From e61b591ccf4988b9d3faf7c4a7b818754543ae47 Mon Sep 17 00:00:00 2001 From: Michael Mayer Date: Sun, 10 May 2026 12:20:30 +0000 Subject: [PATCH] Rules: Note subrepo committer-identity workaround in safety rule --- .claude/rules/safety-and-security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.claude/rules/safety-and-security.md b/.claude/rules/safety-and-security.md index f73f9edd2..a029bf500 100644 --- a/.claude/rules/safety-and-security.md +++ b/.claude/rules/safety-and-security.md @@ -1,7 +1,7 @@ ## Safety & Data - If `git status` shows unexpected changes, assume a human might be editing; ask before using reset commands like `git checkout` or `git reset`. -- Do not run `git config` (global or repo-level); changing Git configuration is prohibited for agents. +- Do not run `git config` (global or repo-level); changing Git configuration is prohibited for agents. Nested subrepos (e.g. `specs/`) may lack a configured committer identity — pass `-c user.email=… -c user.name=…` to the specific `git commit` invocation rather than configuring the repo. - Do not run destructive commands against production data. Prefer ephemeral volumes and test fixtures for acceptance tests. - Never commit secrets, local configurations, or cache files. Use environment variables or a local `.env`. Ensure `.env`, `.config`, `.local`, `.codex`, and `.gocache` are in `.gitignore` and `.dockerignore`. - Prefer existing caches, workers, and batching strategies in code and `Makefile`. Consider memory/CPU impact of changes; only suggest benchmarks or profiling when justified.