Mirrors the hook + script from `fai/platform`@1ebf893 verbatim so commits to fai_studio go through the same gate: secrets, forbidden filenames, confidentiality references, marketing- speak, DCO sign-off, Conventional Commits subject, no Claude co-author trailer. A `.security-allow` file at the repo root extends the script's universal excludes with three Studio-specific paths whose content legitimately includes the filtered terms — the Today-Hero proposal pipeline (LLM prompt + accept gate), its runtime loader equivalent, and its operator-facing policy doc. No CI mirror yet — Studio doesn't have a Forgejo workflow (Flutter-on-DinD is a chunk of work). The local hook is the gate for now; CI mirror follows when Flutter CI lands. Activate once with `bash tools/install-hooks.sh`. Signed-off-by: flemming-it <stefan.a.flemming@googlemail.com>
6 lines
350 B
Bash
Executable file
6 lines
350 B
Bash
Executable file
#!/usr/bin/env bash
|
|
# F∆I Platform — pre-commit hook.
|
|
# Activated via `tools/install-hooks.sh` (sets core.hooksPath=.githooks).
|
|
# Scans staged files for secrets, banned phrases, forbidden filenames.
|
|
# Same script runs in Forgejo CI — see .forgejo/workflows/ci.yml.
|
|
exec "$(git rev-parse --show-toplevel)/tools/security/check-staged.sh" content
|