chain-studio/.githooks/commit-msg
flemming-it 01f3f773cf ci(hooks): pre-commit security check (mirror of fai/platform)
Mirrors the hook + script from `fai/platform`@1ebf893 verbatim
so commits to fai_studio go through the same gate: secrets,
forbidden filenames, confidentiality references, marketing-
speak, DCO sign-off, Conventional Commits subject, no Claude
co-author trailer.

A `.security-allow` file at the repo root extends the script's
universal excludes with three Studio-specific paths whose
content legitimately includes the filtered terms — the
Today-Hero proposal pipeline (LLM prompt + accept gate), its
runtime loader equivalent, and its operator-facing policy doc.

No CI mirror yet — Studio doesn't have a Forgejo workflow
(Flutter-on-DinD is a chunk of work). The local hook is the
gate for now; CI mirror follows when Flutter CI lands.

Activate once with `bash tools/install-hooks.sh`.

Signed-off-by: flemming-it <stefan.a.flemming@googlemail.com>
2026-05-09 13:32:26 +02:00

5 lines
268 B
Bash
Executable file

#!/usr/bin/env bash
# F∆I Platform — commit-msg hook.
# Validates the commit message: Conventional Commits subject, DCO
# sign-off, no Claude co-author trailer, no banned phrases.
exec "$(git rev-parse --show-toplevel)/tools/security/check-staged.sh" message "$1"