From e7c29c62c32b177269b536797e5794f12f8523b6 Mon Sep 17 00:00:00 2001
From: Flo <g-gitlab@zeidler.ms>
Date: Mon, 30 Mar 2026 23:51:27 +0200
Subject: [PATCH] fix: safety gate defaults to no, fix gemini CLI syntax
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Change prompt default from Y to N so users must explicitly opt in.
Fix gemini command to use -p flag for non-interactive stdin mode.
Consolidate review prompt text into a variable.

Closes: #11

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 git-harden.sh | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/git-harden.sh b/git-harden.sh
index 7236f31..2ae25fc 100755
--- a/git-harden.sh
+++ b/git-harden.sh
@@ -944,16 +944,13 @@ safety_review_gate() {
     printf '  Before running scripts that modify your system configuration,\n' >&2
     printf '  you should review them with a tool you trust.\n\n' >&2
 
-    if ! prompt_yn "Have you reviewed this script (or had an AI assistant review it) for safety?"; then
+    if ! prompt_yn "Have you reviewed this script (or had an AI assistant review it) for safety?" "n"; then
+        local review_prompt="Review this shell script for security issues. Check that it only modifies git and SSH config, makes no network calls, and does not exfiltrate data. List every file it writes to."
         printf '\n  You can review this script by piping it to an AI coding assistant:\n\n' >&2
         printf '  %bClaude Code:%b\n' "$BOLD" "$RESET" >&2
-        printf '    cat "%s" | claude "Review this shell script for security issues.\n' "$script_path" >&2
-        printf '    Check that it only modifies git and SSH config, makes no network\n' >&2
-        printf '    calls, and does not exfiltrate data. List every file it writes to."\n\n' >&2
+        printf '    cat "%s" | claude "%s"\n\n' "$script_path" "$review_prompt" >&2
         printf '  %bGemini CLI:%b\n' "$BOLD" "$RESET" >&2
-        printf '    cat "%s" | gemini "Review this shell script for security issues.\n' "$script_path" >&2
-        printf '    Check that it only modifies git and SSH config, makes no network\n' >&2
-        printf '    calls, and does not exfiltrate data. List every file it writes to."\n\n' >&2
+        printf '    cat "%s" | gemini -p "%s"\n\n' "$script_path" "$review_prompt" >&2
         printf '  %bManual review:%b\n' "$BOLD" "$RESET" >&2
         printf '    less "%s"\n\n' "$script_path" >&2
         exit 0