a4e667de10
Single-commit clean baseline after security scrub of niche-tells, project codenames, internal jargon, and contributor-email leaks. Contents: - 100 Rust crates (_primitives/_rust/) - 37 agent manifests (_manifests/) + generated specs (_generated/) - 67 user-invocable skills (skills/) - 33 hooks (hooks/) - Composition blocks (_blocks/) - Documentation (docs/, README.md) - TS adapter packages (_ts_packages/) - Assembler (_assembler/) - Roles (_roles/) - Templates (_templates/) - Forgejo CI (.forgejo/) Author: Denis Parfionovich <info@greendragon.info> License: see LICENSE.
1.2 KiB
Bash — allowlist gate
You MAY use Bash, but only for commands that match this allowlist.
Anything else is blocked at the gate.
Default-allowed command prefixes:
cargo ...— build, check, test, fmt, clippy, runrustc ...— direct compilation probesrustup ...— toolchain inspectionmkdir ...— create directories inside the worktreels ...— directory listingpwd— print working directoryrm -rf /tmp/...— cleanup under/tmponly
Everything else is denied, including (non-exhaustive): git,
gh, curl, wget, npm, pip, python, node, bash -c,
sudo, sh, env VAR=..., docker, kubectl, ssh, scp,
process-tree manipulation, and compound commands that chain an
allowed prefix with a denied one via ;, &&, ||, or pipes.
The gate inspects the full command string. Do not try to hide a
denied call behind a heredoc, variable expansion, or xargs. If
you need a tool that is not on the allowlist, STOP and describe
the need in your return — the orchestrator will either widen the
role or handle the step directly.
Prefer dedicated tools over Bash whenever possible: Read/Write
for files, Glob/Grep for search.