florian/git-hardening
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: safety gate defaults to no, fix gemini CLI syntax

Browse Source 
Change prompt default from Y to N so users must explicitly opt in.
Fix gemini command to use -p flag for non-interactive stdin mode.
Consolidate review prompt text into a variable.

Closes: #11

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Flo
2026-03-30 23:51:27 +02:00
parent 6dd2e6aec8
commit e7c29c62c3
1 changed files with 4 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
git-harden.sh
View File

@@ -944,16 +944,13 @@ safety_review_gate() {
printf ' Before running scripts that modify your system configuration,\n' >&2 printf ' Before running scripts that modify your system configuration,\n' >&2
printf ' you should review them with a tool you trust.\n\n' >&2 printf ' you should review them with a tool you trust.\n\n' >&2
if ! prompt_yn "Have you reviewed this script (or had an AI assistant review it) for safety?"; then if ! prompt_yn "Have you reviewed this script (or had an AI assistant review it) for safety?" "n"; then
local review_prompt="Review this shell script for security issues. Check that it only modifies git and SSH config, makes no network calls, and does not exfiltrate data. List every file it writes to."
printf '\n You can review this script by piping it to an AI coding assistant:\n\n' >&2 printf '\n You can review this script by piping it to an AI coding assistant:\n\n' >&2
printf ' %bClaude Code:%b\n' "$BOLD" "$RESET" >&2 printf ' %bClaude Code:%b\n' "$BOLD" "$RESET" >&2
printf ' cat "%s" | claude "Review this shell script for security issues.\n' "$script_path" >&2 printf ' cat "%s" | claude "%s"\n\n' "$script_path" "$review_prompt" >&2
printf ' Check that it only modifies git and SSH config, makes no network\n' >&2
printf ' calls, and does not exfiltrate data. List every file it writes to."\n\n' >&2
printf ' %bGemini CLI:%b\n' "$BOLD" "$RESET" >&2 printf ' %bGemini CLI:%b\n' "$BOLD" "$RESET" >&2
printf ' cat "%s" | gemini "Review this shell script for security issues.\n' "$script_path" >&2 printf ' cat "%s" | gemini -p "%s"\n\n' "$script_path" "$review_prompt" >&2
printf ' Check that it only modifies git and SSH config, makes no network\n' >&2
printf ' calls, and does not exfiltrate data. List every file it writes to."\n\n' >&2
printf ' %bManual review:%b\n' "$BOLD" "$RESET" >&2 printf ' %bManual review:%b\n' "$BOLD" "$RESET" >&2
printf ' less "%s"\n\n' "$script_path" >&2 printf ' less "%s"\n\n' "$script_path" >&2
exit 0 exit 0