Mirrors the hook + script from `fai/platform`@1ebf893 verbatim so commits to fai_studio go through the same gate: secrets, forbidden filenames, confidentiality references, marketing- speak, DCO sign-off, Conventional Commits subject, no Claude co-author trailer. A `.security-allow` file at the repo root extends the script's universal excludes with three Studio-specific paths whose content legitimately includes the filtered terms — the Today-Hero proposal pipeline (LLM prompt + accept gate), its runtime loader equivalent, and its operator-facing policy doc. No CI mirror yet — Studio doesn't have a Forgejo workflow (Flutter-on-DinD is a chunk of work). The local hook is the gate for now; CI mirror follows when Flutter CI lands. Activate once with `bash tools/install-hooks.sh`. Signed-off-by: flemming-it <stefan.a.flemming@googlemail.com>
15 lines
811 B
Text
15 lines
811 B
Text
# Studio-specific paths that legitimately mention banned phrases or
|
|
# confidentiality terms, beyond the universal `tools/security/` and
|
|
# `.githooks/` excludes baked into the security script.
|
|
#
|
|
# `tools/today/` — the Today-Hero proposal pipeline runs an LLM under
|
|
# a prompt that explicitly lists banned words; the
|
|
# accept-script implements a banned-words gate. Both
|
|
# files MUST contain the verbatim words.
|
|
# `lib/data/today_story_loader.dart` — the runtime banned-words gate
|
|
# that double-checks accepted stories at load time.
|
|
# `docs/today-pipeline.md` — the operator-facing policy doc that
|
|
# documents the gate, including the verbatim list.
|
|
tools/today/
|
|
lib/data/today_story_loader.dart
|
|
docs/today-pipeline.md
|