Concern (parked from S180 hooks close-out, DPLAN-0190)
aipass init will ship .aipass/hooks.json with all 14 hooks enabled, including the security gates (git_gate, edit_gate, subagent_gate).
Decision (Patrick, S180): git enforcement stays ON by default for everyone. It is binary — on/off, not per-command-selectable. Rationale: agents still reflexively reach for raw git (training bias), so without the gate an external user's agents would silently mix raw git + drone commands → state chaos (divergence, accidental main pushes, broken sync/rebase). We have lived through this. Blocking + a clear warning is safer than giving options that break a system the user doesn't yet understand. Project still in beta, going against the grain deliberately.
This is NOT a blocker. Hooks ship all-enabled as planned. This issue captures refinements to revisit later:
Surfaced during live testing: git_gate correctly blocks raw git from an external project's CWD via the bridge. The mechanism works — this is purely about UX/onboarding clarity for non-AIPass users.
Related: DPLAN-0190 (hooks close-out), DPLAN-0184 (hook engine), #605 (pre_edit_gate path detection).
Concern (parked from S180 hooks close-out, DPLAN-0190)
aipass initwill ship.aipass/hooks.jsonwith all 14 hooks enabled, including the security gates (git_gate,edit_gate,subagent_gate).Decision (Patrick, S180): git enforcement stays ON by default for everyone. It is binary — on/off, not per-command-selectable. Rationale: agents still reflexively reach for raw git (training bias), so without the gate an external user's agents would silently mix raw git + drone commands → state chaos (divergence, accidental main pushes, broken sync/rebase). We have lived through this. Blocking + a clear warning is safer than giving options that break a system the user doesn't yet understand. Project still in beta, going against the grain deliberately.
This is NOT a blocker. Hooks ship all-enabled as planned. This issue captures refinements to revisit later:
drone @gitcommands, and point to the orchestrator / devpulse / drone agent to investigate the correct flow for their setup.git_gatebe disabled in isolation via.aipass/hooks.json(enabled: false) without breaking sync/rebase/PR flows? Untested — needs verification.Surfaced during live testing: git_gate correctly blocks raw git from an external project's CWD via the bridge. The mechanism works — this is purely about UX/onboarding clarity for non-AIPass users.
Related: DPLAN-0190 (hooks close-out), DPLAN-0184 (hook engine), #605 (pre_edit_gate path detection).