w0rp/ale/.git",
|
||||
"--namespace",
|
||||
"--no-optional-locks",
|
||||
"--no-pager",
|
||||
"--paginate",
|
||||
"-P",
|
||||
"--super-prefix",
|
||||
"--work-tree",
|
||||
"--work-tree=.",
|
||||
"--work-tree=/home/w0rp/ale",
|
||||
]],
|
||||
decision = "forbidden",
|
||||
justification = "Git global options can obscure or bypass repository state changes; run read-only Git commands from the repository root instead.",
|
||||
match = [
|
||||
"git -C /home/w0rp/ale status --short",
|
||||
"git --git-dir .git status",
|
||||
"git --git-dir=.git status",
|
||||
"git --no-pager add .",
|
||||
"git --work-tree . status",
|
||||
],
|
||||
not_match = [
|
||||
"git diff -- AGENTS.md",
|
||||
"git log --oneline -5",
|
||||
"git show HEAD",
|
||||
"git status --short",
|
||||
],
|
||||
)
|
||||
Reference in New Issue
Block a user