gogcli

History

Drew Burchfield 46900109e0 fix(safety): compile baked policy to code to resist binary tampering Compile baked safety-profile policies into generated hash switches so the raw allow/deny rule strings are no longer embedded as a patchable YAML blob. Verification before merge: - `go test ./cmd/bake-safety-profile ./internal/safetyprofile ./internal/cmd` - `make lint` - `./build-safe.sh safety-profiles/agent-safe.yaml -o bin/gog-agent-safe-review` - `./build-safe.sh safety-profiles/readonly.yaml -o bin/gog-readonly-review` - runtime block checks for agent-safe and readonly baked binaries Co-authored-by: drewburchfield <drewburchfield@gmail.com>	2026-05-04 05:55:05 +01:00
..
main_test.go	fix(safety): compile baked policy to code to resist binary tampering	2026-05-04 05:55:05 +01:00
main.go	fix(safety): compile baked policy to code to resist binary tampering	2026-05-04 05:55:05 +01:00

Drew Burchfield 46900109e0

fix(safety): compile baked policy to code to resist binary tampering

Compile baked safety-profile policies into generated hash switches so the raw allow/deny rule strings are no longer embedded as a patchable YAML blob.

Verification before merge:
- `go test ./cmd/bake-safety-profile ./internal/safetyprofile ./internal/cmd`
- `make lint`
- `./build-safe.sh safety-profiles/agent-safe.yaml -o bin/gog-agent-safe-review`
- `./build-safe.sh safety-profiles/readonly.yaml -o bin/gog-readonly-review`
- runtime block checks for agent-safe and readonly baked binaries

Co-authored-by: drewburchfield <drewburchfield@gmail.com>

2026-05-04 05:55:05 +01:00

main_test.go

fix(safety): compile baked policy to code to resist binary tampering

2026-05-04 05:55:05 +01:00

main.go

fix(safety): compile baked policy to code to resist binary tampering

2026-05-04 05:55:05 +01:00