-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.dippy
More file actions
39 lines (35 loc) · 970 Bytes
/
.dippy
File metadata and controls
39 lines (35 loc) · 970 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# .dippy
# Let normal read / inspect commands flow
allow ls
allow pwd
allow cat
allow sed
allow grep
allow rg
allow find
allow jq
# allow git workflow
allow git status
allow git diff
allow git log
allow git add
allow git add -p
allow git commit
allow git show
allow git restore --staged
# Let normal monorepo validation commands flow
allow pnpm --filter * typecheck
allow pnpm --filter * test
allow pnpm --filter * lint
allow pnpm biome *
allow pnpm tsc *
allow pnpm vitest *
allow pnpm jest *
# Keep obviously risky things gated
deny rm -rf "Use trash or ask first before deleting recursively"
deny git push --force "Force push requires review"
deny git reset --hard "Hard reset requires review"
deny pnpm publish "Publishing should always be confirmed"
deny npm publish "Publishing should always be confirmed"
deny-redirect **/.env* "Never write secrets into env files automatically"
deny-redirect **/.env.local* "Never write secrets into env files automatically"