Goal
Add built-in deterministic checks for common local policy needs that do not require custom tools after the configured deterministic command layer is in place.
User value
Teams can adopt useful local guardrails quickly, even before wiring stack-specific lint/test commands.
Implementation notes
- Treat this as an optional expansion after the v2 deterministic command-check layer is stable.
- Consider built-ins for forbidden files, forbidden paths, secret patterns, large files, binary files, generated files, and diff size.
- Make each built-in configurable as
blocking or warning.
- Keep built-ins focused on local push decisions and actionable local output.
- Keep false-positive messages actionable.
Risks / tradeoffs
- Secret and forbidden-file checks can generate false positives.
- Too many built-ins may make the product feel like a generic policy engine instead of a focused push gate.
Suggested priority
P2
Milestone
M1: Deterministic local gate
TBD considerations
- Privacy/security policy for secret redaction before local AI calls.
- Which built-ins are default-on vs template examples only.
Acceptance criteria
- At least diff size and forbidden file/path checks are implemented if this optional expansion is scheduled.
- Built-ins are covered by integration tests.
- Blocking and warning behavior is explicit in local output.
Goal
Add built-in deterministic checks for common local policy needs that do not require custom tools after the configured deterministic command layer is in place.
User value
Teams can adopt useful local guardrails quickly, even before wiring stack-specific lint/test commands.
Implementation notes
blockingorwarning.Risks / tradeoffs
Suggested priority
P2
Milestone
M1: Deterministic local gate
TBD considerations
Acceptance criteria