bb60c5bbe7
- Add githooks/README.md with step-by-step symlink instructions - Explain git config core.hooksPath setup and usage - Document bypass and what the hook checks - Completes acceptance criterion #4 for #338 Closes #338
1.6 KiB
Git Hooks
Pre-commit hooks extracted from the hermes-agent fork. These hooks run automated checks before each commit.
Installation
To use these hooks in any repository, set the core.hooksPath to this directory:
git config core.hooksPath /path/to/timmy-config/hermes-sovereign/githooks
The path should be absolute or relative to the repository root. For example, if timmy-config is cloned alongside your project:
# From your project root
git config core.hooksPath ../timmy-config/hermes-sovereign/githooks
Once configured, Git will execute the hooks from this directory whenever you run git commit in that repository.
Hooks
| Hook | Description |
|---|---|
pre-commit |
Wrapper that invokes pre-commit.py for secret leak detection |
pre-commit.py |
Scans staged diffs and file contents for secrets, tokens, private keys, and credential patterns |
Bypass
To skip hooks for a single commit (use sparingly):
git commit --no-verify -m "Your message"
What the Hook Checks
The pre-commit hook scans staged changes for:
- API tokens and service keys
- Private keys and certificates
- Hardcoded credentials and passwords
- Known secret file paths and patterns
If a potential secret is detected, the commit is blocked and a Finding is printed to stderr.
Updating
Commit changes to this directory directly in timmy-config. Any repository using these hooks will automatically pick up updates the next time they pull changes to this directory (the hooks themselves are read fresh on each commit).